Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 354
  • Last Modified:

NT4 to AD 2003 Migration

After much deciding i have bitten the bullet and decided to do the migration. I have a question thoe i set up a test bed. I built a fresh nt4 bdc on a box replicated with the domain took it onto my test network, prometed to pdc then just put the win2003 cd in and followed the wizzards, I now have an migrated 2003 ad network(all be it small) with everything appears to have migrated across with no problems. I have taken a couple of workstations off the normal domain plugged them into the test bed and log in. the first time they log in it takes about 5 minsas they update there info and move across to the new domain, dynmic dns works fine. Now to me that seemed to easy and once a box has logged onto the ad its no way back. I dont want to just put it live and have 200 pcs connect to ad reconfig themselevs only to find a problem and then its to late. Also is there any problems with have 2k member servers? I have done 2k ad migrations a long time ago and they were no where near as easy as this.

cheers
0
blackcs
Asked:
blackcs
  • 2
1 Solution
 
joedoe58Commented:
Hi,
The migration should be quite easy as you already experienced. Usually problems arise from other applications that all of a sudden do not work in AD. Do you have Exchange? or any application that is crucial for your company? If so you would do well to test how it works in the test environment before going with the upgrade.
And yes you can have w2k memeber servers in a w2k3 domain.
0
 
blackcsAuthor Commented:
The only item that would intergrate with ad is sql server 2000 running on a 2000 member server. Is that likely to cause anyproblems
0
 
blackcsAuthor Commented:
is there away that the clients do not get moved across to the new new domain as such. ie can i just turn off all move nt4 pdc and bdc check everything works inplace and if it doesnt turn them back on and turn off ad dc. At the momment once a client has logged into the ad it is then no longer able to access the old domain
0
 
oBdACommented:
Well, it is in fact not that complicated.
As far as "too late" for your W2k/XP machines is concerned, you can get around that for some time; *before* you upgrade the production PDC, set the "NT4Emulator" value as described here:
How to prevent overloading on the first domain controller during domain upgrade
http://support.microsoft.com/?kbid=298713
That will make your AD domain still appear like an NT4 domain for clients running W2k (or later); they will continue to logon to NT4 BDCs as well (which they won't anymore once they've noticed they're in an AD domain). If you upgrade further DCs or want to introduce additional AD DCs, you need to set the "NeutralizeNT4Emulator" on those (and the NT4EMulator value as well!), otherwise they won't recognize the new AD domain either. As long as this value is set on all AD DCs, you can always fall back to plain NT4.
It shouldn't take five minutes for the clients to logon, though; you might have some DNS problems. Make sure DNS is set correctly on your DCs and your clients before you finally remove the NT4 Emulator value (until then, your clients will still use WINS).
"Correctly" means that your DCs and domain members use only your internal DNS servers (so probably your DCs) for DNS resolution, that dynamic updates are enabled on your AD DNS zones, and that forwarders are configured (or you use the root hints) on your DNS servers to enable external DNS lookups.
Here's more about that:

10 DNS Errors That Will Kill Your Network
http://www.mstraining.com/misc/10_dns_errors_that_will_kill_you.htm

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036

How to Verify the Creation of SRV Records for a Domain Controller
http://support.microsoft.com/?kbid=241515

How Domain Controllers Are Located in Windows
http://support.microsoft.com/?kbid=247811

How Domain Controllers Are Located in Windows XP
http://support.microsoft.com/?kbid=314861

SRV Resource Records May Not Be Created on Domain Controller
http://support.microsoft.com/?kbid=239897

HOW TO: Configure DNS for Internet Access in Windows Server 2003
http://support.microsoft.com/?kbid=323380

HOW TO: Troubleshoot DNS Name Resolution on the Internet in Windows Server 2003
http://support.microsoft.com/?kbid=816567

And finally some documents about upgrading from NT4:

Tools and Documentation for Upgrading to Windows Server 2003
http://www.microsoft.com/windowsserver2003/upgrading/nt4/tooldocs/default.mspx

Background Information for Upgrading to Windows Server 2003 Active Directory
http://www.microsoft.com/resources/documentation/windowsserv/2003/all/deployguide/en-us/dssbe_upnt_huxa.asp

Migrating Windows NT Server 4.0 Domains to Windows Server 2003 Active Directory
http://www.microsoft.com/windowsserver2003/evaluation/whyupgrade/nt4/nt4domtoad.mspx
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now