Andrew Wilkinson
asked on
New Domain Upgrade from NT4
I am going to be upgrading an old NT4 Network to a new windows server 2003. We have already decided that we will not upgrade the NT4 box but just install the server as a new server and new accounts to save transferring any remaining faulty issues from the old NT4 box. So what we are going to do is install as a new domain and then migrate the 20 or so users all XP based to the new domain.
One thing that has given pause for thought reading the Microsoft associated articles and sites is what we call this domain. the exisiting NT4 domain is basically called COMPANY [as an example] on a box named ntserver. Now Micrososft claims that it should be a FQDN and so would suggest COMPANY.COM, but have been told that this could lead to problems.
The server acts as basically receiving emails run on mailenable, domain controller, anti virus updates, and file server. I have been told I should name it COMPANY.LOCAL but that could throw a few spanners re the MAC's we have, or can I just call it COMPANY, or do I have to work this out a bit more logically, ie COMPANY.OFFICE, or just plain COMPANY1 because of the NT4 box.
Pause for thought.
One thing that has given pause for thought reading the Microsoft associated articles and sites is what we call this domain. the exisiting NT4 domain is basically called COMPANY [as an example] on a box named ntserver. Now Micrososft claims that it should be a FQDN and so would suggest COMPANY.COM, but have been told that this could lead to problems.
The server acts as basically receiving emails run on mailenable, domain controller, anti virus updates, and file server. I have been told I should name it COMPANY.LOCAL but that could throw a few spanners re the MAC's we have, or can I just call it COMPANY, or do I have to work this out a bit more logically, ie COMPANY.OFFICE, or just plain COMPANY1 because of the NT4 box.
Pause for thought.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I don't know who you asked, but I still don't see a problem with upgrading your existing domain. If no one else described a plan as I'm about to, I would be worried about their qualifications to adaquately recommend a course of action.
How do you upgrade a 10 year old server? Easy. You don't. You put another server in place as a BDC. Then you make that server the PDC. Then you upgrade that. Don't have another server? Fine, install VMWare or Virtual PC - even demos can be sufficient for the transition period. Once the PDC is upgraded to 2003, you can add a new 2003 server as a domain controller and demote the temporary one (the newly created NT4 PDC you upgraded to 2003). This is not a complex procedure. The best part of the upgrade process is that it's generally transparent to the users. You can install the domain without any real downtime or labor in transitioning users to a new domain.
Do your even logs on the existing PDC have errors in them? If so, what are they? If no errors, then there's really no good reason not to do an upgrade.
REGARDLESS of which way you go, TEST FIRST. Create a test network - make a BDC and pull it off the existing network - then upgrade it and TEST the process. Even if you don't take my advice on the upgrade, STILL make a BDC and then to a TEST migration on a separate network. Tests are done to get you familiar with the process AND to shake out the problems you might encounter. Testing SAMPLE domains are ok - and sometimes the only way - but if you can essentially make a copy of your existing network (which you can in NT4) then that's what should be used to test.
How do you upgrade a 10 year old server? Easy. You don't. You put another server in place as a BDC. Then you make that server the PDC. Then you upgrade that. Don't have another server? Fine, install VMWare or Virtual PC - even demos can be sufficient for the transition period. Once the PDC is upgraded to 2003, you can add a new 2003 server as a domain controller and demote the temporary one (the newly created NT4 PDC you upgraded to 2003). This is not a complex procedure. The best part of the upgrade process is that it's generally transparent to the users. You can install the domain without any real downtime or labor in transitioning users to a new domain.
Do your even logs on the existing PDC have errors in them? If so, what are they? If no errors, then there's really no good reason not to do an upgrade.
REGARDLESS of which way you go, TEST FIRST. Create a test network - make a BDC and pull it off the existing network - then upgrade it and TEST the process. Even if you don't take my advice on the upgrade, STILL make a BDC and then to a TEST migration on a separate network. Tests are done to get you familiar with the process AND to shake out the problems you might encounter. Testing SAMPLE domains are ok - and sometimes the only way - but if you can essentially make a copy of your existing network (which you can in NT4) then that's what should be used to test.
