Solved

New Domain Upgrade from NT4

Posted on 2006-07-13
13
494 Views
Last Modified: 2012-05-05
I am going to be upgrading an old NT4 Network to a new windows server 2003. We have already decided that we will not upgrade the NT4 box but just install the server as a new server and new accounts to save transferring any remaining faulty issues from the old NT4 box. So what we are going to do is install as a new domain and then migrate the 20 or so users all XP based to the new domain.

One thing that has given pause for thought reading the Microsoft associated articles and sites is what we call this domain. the exisiting NT4 domain is basically called COMPANY [as an example] on a box named ntserver. Now Micrososft claims that it should be a FQDN and so would suggest COMPANY.COM, but have been told that this could lead to problems.

The server acts as basically receiving emails run on mailenable, domain controller, anti virus updates, and file server. I have been told I should name it COMPANY.LOCAL but that could throw a few spanners re the MAC's we have, or can I just call it COMPANY, or do I have to work this out a bit more logically, ie COMPANY.OFFICE, or just plain COMPANY1 because of the NT4 box.

Pause for thought.
0
Comment
Question by:Andrew Wilkinson
  • 8
  • 5
13 Comments
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 125 total points
ID: 17101307
I don't like your plan.

1.  NT Directory services are FAR inferior to Active Directory and Migrating to a new domain I've never liked because users and computers end up with two SIDs, one for the old network and one for the new.
2.  Upgrading the domain is a better solution - easier, less chance of problems, less interruption to work.
3.  Exception - if you are upgrading to an SBS domain.  SBS cannot upgrade a standard NT4 system, so then you have no choice but to migrate.

Active Directory Domains MUST have DNS style domain names.  They will also have NetBIOS domains, such as COMPANY.  But you MUST still have a DNS style domain name. I would suggest you use a different domain name - go buy YOURCOMPANY.INFO and use that - It's $3.95 for the first year, 9.95 each subsequent year from www.active-domain.com (my preferred domain registrar).  Or use YOURCOMPANY.LCL or something other than .local

Since you're asking this kind of question, it's clear you don't understand the IMPORTANCE of DNS in an Active Directory domain.  I would suggest reading over these links for tips and common problems.  In short, your clients AND your servers MUST use the Windows DNS server for DNS services - they SHOULD NOT have any idea there are other DNS services available.  

10 DNS Errors That Will Kill Your Network
http://mcpmag.com/features/article.asp?EditorialsID=413

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036

How to Verify the Creation of SRV Records for a Domain Controller
http://support.microsoft.com/?kbid=241515

SRV Resource Records May Not Be Created on Domain Controller
http://support.microsoft.com/?kbid=239897

How Domain Controllers Are Located in Windows XP
http://support.microsoft.com/?kbid=314861

How to Verify an Active Directory Installation in Windows Server 2003
http://support.microsoft.com/?kbid=816106

[links, in part, originally provided by oBdA]

If you didn't know about DNS you probably aren't aware of a few other Active Directory differences - and there are MANY.  Such as the FSMO roles or Global Catalog.  Reference:
http://www.svrops.com/svrops/documents/fsmo.htm
http://support.microsoft.com/?kbid=313994

0
 
LVL 2

Author Comment

by:Andrew Wilkinson
ID: 17101490
Thanks for that

Well my plan is based on an NT4 server being operational for over 10 years and god knows what crap is on it. Having asked several people ALL were unanimous in a clean start new server as opposed to upgrading the NT4 box. Anyway the NT4 box is incapable of running WS2003 on it. We have domains we can use such as .info so thats not a problem.

It is clear you are right in my understanding of an AD newtwork as we have never had to run one!!

As the NT4 box is a PDC we were told we could not introduce a new windows 2003 server to that network as it would conflict with the NT4 box and we need that live to transfer files from it so we would introduce the new server on new domain create a trust relationship between them, transfer files then de-commission the NT4 server.

It was supposed to be that simple....... the new server would be a DNS server and point to itself. all exisiting clients are hardcoded IP as dhcp was not operationg correctly on the server so we will probably role out a new group policy to have the clients set to take dhcp and resolve their dns at the server.

Happy with this?
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 17101633
I don't know who you asked, but I still don't see a problem with upgrading your existing domain.  If no one else described a plan as I'm about to, I would be worried about their qualifications to adaquately recommend a course of action.

How do you upgrade a 10 year old server?  Easy.  You don't.  You put another server in place as a BDC.  Then you make that server the PDC.  Then you upgrade that.  Don't have another server? Fine, install VMWare or Virtual PC - even demos can be sufficient for the transition period.  Once the PDC is upgraded to 2003, you can add a new 2003 server as a domain controller and demote the temporary one (the newly created NT4 PDC you upgraded to 2003).  This is not a complex procedure.  The best part of the upgrade process is that it's generally transparent to the users.  You can install the domain without any real downtime or labor in transitioning users to a new domain.

Do your even logs on the existing PDC have errors in them?  If so, what are they?  If no errors, then there's really no good reason not to do an upgrade.

