We are a 500-user NT 4.0 domain managing accounts for 4 connected sites. Our parent company has moved to W2K3 with Active Directory, and has created a new forest structure where all affiliate sites must be joined to their domain.
We have our own NT4 PDC, which will be decommissioned, and a new server for our W2K3 domain controller with AD. Our main concern is ensuring our 500 user and computer accounts along with their security profiles (group memberhsips, file & share permissions, passwords, etc.) are brought over to the new server with everything intact.
Everyone around me is talking about doing an NT4-to-W2K3 account migration using the ADMT tool to accomplish our task, but I watched a few Microsoft Webcasts on this topic and one of the methods presented for migrating an NT 4.0 environment to W2K3 AD is to install NT4 on your NEW server, configure it as a BDC so a copy of the SAM will replicate to it from your existing NT4 PDC, then take your existing NT PDC off the network and promote the new server to an NT PDC.
Now youve got all your user accounts and their security profiles on the new serverno migration necessary the way I understand it. From there you would upgrade the new server to W2K3 Server, run DCPROMO, add it to the new domain and configure AD.
Do you see anything wrong with this method? Has anyone tried this? Any input would be appreciated, whether lessons learned from those who have tried it, or reasons why this is or is not the best path in our situation.