• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 268
  • Last Modified:

Does migrating NT to AD require an NT BDC?

Hi:

We need to migrate some NT domains to AD on Windows 2000.  They don't currently have NT BDC's.

Does ADMT require that we build BDC's before we can do this.

Thanks,

Rick
0
taborrg
Asked:
taborrg
  • 6
  • 6
1 Solution
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
No, it doesn't.  But how are you doing this migration - are you upgrading the domains or are you building new ones and using ADMT?  In my opinion, its a far smoother transition to be upgrading and NOT migrating.  If you upgrade, then it would be foolish not to create a BDC before your upgrade.  The whole purpose is that the BDC is your backup in case something goes wrong with the upgrade.  I've done this upgrade a dozen or more times and I don't recall any issues nor do I recall any questions here about failed upgrades - but do you REALLY want to be the first?

You can use an old PC, or my preferred method, a Virtual PC system which you can build using the demo version of Virtual PC and then backup the system to a DVD as a permanent recovery method.
0
 
taborrgAuthor Commented:
leew:

It will be a migration to better hardware.  Do you still recommend a BDC first, or how about just a good backup?

Thanks,

Rick
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
You're still not being clear - are you upgrading the domains by upgrading the existing NT4 PDCs to 2000 or are you building new servers and transferring accounts using ADMT?

If you are doing an upgrade, I would absolutely make a BDC - I don't care how confident you are in your backups - recovering from a failed domain upgrade is as simple as forcing the BDC to assume the role of PDC - takes about a minute or two - backups, assuming you have trust in your backup having worked - will take some time to recovery.  And besides, it's pretty obvious that the creation of a BDC worked while the only way to know for absolute certain that a backup is ok is by restoring it.

Besides, are you actually planning to do this without testing?  Creating a BDC and (especially a virtual PC BDC) will allow you to create a test network and test the upgrades first.

Do what you want, but the best way to ensure you sleep at night and you have a proper recovery path should anything fail is to create a BDC AND to run AT LEAST one test upgrade on each domain.
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
taborrgAuthor Commented:
We have built a new server and are transferring accounts using ADMT.

Excellent points on recovery issues in the event of a failed upgrade.  I will adhere to them always!

But - since we are migrating users to a new server, would the old server be automatically decommissioned, or could it be brought back on line as a fall-back?

Thanks,

Rick
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
I really consider ADMT the WORST way to migrate/upgrade.  It's just messy.  Upgrading is a FAR better idea, in my opinion - often much faster, less testing required, easier, less user interruption, just overall a FAR better method of moving to Active Directory.  If the Migration fails or experiences problems, you'll have to manually put the workstations back in the domain.  You MAY have to do the same with an upgrade, depending on how long its been since you upgraded the domain.  The only exception for this is when using Small Business Server as SBS has certain limitations.

If your doing an ADMT migration then you absolutely don't need a BDC.  ADMT is just copying the acccount information from the existing domain and mapping to SIDs in the new domain.  It's essentially accessing the old NT4 domain as a Read Only system.  

Should you change your mind about migrating and instead do the upgrade, make sure you create a BDC and PULL IT OFF THE NETWORK BEFORE THE UPGRADE - it does no good having a corrupt BDC if the AD upgrade fails.

But you're far more likely to have issues with an ADMT migration than with an upgrade.
0
 
taborrgAuthor Commented:
Great information.  One more thing - to pull the BDC off the network do I just disconnect the ethernet connection?  Maybe just turn it off?
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Pretty much - NT4 wasn't terribly sensitive to BDCs being pulled off the network.  2000/2003 is another story though - just remember, almost everything you know about NT4 directories is different in Active Directory.

A reference for you:
How To Upgrade a Windows NT 4.0-Based PDC to a Windows Server 2003-Based Domain Controller
http://support.microsoft.com/kb/326209/en-us
0
 
taborrgAuthor Commented:
Ok - so to wrap up what I hear is that:

If I use ADMT to migrate users to AD on a new w2k machine:

1)  I don't need a BDC   (always a very good idea to have one anyway).

2)  Since AD is reading NT as a read-only source, if the AD migration fails, then the NT domain can still be used as it was not affected.

Did I get it right?

Thanks


0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Mostly... maybe even yet.  But to clarify 2:

The NT domain will still be functional at the server level - you may have to manually put computers back into the domain.
0
 
taborrgAuthor Commented:
If I have a BDC, then I won't have a problem with needing to put computers back into the domain?
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
If you use the ADMT tool you may.  BDC or not it doesn't matter.  ADMT, once you initiate the migration for the computer(s), the computers are removed from their current domain and entered into the new domain.  (This is one reason why an upgrade is better).  If the migration fails or experiences problems, you'll have users in limbo while you try to get things working again and any migrated machines will have to be put back MANUALLY into the old domain - IF you want users to be able to work on them while you are fixing the mgiration issues.
0
 
taborrgAuthor Commented:
Thanks for the great info and heads-ups!
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now