software installed on member server while logged as domain admin

Posted on 2011-03-23
Medium Priority
Last Modified: 2012-06-21
I have a member server that is part of a windows NT 4.0 domain
This member server is running windows 2003 server.
We're scrapping the Windows NT domain controller since its like 15 years old hardware wise.

I'm using another windows server 2003 box to be configured as domain controller and configuring new windows domain from scratch.
Theres only 10-20 user accounts on the old NT 4.0 PDC so rather then worrying about doing an upgrade or migration I've decided to start from scratch.

My concern is we have a member server box that I'll need to remove from the windows NT 4.0 domain and I'll need to add this as a member server to the new windows server domain i configure.

The proprietary software that this member server box is running is vital to keep intact.
The previous net administrators didn't document anything so their providing us with nothing.
I have a feeling the proprietary software installed to this member server may have been installed under the domain admin logon, So I'm worried when I remove this member server from the Windows NT 4.0 domain I may find the software isn't installed or properly configured on local administrator account.

I'm sure this type of scenario is common enough can anyone please explain what will happen in this scenario and what I can do .
Keep in mind the Windows NT 4.0 server's hardware is really old and not suitable to just due an in place upgrade on.
Question by:techguy1979
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2

Expert Comment

ID: 35202638
There are a couple things you can do.

1.  Log into the Member server as the local admin and test the software.
2.  Don't do an in place upgrade, but migrate to 2k3 Domain.

For number two - prep the forest and domain for 2k3, then do a DCPromo on a 2k3 server (the New DC)
Move all the Server roles to the new server then demote the old NT.  raise the domain level to 2k3

That way the domain admin is still the same user and the member server is untouched.

After you get to 2k3, then you can do the same to get to 2k8 if you want.

Author Comment

ID: 35202818
what all goes into the preparation you speak of "prep the forest and domain for 2k3".
Migrating from windows NT 4.0 wouldn't I have to migrate to windows 2k before windows 2k3?
How do I move the server roles from NT 4.0 dc to windows 2k3 new domain controller?
LVL 31

Accepted Solution

Justin Owens earned 2000 total points
ID: 35202925
Your scenario:

You have two concurrently running domains.  You have an app server on Domain A (your NT4 Domain).  You want to disjoin it (make it stand alone) and then join it to Domain B (your AD 2003 Domain).  Your fear is that the proprietary application on your app server uses a domain member account from Domain A to run, and you have no documentation to use to know for sure.

Your need:

You need to come up with some kind of test to insure it will work when migrated to the new domain.


In an ideal world, you can create a backup of your app server and restore that backup to another, unused server.  Join that "test" server to the new domain and see if it works.

In  a slightly less than ideal world, do a complete backup of your app server.  Rather than disjoining it from your domain, remove the network cable.  THEN disjoin from the domain using a local admin account (this way your computer account is not removed from NT4). This assumes the app server is not your PDC or a BDC in your NT4 domain.  Join the new domain and test your app.  Restore from backup if it fails.

In an even less ideal world, do a complete backup of your app server.  Disjoin the old domain.  Join the new domain.  See if the app works.  Reverse the process to get it back to the NT4 domain.  If the app still fails, restore from backup.


Don't create a new domain.  Join the NT4 domain with your Server 2003.  Make the server 2003 a DC on the NT4 domain through migration.  This involves two concurrent domains, but instead of a cold cut, you establish a trust and migrate your users and computers across the trust to the new domain.  The step by step can be found here:


This will bypass having to use 2000 to do a direct upgrade of NT4 to AD.

LVL 31

Expert Comment

by:Justin Owens
ID: 35202958
By the way, you can also just install NT4 on your new server, make it a BDC, promote it to a PDC, and then do an inline upgrade to Server 2003.  This might be easier than going the trust route:



Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question