REGARDLESS of which way you go, TEST FIRST.  Create a test network - make a BDC and pull it off the existing network - then upgrade it and TEST the process.  Even if you don't take my advice on the upgrade, STILL make a BDC and then to a TEST migration on a separate network.  Tests are done to get you familiar with the process AND to shake out the problems you might encounter.  Testing SAMPLE domains are ok - and sometimes the only way - but if you can essentially make a copy of your existing network (which you can in NT4) then that's what should be used to test.
0
 
LVL 2

Author Comment

by:Andrew Wilkinson
ID: 17101982
I see your reasoning, however we have an NT4 server as a PDC and about to take delivery of a super new server with windows Server 2003 pre installed, hence the issue!
0
 
LVL 2

Author Comment

by:Andrew Wilkinson
ID: 17101998
Re the people I spoke to, two MCSE's, three from Microsoft and the rest who have done business with the company. The Microsoft people suggested this as we were having hardware failures and some dodgy software installs ie faulty that were causing errors in the event log..
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 17102210
Well, if they've looked over your network (not just you asking them - if they have more intimate knowledge of your network - then I guess I'd defer to them - as I'm not there.

BUT, strictly speaking, the NT directory services database is just users and passwords and computers with a few other attributes.  There's really very little to it compared to Active Directory.  Migrations generally do not preserve passwords whereas upgrades do.  IF you are not experiencing event log errors related specifically to nt directory services, then I would still do the upgrade.  

There is no issue just because your getting a 2003 server preinstalled.  Find an old system lying around.  Or install a virtual machine platform.  Then, as I said before:
How do you upgrade a 10 year old server?  Easy.  You don't.  You put another server in place as a BDC.  Then you make that server the PDC.  Then you upgrade that.  Don't have another server? Fine, install VMWare or Virtual PC - even demos can be sufficient for the transition period.  Once the PDC is upgraded to 2003, you can add a new 2003 server as a domain controller and demote the temporary one (the newly created NT4 PDC you upgraded to 2003).  This is not a complex procedure.  The best part of the upgrade process is that it's generally transparent to the users.  You can install the domain without any real downtime or labor in transitioning users to a new domain.

By the end of the upgrade, your users are on 2003, your old server is retired, and the new server is your domain controller.

As I said, WHATEVER YOU CHOOSE, TEST FIRST.  Heck - test both to see which you think is easier and has fewer issues.  But you are just asking for problems if you don't test first and go with EITHER plan.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 2

Author Comment

by:Andrew Wilkinson
ID: 17102487
I like your idea and you seem to know what your talking about. we have an old HP NTserver tha is a bdc could I do it on that?
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 17102566
Probably. Forgive the repetativeness, but I can't stress enough how important testing is in any network change and ESPECIALLY in BIG network changes like migrating to Active Directory.  I'd STILL create ONE MORE BDC, then pull it off the network, promote it, and run the tests.

Best practices dictate that if you choose this method, you keep take one BDC offline entirely (that can sometimes mean adding another one) so that if anything goes wrong, you can recover your domain by simply pulling the problem upgrade off and putting the old BDC back in and promoting it to PDC - it's a quick and easy back-out.  Migration doesn't have such a quick and easy back-out.  Once you start migrating, you tend to have to complete it or spend lots of time putting things back the way they were.
0
 
LVL 2

Author Comment

by:Andrew Wilkinson
ID: 17102611
I see your point unfortunately no more PC's, the BDC doesn't do anything anyway so can afford to lose it if it goes tits up.

So I basically promote the bdc to pdc, pull the new pdc off the network, upgrade it to win2003, check it all out, connect it to network , when ok add in new win server, and take out old one. what do I do with the current pdc?

0
 
LVL 2

Author Comment

by:Andrew Wilkinson
ID: 17102948
Oh the old domain is called COMPANY, what happens n the upgrade?
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 17103174
3rd time I'm mentioning it -
Don't have another server? Fine, install VMWare or Virtual PC - even demos can be sufficient for the transition period.
First time I'm mentioning it - GSX Server Beta (VMWare) is supposed to be free.
Links:

www.microsoft.com/virtualpc
www.vmware.com

Also, you can still setup the new server (no need to make it a DC, just make it a member of the existing domain.  Then you can install Virtual Server - which is now free as well.

Besides that, $100 PCs on Ebay would be sufficient - All you need is 500 MHz and 512 MB of RAM.
http://cgi.ebay.com/Compaq-Deskpro-ENL-Pentium-3-933-MHz-512-MB-20-GB-NR_W0QQitemZ330006986032QQihZ014QQcategoryZ51119QQssPageNameZWDVWQQrdZ1QQcmdZViewItem
http://cgi.ebay.com/Dell-Optiplex-GX110-Pentium-III-933-Mhz-512-MB-SDRAM_W0QQitemZ290006680117QQihZ019QQcategoryZ51119QQssPageNameZWDVWQQrdZ1QQcmdZViewItem
0
 
LVL 2

Author Comment

by:Andrew Wilkinson
ID: 17103346
Leew

Your obviously very knowledgeable and getting peeved with me? Why do I need to do this I have a BDC I can promote to PDC, upgrade to win2003, then introduce new server and remove the new old pdc? so I am getting confused now.

You've got the points just give me a 10 point plan for the bdc to w2oo3 and then demothe the current pdc.....
0
 
LVL 2

Author Comment

by:Andrew Wilkinson
ID: 17144675
thanks
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now