ASKER
I see your reasoning, however we have an NT4 server as a PDC and about to take delivery of a super new server with windows Server 2003 pre installed, hence the issue!
ASKER
Re the people I spoke to, two MCSE's, three from Microsoft and the rest who have done business with the company. The Microsoft people suggested this as we were having hardware failures and some dodgy software installs ie faulty that were causing errors in the event log..
Well, if they've looked over your network (not just you asking them - if they have more intimate knowledge of your network - then I guess I'd defer to them - as I'm not there.
BUT, strictly speaking, the NT directory services database is just users and passwords and computers with a few other attributes. There's really very little to it compared to Active Directory. Migrations generally do not preserve passwords whereas upgrades do. IF you are not experiencing event log errors related specifically to nt directory services, then I would still do the upgrade.
There is no issue just because your getting a 2003 server preinstalled. Find an old system lying around. Or install a virtual machine platform. Then, as I said before:
How do you upgrade a 10 year old server? Easy. You don't. You put another server in place as a BDC. Then you make that server the PDC. Then you upgrade that. Don't have another server? Fine, install VMWare or Virtual PC - even demos can be sufficient for the transition period. Once the PDC is upgraded to 2003, you can add a new 2003 server as a domain controller and demote the temporary one (the newly created NT4 PDC you upgraded to 2003). This is not a complex procedure. The best part of the upgrade process is that it's generally transparent to the users. You can install the domain without any real downtime or labor in transitioning users to a new domain.
By the end of the upgrade, your users are on 2003, your old server is retired, and the new server is your domain controller.
As I said, WHATEVER YOU CHOOSE, TEST FIRST. Heck - test both to see which you think is easier and has fewer issues. But you are just asking for problems if you don't test first and go with EITHER plan.
BUT, strictly speaking, the NT directory services database is just users and passwords and computers with a few other attributes. There's really very little to it compared to Active Directory. Migrations generally do not preserve passwords whereas upgrades do. IF you are not experiencing event log errors related specifically to nt directory services, then I would still do the upgrade.
There is no issue just because your getting a 2003 server preinstalled. Find an old system lying around. Or install a virtual machine platform. Then, as I said before:
How do you upgrade a 10 year old server? Easy. You don't. You put another server in place as a BDC. Then you make that server the PDC. Then you upgrade that. Don't have another server? Fine, install VMWare or Virtual PC - even demos can be sufficient for the transition period. Once the PDC is upgraded to 2003, you can add a new 2003 server as a domain controller and demote the temporary one (the newly created NT4 PDC you upgraded to 2003). This is not a complex procedure. The best part of the upgrade process is that it's generally transparent to the users. You can install the domain without any real downtime or labor in transitioning users to a new domain.
By the end of the upgrade, your users are on 2003, your old server is retired, and the new server is your domain controller.
As I said, WHATEVER YOU CHOOSE, TEST FIRST. Heck - test both to see which you think is easier and has fewer issues. But you are just asking for problems if you don't test first and go with EITHER plan.
ASKER
I like your idea and you seem to know what your talking about. we have an old HP NTserver tha is a bdc could I do it on that?
Probably. Forgive the repetativeness, but I can't stress enough how important testing is in any network change and ESPECIALLY in BIG network changes like migrating to Active Directory. I'd STILL create ONE MORE BDC, then pull it off the network, promote it, and run the tests.
Best practices dictate that if you choose this method, you keep take one BDC offline entirely (that can sometimes mean adding another one) so that if anything goes wrong, you can recover your domain by simply pulling the problem upgrade off and putting the old BDC back in and promoting it to PDC - it's a quick and easy back-out. Migration doesn't have such a quick and easy back-out. Once you start migrating, you tend to have to complete it or spend lots of time putting things back the way they were.
Best practices dictate that if you choose this method, you keep take one BDC offline entirely (that can sometimes mean adding another one) so that if anything goes wrong, you can recover your domain by simply pulling the problem upgrade off and putting the old BDC back in and promoting it to PDC - it's a quick and easy back-out. Migration doesn't have such a quick and easy back-out. Once you start migrating, you tend to have to complete it or spend lots of time putting things back the way they were.
ASKER
I see your point unfortunately no more PC's, the BDC doesn't do anything anyway so can afford to lose it if it goes tits up.
