Solved

software installed on member server while logged as domain admin

Posted on 2011-03-23
4
349 Views
Last Modified: 2012-06-21
I have a member server that is part of a windows NT 4.0 domain
This member server is running windows 2003 server.
We're scrapping the Windows NT domain controller since its like 15 years old hardware wise.

I'm using another windows server 2003 box to be configured as domain controller and configuring new windows domain from scratch.
Theres only 10-20 user accounts on the old NT 4.0 PDC so rather then worrying about doing an upgrade or migration I've decided to start from scratch.

My concern is we have a member server box that I'll need to remove from the windows NT 4.0 domain and I'll need to add this as a member server to the new windows server domain i configure.

The proprietary software that this member server box is running is vital to keep intact.
The previous net administrators didn't document anything so their providing us with nothing.
I have a feeling the proprietary software installed to this member server may have been installed under the domain admin logon, So I'm worried when I remove this member server from the Windows NT 4.0 domain I may find the software isn't installed or properly configured on local administrator account.

I'm sure this type of scenario is common enough can anyone please explain what will happen in this scenario and what I can do .
Keep in mind the Windows NT 4.0 server's hardware is really old and not suitable to just due an in place upgrade on.
0
Comment
Question by:techguy1979
  • 2
4 Comments
 
LVL 6

Expert Comment

by:ahdfx
ID: 35202638
There are a couple things you can do.

1.  Log into the Member server as the local admin and test the software.
2.  Don't do an in place upgrade, but migrate to 2k3 Domain.

For number two - prep the forest and domain for 2k3, then do a DCPromo on a 2k3 server (the New DC)
Move all the Server roles to the new server then demote the old NT.  raise the domain level to 2k3

That way the domain admin is still the same user and the member server is untouched.

After you get to 2k3, then you can do the same to get to 2k8 if you want.
0
 

Author Comment

by:techguy1979
ID: 35202818
what all goes into the preparation you speak of "prep the forest and domain for 2k3".
Migrating from windows NT 4.0 wouldn't I have to migrate to windows 2k before windows 2k3?
How do I move the server roles from NT 4.0 dc to windows 2k3 new domain controller?
0
 
LVL 31

Accepted Solution

by:
DrUltima earned 500 total points
ID: 35202925
Your scenario:

You have two concurrently running domains.  You have an app server on Domain A (your NT4 Domain).  You want to disjoin it (make it stand alone) and then join it to Domain B (your AD 2003 Domain).  Your fear is that the proprietary application on your app server uses a domain member account from Domain A to run, and you have no documentation to use to know for sure.

Your need:

You need to come up with some kind of test to insure it will work when migrated to the new domain.

Solution:

In an ideal world, you can create a backup of your app server and restore that backup to another, unused server.  Join that "test" server to the new domain and see if it works.

In  a slightly less than ideal world, do a complete backup of your app server.  Rather than disjoining it from your domain, remove the network cable.  THEN disjoin from the domain using a local admin account (this way your computer account is not removed from NT4). This assumes the app server is not your PDC or a BDC in your NT4 domain.  Join the new domain and test your app.  Restore from backup if it fails.

In an even less ideal world, do a complete backup of your app server.  Disjoin the old domain.  Join the new domain.  See if the app works.  Reverse the process to get it back to the NT4 domain.  If the app still fails, restore from backup.

Alternate:

Don't create a new domain.  Join the NT4 domain with your Server 2003.  Make the server 2003 a DC on the NT4 domain through migration.  This involves two concurrent domains, but instead of a cold cut, you establish a trust and migrate your users and computers across the trust to the new domain.  The step by step can be found here:

http://www.winfrastructure.net/article.aspx?BlogEntry=Migration-from-NT4-to-Windows-2003-Active-Directory-domain-part-1

This will bypass having to use 2000 to do a direct upgrade of NT4 to AD.

DrUtlima
0
 
LVL 31

Expert Comment

by:DrUltima
ID: 35202958
By the way, you can also just install NT4 on your new server, make it a BDC, promote it to a PDC, and then do an inline upgrade to Server 2003.  This might be easier than going the trust route:

http://www.microsoft.com/downloads/en/details.aspx?familyid=e92cf6a0-76f0-4e25-8de0-19544062a6e6&displaylang=en

DrUltima
0

Join & Write a Comment

Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now