[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 321
  • Last Modified:

NT 4 migrating to win2k3

I have an old NT4 domain, i tried to migrate it to WIN2k3. the 2 DCs can ping each other by IP, by Name, for some reason, when i tried to establish the trust btw the two, both of them are saying can't contact the domain controller of the other domain. why?

thanks in advance
0
katie_miguel
Asked:
katie_miguel
  • 13
  • 11
  • 2
1 Solution
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Why don't you upgrade the NT4 domain to a 2003 domain?  

Your problem with what you are trying (aside from taking longer to complete) is that you probably don't have appropriate name resolution.  Try creating an LMHOSTS file containing the domain servers information and the domain information.

Reference:
http://support.microsoft.com/?kbid=314108
0
 
katie_miguelAuthor Commented:
it's a long story i can't directly upgrade, and this is the path to go. i already have the LMHOSTS file containing the domain server info, they know each other by netbios name. how do you put domain information in the LMHOSTS file?
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
I guess you didn't read the article I posted.  Quote from it:
dd the following entries to the LMHOSTS file:

   10.0.0.1   PDCNAME #PRE #DOM:DOMAIN_NAME
   10.0.0.1   "DOMAIN_NAME    \0x1b"   #PRE

Note also that DOMAIN_NAME in this entry is case-sensitive. Make sure to use all capital letters.

Most people who say they can't directly upgrade can't only because they don't know how and think they shouldn't.  I have never seen an instance (beyond using Small Business Server - which you didn't mention) in which an upgrade was not possible.  Do you have a condensed version of the long story?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
katie_miguelAuthor Commented:
oh, it's because long time ago someone installed a lot of application on the NT4 PDC, and those are our company specific, it doesn't run on win2k3. i have to migrate all the acct to win2k3, and use Upromote to demote the old DC, and join it to the new domain.
0
 
katie_miguelAuthor Commented:
it's still not working, they still don't see each other
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
That's fine - and certainly not a reason to avoid doing an upgrade.

Here's what you do:
1.  Make a new NT Server BDC and pull it off line.  You can use an old PC or download a copy of Virtual PC (the trial will work fine) and install it on a virtual PC.  This will be yourr backup domain controller in case anything goes seriously wrong.  (I have never seen or heard of a failed NT4 domain upgrade - does not mean you can't be the first, but odds are strong you won't be).
2.  Make another new NT Server BDC using your new server (the one you want to run 2003).  Or, use another virtual PC if you have an OEM version of 2003 or can't find a compatible network card.
3.  Promote this NEW BDC to be your PDC
4.  Upgrade the new PDC to Windows Server 2003.  
5.  If you used your new server to make the BDC in #2, then you're done - continue to step 9
6.  Make the new 2003 server a domain controller by runnning DCPROMO.  This does not apply if you used the new server to make it an NT4 BDC (see step 5)
7.  Transfer the FSMO roles from the virtual computer to the new DC and make the new DC a global catalog server and DNS server.  Put DHCP on it as well if you need.
8.  Run DCPROMO on the upgraded 2003 virtual machine and demote it so it is no longer a domain controller.
9.  Your done.  You can run UPromote on the old NT4 PDC that has all the 2003 incompatible software.
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Such an upgrade will avoid having to run the ADMT tool and translating users, folders, printers, file shares and host of other work moving over to the new domain.  In addition, users passwords and other account information you may already have is still configured as you had them - groups and such.
0
 
katie_miguelAuthor Commented:
thank for the solution, but that won't work. no one knows how to install another server with all the apps like the one we are currently using. i have to keep that server as it is. and the new win2k3 dc has to keep the same net bios domain name. i already have a plan how to do this, i just need those 2 see each other, so i can establish the trust. i've done it before, i had no problem. but don't know what happened to this 2 dcs
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
The problem is your plan won't work and I never said you have to know where the software is.

You cannot create a trust between two domains that are named the same - that doesn't work - Windows doesn't know which one to contact because it's got two telling it "that's me".

You HAVE to change the domain name or your plan won't work.  If you follow MY instructions, you can KEEP the domain name.

Read my instructions carefully - Beyond demoting the original server to a BDC (which does not affect ANYTHING - software installed or anything EXCEPT it's status as an NT4 domain controller), you are NOT TOUCHING the original server.

Besides - what exactly would happen if that OLD server failed?  How would you keep the business running?

Look, I know it's not the answer to the question you were looking for, but sometimes you such an answer may not exist.  You can struggle and fight this all you want, but in the end, my solution should save you time, money, and headaches.
0
 
Rant32Commented:
Sorry katie_miguel, I completely agree with leew. You're not reading what he's writing.

You're not upgrading your application server. You only demote the PDC to BDC and you install a new, fresh, NT4 PDC which is upgraded to Windows 2003.

Installing and upgrading a new NT4 PDC to Windows Server 2003 doesn't change *anything* to your existing network, except the fact that there's a Windows 2003 DC, of course. It will act as a downlevel NT4 PDC to the other domain controllers.

