bubarooni
asked on
Replacing an NT 4.0 Domain with Active Directory
Yep, an NT 4.0 domain. That is not a misprint.
Management is finally willing to part ways with the cash necessary to replace our old NT 4.0 domain with Active Directory because of a new application they will be wanting to get in the near future.
I'm interested in knowing if anyone has ever replaced a NT 4.0 domain directly with an AD domain. Should I just get my AD servers (I'm trying really hard not to type 'PDC' and 'BDC') configured and running on a separate LAN and when ready shut down the old NT units and bring up the Win2k8 servers with the same domain name on the existing lan?
That sounds way to easy...
The domain has about 270 users and 300 workstations/laptops/serve
Anyway, if anyone has any insight on the topic I'd love to hear it or see a link.
Thanks In Advance!
Management is finally willing to part ways with the cash necessary to replace our old NT 4.0 domain with Active Directory because of a new application they will be wanting to get in the near future.
I'm interested in knowing if anyone has ever replaced a NT 4.0 domain directly with an AD domain. Should I just get my AD servers (I'm trying really hard not to type 'PDC' and 'BDC') configured and running on a separate LAN and when ready shut down the old NT units and bring up the Win2k8 servers with the same domain name on the existing lan?
That sounds way to easy...
The domain has about 270 users and 300 workstations/laptops/serve
Anyway, if anyone has any insight on the topic I'd love to hear it or see a link.
Thanks In Advance!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
How about setting up a DC in your current office, along with all the remote location DC's, then ship them out to your onsite-tech's so they can complete the work?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for all the quick respones!
I've seen several different articles on migrating from NT to 2k/2k3, just not directly to 2k8.
I was hoping someone had done that direct migration before.
I've seen several different articles on migrating from NT to 2k/2k3, just not directly to 2k8.
I was hoping someone had done that direct migration before.
Yes, because there is no option for that. Windows Server 2008/2008R2 does not support NT4 domains. So, that's why there is no direct way. If you want to use 2008/2008R2 DC you need to have at least Windows 2000 native Domain Functional Level. That mean, not NT4 domains and if you are using 2000 DCs then all of them must be running SP4
Krzysztof
Krzysztof
One liner...Can't upgrade from NT4.0 to 2008 you need atleast 2000 SP4 servers ...
ASKER
OK, I was wondering if that was kinda where I was heading with this.
That gives me two options then:
1. Migrate from NT to either Win2k/2k3 and then upgrade to Win2k8
2. Remove NT DC's and replace with AD DC's
Is that about right?
I've seen the many articles on option 1. What would option 2 entail?
About the only thing the NT 4.0 servers are used for at this point are login authentication and file security and that's it. If I manually recreated the user accounts on the Win2k8 server is that enough or am I going to have create machine accounts as well. Are there going to be all kinds of SID issues when I try and log on machines that first time after I swap the servers out?
That gives me two options then:
1. Migrate from NT to either Win2k/2k3 and then upgrade to Win2k8
2. Remove NT DC's and replace with AD DC's
Is that about right?
I've seen the many articles on option 1. What would option 2 entail?
About the only thing the NT 4.0 servers are used for at this point are login authentication and file security and that's it. If I manually recreated the user accounts on the Win2k8 server is that enough or am I going to have create machine accounts as well. Are there going to be all kinds of SID issues when I try and log on machines that first time after I swap the servers out?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK, I'm going to accept the migration thing because I don't wanna manually add user AND machine accounts.
In addition to the MS doc listed above, is the following link on migration pretty spot on?
http://www.winfrastructure.net/article.aspx?BlogEntry=Migration-from-NT4-to-Windows-2003-Active-Directory-domain-part-1
In addition to the MS doc listed above, is the following link on migration pretty spot on?
http://www.winfrastructure.net/article.aspx?BlogEntry=Migration-from-NT4-to-Windows-2003-Active-Directory-domain-part-1
So I can sometimes start preaching about terminology... and I think the terminology has evolved over the years. In the NT4 to AD days, a migration meant you were going to use ADMT and migrate to a new domain while preserving your user and computer accounts.
These days, when you migrate (especially in the SBS world) you're moving from one server to another while preserving the domain.
To be clear, you have three options:
1. Start clean with a new AD domain and recreate all users and join all computers to the domain.
2. MIGRATE the users and computers using ADMT to a new AD domain. Preserves SOME data but not all (users would have to reset their passwords. In my experience, this is NOT as simple as it sounds and there have often been flaky problems doing this.
3. UPGRADE the domain by migrating to new servers. The BASIC procedure is this:
a) install an NT4 BDC on your network (preferrably in a VM)
b) promote that BDC to the PDC role.
c) upgrade that VM to 2000/2003 (if 2003 supported - I honestly don't recall).
d) remove all old NT4 BDCs
e) migrate that 2000/2003 DC to a 2008 DC on another VM.
Once you switch away from Mixed Mode domain in AD, the NT4 BDCs will no longer replicate with the AD and their information will become stale.
DO THIS IN A TEST ENVIRONMENT FIRST (VMs!) so you have some experience and know what you'll be doing. And better still, hire someone to work with you who has experience. Doing this alone with no experience for a user base of 300 is INCREDIBLY UNWISE in my opinion!
These days, when you migrate (especially in the SBS world) you're moving from one server to another while preserving the domain.
To be clear, you have three options:
1. Start clean with a new AD domain and recreate all users and join all computers to the domain.
2. MIGRATE the users and computers using ADMT to a new AD domain. Preserves SOME data but not all (users would have to reset their passwords. In my experience, this is NOT as simple as it sounds and there have often been flaky problems doing this.
3. UPGRADE the domain by migrating to new servers. The BASIC procedure is this:
a) install an NT4 BDC on your network (preferrably in a VM)
b) promote that BDC to the PDC role.
c) upgrade that VM to 2000/2003 (if 2003 supported - I honestly don't recall).
d) remove all old NT4 BDCs
e) migrate that 2000/2003 DC to a 2008 DC on another VM.
Once you switch away from Mixed Mode domain in AD, the NT4 BDCs will no longer replicate with the AD and their information will become stale.
DO THIS IN A TEST ENVIRONMENT FIRST (VMs!) so you have some experience and know what you'll be doing. And better still, hire someone to work with you who has experience. Doing this alone with no experience for a user base of 300 is INCREDIBLY UNWISE in my opinion!
http://technet.microsoft.com/en-us/library/bb742548.aspx
Using Windows 2000 Server/2003 Server, remember that Domain Functional Level must be set up to Windows 2000 mixed mode. In other case, NT4 domains are not supported
Krzysztof