So I basically promote the bdc to pdc, pull the new pdc off the network, upgrade it to win2003, check it all out, connect it to network , when ok add in new win server, and take out old one. what do I do with the current pdc?
So I basically promote the bdc to pdc, pull the new pdc off the network, upgrade it to win2003, check it all out, connect it to network , when ok add in new win server, and take out old one. what do I do with the current pdc?
ASKER
Oh the old domain is called COMPANY, what happens n the upgrade?
3rd time I'm mentioning it -
Don't have another server? Fine, install VMWare or Virtual PC - even demos can be sufficient for the transition period.
First time I'm mentioning it - GSX Server Beta (VMWare) is supposed to be free.
Links:
www.microsoft.com/virtualpc
www.vmware.com
Also, you can still setup the new server (no need to make it a DC, just make it a member of the existing domain. Then you can install Virtual Server - which is now free as well.
Besides that, $100 PCs on Ebay would be sufficient - All you need is 500 MHz and 512 MB of RAM.
http://cgi.ebay.com/Compaq-Deskpro-ENL-Pentium-3-933-MHz-512-MB-20-GB-NR_W0QQitemZ330006986032QQihZ014QQcategoryZ51119QQssPageNameZWDVWQQrdZ1QQcmdZViewItem
http://cgi.ebay.com/Dell-Optiplex-GX110-Pentium-III-933-Mhz-512-MB-SDRAM_W0QQitemZ290006680117QQihZ019QQcategoryZ51119QQssPageNameZWDVWQQrdZ1QQcmdZViewItem
Don't have another server? Fine, install VMWare or Virtual PC - even demos can be sufficient for the transition period.
First time I'm mentioning it - GSX Server Beta (VMWare) is supposed to be free.
Links:
www.microsoft.com/virtualpc
www.vmware.com
Also, you can still setup the new server (no need to make it a DC, just make it a member of the existing domain. Then you can install Virtual Server - which is now free as well.
Besides that, $100 PCs on Ebay would be sufficient - All you need is 500 MHz and 512 MB of RAM.
http://cgi.ebay.com/Compaq-Deskpro-ENL-Pentium-3-933-MHz-512-MB-20-GB-NR_W0QQitemZ330006986032QQihZ014QQcategoryZ51119QQssPageNameZWDVWQQrdZ1QQcmdZViewItem
http://cgi.ebay.com/Dell-Optiplex-GX110-Pentium-III-933-Mhz-512-MB-SDRAM_W0QQitemZ290006680117QQihZ019QQcategoryZ51119QQssPageNameZWDVWQQrdZ1QQcmdZViewItem
ASKER
Leew
Your obviously very knowledgeable and getting peeved with me? Why do I need to do this I have a BDC I can promote to PDC, upgrade to win2003, then introduce new server and remove the new old pdc? so I am getting confused now.
You've got the points just give me a 10 point plan for the bdc to w2oo3 and then demothe the current pdc.....
Your obviously very knowledgeable and getting peeved with me? Why do I need to do this I have a BDC I can promote to PDC, upgrade to win2003, then introduce new server and remove the new old pdc? so I am getting confused now.
You've got the points just give me a 10 point plan for the bdc to w2oo3 and then demothe the current pdc.....
ASKER
thanks
ASKER
Well my plan is based on an NT4 server being operational for over 10 years and god knows what crap is on it. Having asked several people ALL were unanimous in a clean start new server as opposed to upgrading the NT4 box. Anyway the NT4 box is incapable of running WS2003 on it. We have domains we can use such as .info so thats not a problem.
It is clear you are right in my understanding of an AD newtwork as we have never had to run one!!
As the NT4 box is a PDC we were told we could not introduce a new windows 2003 server to that network as it would conflict with the NT4 box and we need that live to transfer files from it so we would introduce the new server on new domain create a trust relationship between them, transfer files then de-commission the NT4 server.
It was supposed to be that simple....... the new server would be a DNS server and point to itself. all exisiting clients are hardcoded IP as dhcp was not operationg correctly on the server so we will probably role out a new group policy to have the clients set to take dhcp and resolve their dns at the server.
Happy with this?