I have upgraded three fully-fledged production NT4 domains this way (VMware PDC => 2003) without any issues and without any form of downtime. Actually, you will have a couple of seconds of downtime as somebody decided to make the primary domain controller an application server.
0
 
katie_miguelAuthor Commented:
Gosh, i didn't try to establish the trust with the 2 domain with the same netbios name, i have an other server on a different subnet as a middle man. all i need is to establish the trust from NT 4 to the win2k3, i wonder why they can't see each other, no other questions were asked. any one help?
0
 
katie_miguelAuthor Commented:
and my new domain is going to be a child domain in a forest. that's a long path to do it. but it's the only way.
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
You said:
i have to keep that server as it is. and the new win2k3 dc has to keep the same net bios domain name.

The only way you can keep the netbios name the same is to do what I said.  Sorry you don't like it, but that's a fact.  You CANNOT have an NT4 PDC in an Active Directory forest - it does work that way.  No one can help you do something that's not possible.

It's very difficult to help you when you consistantly leave out important details.  Now you're saying you have 3 servers on different subnets - big deal... I had 35 Windows servers on one subnet serving 3 domains to 1000 clients where the clients were in 40 different subnets.  
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Try to describe your network:

How many subnets do you have total?

How many netbios domains and what are their names?

What are the servers of these domains running?

Are you using WINS?

Now, perhaps my way is not the ONLY way - but unless you can clarify the information you have so far provided and answer these questions, I don't see any way of doing this.

I will say I don't understand why you think this is the only way and are so reluctant to upgrade the existing domain (I said UPGRADE THE DOMAIN, not upgrade the server).  

0
 
katie_miguelAuthor Commented:
Because the new domain has to be a child domain in the forest, if i upgrade the domain, can it be a child domain? if that's possible, i can upgrade, it will make the life a lot easier.
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Why couldn't it be.  I had domains I upgraded like that.  DCPROMO runs to promote the machine using the existing SAM.

But it's foolish to be experimenting with the production domain to get this migrated.  You really should be testing this in a test environment first.  Maybe you are - but you keep leaving out details - for instance, your last comment was the first to say you wanted the new domain to be a child in a forest domain.  Any more surprise?  It REALLY helps when you explain in detail what you are doing - otherwise we guess, give you information that may OR MAY NOT work for you and then you're in trouble.  Just try to avoid leaving blanks for us to fill in.
0
 
katie_miguelAuthor Commented:
thanks for your help, and sorry for giving unclear info. i'll test it out...
0
 
katie_miguelAuthor Commented:
so i should have a NT 4 BDC ready, and upgrade it to win2k3 DC and keep the same net bios domain name, and let it be a child domain in a forest. then demote the NT4 pdc?
0
 
katie_miguelAuthor Commented:
no, i need to promote the BDC to pdc, demote the PDC to bdc, and then upgrade it to win2k3 DC
0
 
Rant32Commented:
Only a Windows NT4 PDC can be upgraded to a newer operating system. After installing Windows 2000 or 2003, the DCPROMO utility is run to upgrade the existing NT SAM to its AD equivalent. During dcpromo you still have the option to create a new forest, create a new domain tree or become a child domain of an existing domain tree.

http://www.microsoft.com/windowsserver2003/evaluation/whyupgrade/nt4/nt4domtoad.mspx

has a very good technical overview of migration vs. upgrading and the considerations involved.
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
To be clear and reassuring, your existing PDC with all that software on need not even be touched physically - the only thing that will happen is it will be demoted to a BDC (prior to running UPROMOTE)  It is not upgraded to 2003, no other software is installed on it, that's all that happens.

Once you're ready to go with this:

1.  Make a system State backup of ALL domain controllers on EVERY domain of the forest. (To be safe)
2.  Make yourself a new BDC for the domain to be upgraded and then pull it off the network and put it on a shelf or something - this is the backup of the NT4 domain JUST IN CASE anything goes wrong - again, I've never seen this fail, but if you're the first, you want to have a backup.  If you make the system out of a virtual PC system, you can just shut the virtual system off and burn the virtual PC hard drive to a DVD and store it safely there.
3.  Make yourself another new BDC.  This BDC will then be upgraded to a PDC using Server Manager (It's been a LONG while since I did this, I did this several times years ago - just look through the menus and make sure you have the new BDC selected.
4.  Upgrade this new BDC (now a PDC) to 2003.  After rebooting, DCPROMO will run.  Walk through the steps and you should be able to make it a child of the existing domain.
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
When you promote a BDC to a PDC, unless the original PDC is offline (which it SHOULD NOT BE), it will automatically demote it to a BDC.
0
 
katie_miguelAuthor Commented:
thanks Leew, i'll try it out, and let you know
0
 
katie_miguelAuthor Commented:
one more question, after the upgrade is done, and it's a child domain in the forest, are all the clients keep the same, or do i need to rejoin them to the domain?
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Not at all - all the users and computers, groups and other domain information is migrated using an upgrade like this.  That's one of the reasons I was strongly encouraging this strategy.
0
 
katie_miguelAuthor Commented:
cool, thanks.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 13
  • 11
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now