software installed on member server while logged as domain admin

Posted on 2011-03-23
Last Modified: 2012-06-21
I have a member server that is part of a windows NT 4.0 domain
This member server is running windows 2003 server.
We're scrapping the Windows NT domain controller since its like 15 years old hardware wise.

I'm using another windows server 2003 box to be configured as domain controller and configuring new windows domain from scratch.
Theres only 10-20 user accounts on the old NT 4.0 PDC so rather then worrying about doing an upgrade or migration I've decided to start from scratch.

My concern is we have a member server box that I'll need to remove from the windows NT 4.0 domain and I'll need to add this as a member server to the new windows server domain i configure.

The proprietary software that this member server box is running is vital to keep intact.
The previous net administrators didn't document anything so their providing us with nothing.
I have a feeling the proprietary software installed to this member server may have been installed under the domain admin logon, So I'm worried when I remove this member server from the Windows NT 4.0 domain I may find the software isn't installed or properly configured on local administrator account.

I'm sure this type of scenario is common enough can anyone please explain what will happen in this scenario and what I can do .
Keep in mind the Windows NT 4.0 server's hardware is really old and not suitable to just due an in place upgrade on.
Question by:techguy1979
  • 2

Expert Comment

ID: 35202638
There are a couple things you can do.

1.  Log into the Member server as the local admin and test the software.
2.  Don't do an in place upgrade, but migrate to 2k3 Domain.

For number two - prep the forest and domain for 2k3, then do a DCPromo on a 2k3 server (the New DC)
Move all the Server roles to the new server then demote the old NT.  raise the domain level to 2k3

That way the domain admin is still the same user and the member server is untouched.

After you get to 2k3, then you can do the same to get to 2k8 if you want.

Author Comment

ID: 35202818
what all goes into the preparation you speak of "prep the forest and domain for 2k3".
Migrating from windows NT 4.0 wouldn't I have to migrate to windows 2k before windows 2k3?
How do I move the server roles from NT 4.0 dc to windows 2k3 new domain controller?
LVL 31

Accepted Solution

Justin Owens earned 500 total points
ID: 35202925
Your scenario:

You have two concurrently running domains.  You have an app server on Domain A (your NT4 Domain).  You want to disjoin it (make it stand alone) and then join it to Domain B (your AD 2003 Domain).  Your fear is that the proprietary application on your app server uses a domain member account from Domain A to run, and you have no documentation to use to know for sure.

Your need:

You need to come up with some kind of test to insure it will work when migrated to the new domain.


In an ideal world, you can create a backup of your app server and restore that backup to another, unused server.  Join that "test" server to the new domain and see if it works.

In  a slightly less than ideal world, do a complete backup of your app server.  Rather than disjoining it from your domain, remove the network cable.  THEN disjoin from the domain using a local admin account (this way your computer account is not removed from NT4). This assumes the app server is not your PDC or a BDC in your NT4 domain.  Join the new domain and test your app.  Restore from backup if it fails.

In an even less ideal world, do a complete backup of your app server.  Disjoin the old domain.  Join the new domain.  See if the app works.  Reverse the process to get it back to the NT4 domain.  If the app still fails, restore from backup.


Don't create a new domain.  Join the NT4 domain with your Server 2003.  Make the server 2003 a DC on the NT4 domain through migration.  This involves two concurrent domains, but instead of a cold cut, you establish a trust and migrate your users and computers across the trust to the new domain.  The step by step can be found here:

This will bypass having to use 2000 to do a direct upgrade of NT4 to AD.

LVL 31

Expert Comment

by:Justin Owens
ID: 35202958
By the way, you can also just install NT4 on your new server, make it a BDC, promote it to a PDC, and then do an inline upgrade to Server 2003.  This might be easier than going the trust route:


Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question