Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Best way to upgrate from NT4 Domain to AD Domain?

Posted on 2008-10-10
6
Medium Priority
?
323 Views
Last Modified: 2010-05-18
I have an old box running as my PDC with NT4.  I am trying to decide if I need to use the ADMT.  

Here is my plan.  Take the new server that is going to be my 2003 DC and load NT4 on it and set it up as a BDC.  Next Promote this new box to be the PDC and take the old box offline.  Do an in place upgrade on the new PDC to 2003.

Am I on the right track here?  Do I need ADMT for anything?

Thanks!
0
Comment
Question by:trsman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 58

Expert Comment

by:tigermatt
ID: 22688956
That is the usual track you have to use. I've not actually completed an NT4 - 2003 migration myself but from past dealings that is generally the easiest method to take.

The other option is to simply do an in-place upgrade direct on your existing NT4 box to 2003, but this means you'll get all of its applications, old settings configured over the years etc. migrated over with it - not to mention with the existing PDC is powerful enough!

The only time you use ADMT is when you are looking to migrate to a brand new domain and you need to migrate user accounts over. Not for an upgrade within the same Active Directory domain.

-tigermatt
0
 

Author Comment

by:trsman
ID: 22689545
Tigermatt.

Thanks for the understanding of the ADMT.  My existing NT$ PDC is old and I don't want it to be the new AD DC, that is why I am thinking about taking the new server and installing NT4 to it as a BDC first, then promoting it to the PDC and doing  a in place upgrade with the old DC there incase everything blows up :)
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 96

Accepted Solution

by:
Lee W, MVP earned 2000 total points
ID: 22690144
I would suggest a slightly different approach.

START with a TEST in Virtual Machines.

1.  Install NT4 as a bdc in a Virtual Machine (VMWare Server & ESXi, Virtual PC, Virtual Server are all free).  
2.  BACKUP this virtual machine file (the VHD) AND disconnect it from your network.
3.  Promote the VM to your PDC and now upgrade as a test.  IF there are any quirks about your network, they will hopefully surface and you can research and correct them.  If not, then you learn what to expect when you ACTUALLY upgrade your network.  win-win.
4.  Restore the backed up VHD (as the BDC) but keeping another backup of it (burn it to a DVD should be fine - you're keeping this backup JUST IN CASE anything goes wrong - you can drop it back in the network and promote it to PDC effectively restoring your NT4 only domain).  Then promote it to PDC of the PRODUCTION network.  
5.  UPGRADE the PRODUCTION network by upgrading the VM.  Why?  Here's a two important reasons:
    a) NT4 is old - a physical machine could present MANY driver problems, especially network driver problems and delay or even make impossible your attempt to setup the new physical server as an NT4 BDC.  VMs emulate old and common network cards that should have drivers built in (Virtual PC definitely works great with built in NT4 drivers).
    b) NT4 has a limit of a 4 GB C: drive (7.8 if you preformat the hard disk) or it won't boot.  Now, I'm a big proponent of not oversizing your hard disk, but for 2003, 4 GB is insanely low and 7.8 is pushing your luck - I typically recommend 12-20 GB for C:  (People don't usually think about this one).
6.  Once upgraded, install the new server, promote it to DC, migrate DNS and the FMSO roles (and global catalog) over to the new physical server, and then demote the VM.  Once the VM is demoted, you can remove it from the network and now your new physical server doesn't have that limited C: drive.
0
 

Author Comment

by:trsman
ID: 22690948
Wow Lee, This is a new approach, well slightly different from what i have read before.

Ok, so are you saying in step 2 and 3 to promote the BDC VM to PDC while it is disconnected from the network?  If I do it while connect it will demote my old one right?

I sure am glad you posted this.  I had to read it 5 times and had to really think about it to grasp it all.  It makes sense, as I have never thought about the c: partition limit.

Thanks

0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 22691097
Step 3 and PART of step 2 are done explicitly to create a TEST network so that you can run through the upgrade process WITHOUT TOUCHING your production network.  It allows you to get a feel for the process and POSSIBLY catch any issues that may otherwise arise when you do it for real in your production network.  Because you remove the BDC VM from the production network, once you promote it to PDC it WILL NOT affect the existing network - the current network PDC STAYS the PDC during the test.  Follow my thinking?
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Let's recap what we learned from yesterday's Skyport Systems webinar.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question