Moving a current NT4 Domain to a AD Domain with a New Windows 2000 Server, need help !!!

[DreamKaZz]

Hello,

We have a couple of NT 4 Servers here 1 PDC (NT4) and a couple of BDCs (NT4). I know I can upgrade my PDC to Windows 2k but I want to start my Windows 2000 server DC from scratch since all these NT4 are poorly documented I would feel alot safer if I build mine. I need to know if its possible to import the old PDC NT4 to the a Windows 2000 server install? Wich tools to use, any documentation "how to", web sites?

Any recommendation welcome !!!

I also hate NT4, vive Windows 2000 !!!!

Thanks

 

[RyDogg1]

Create a Win 2000 BDC, sync it up with the PDC, then take the PDC offline, promote the Win 2000 BDC to the PDC.

Ryan

 

[Saltin]

Fellas, there is no such thing as a Windows 2000 PDC or BDC. The domain model is multi-master. All DC's are more or less equal ( save a few FSMO roles).
If you were interested in doing an in-place uprgade of your domain, you should uprgade your NT PDC to Windows 2000 and then DCPROMO it. Make sure you leave one of your NT BDC's around for as long as possible, incase things don't go smoothly.
A better way to start, if at all possible, is to build your 2k domain up from scratch alongside your NT domain, and then "flip the switch" so to speak.

Your post is a little confusing, because you say you want to build the 2k DC up from scratch, but then you say you want to upgrade your NT PDC to 2k.......
Just be aware that the first box to get the upgrade must be the NT 4 PDC, leave an NT 4 BDC around just in case... and forget about PDC's and BDC's when you talk about 2k... In 2k there are only DC's.

 

[Jace]

Would it be possible to install a new 2k server, promote it to DC, then demote the existing NT 4.0 PDC to a BDC and use mixed mode nt4/active directory?

 

[DreamKaZz]

Sorry about the confusion I mean I want to upgrade the current NT Domain to Win2k (so Active Directory), using a new windows 2000 server.

What I would do (let me know if something is wrong):

1. Get the new win2k server online
2. Import somehow the SAM from the current PDC
3. Make the win2k server as the Master DC so the rest of the NT 4 Servers (BDC) can sync up
4. Import the WINS server configuration
5. Import the DHCP server configuration
6. Take the old PDC NT4 offline
7. I would upgrade or replace all the rest of the BDC later

Do I need all the servers DC (NT4) to upgrade to run AD, I don't remember.

 

[DreamKaZz]

bump

 

[Woodie]

I don't know if the "upgrade" the domain to W2K, as you've outlined it will work.

I would suggest you go with a "clean" build:

1. Build (new) W2K server.
2. Install DNS and DHCP services. (Copy the settings from your current DHCP server.) Do NOT install the DNS as a "Root" server. Keep in mind that the W2K domain IS the IP domain name, so make sure you register (own) the domain name.
3. Update your DHCP parameters to reflect the new DNS server (the W2K box).
4. Once DNS/DHCP is stable, DCPROMO the W2K server. Create a new Domain in a new Forest.
** Create an OU structure for your organization ** You may have holy wars here, so beware. Also, you can't go back later, so decide on a strategy/philosophy now, and stick to it.
5. Create a one-way trust, from the NT4 domain to the W2K domain (so a W2K domain user can login from a workstation in either the NT4 domain or the W2K domain).
6. Now, run one of the many migration tools available (some are provided by MS) to migrate (copy) all your user accounts from the NT4 domain to the W2K domain.
7. Have all your users start logging in with their "new" ids (in the W2K domain).
8. If things are going ok, then start disabling their NT4 ids.
9. If you've gotten this far, then you can probably start uninstalling the BDCs, and rebuilding them as W2K servers.
10. Take the first available W2K server, and install DNS (as the secondary or slave), and then run a DCPROMO on it. This gives you two critical pieces of redundancy: DNS and Domain.
11. Take down each BDC in turn, and rebuild it. Depending on sizing, you may or may not need more than two DCs.
12. Move all the servers/workstations to the W2K domain.
13. Finally, remove the PDC. (irreversible step)
At some point, you may need to install WINS into the W2K domain, it depends on your applications. In theory, W2K should not need WINS, but....

Post more questions, I'm sure you'll have them!

--Woodie

 

[Kiljoy]

I'd get a book if I were you. There are many decisions to make on your way to AD which you should discuss with your team.

Here is how we did it...

Build 2 new BDC's for your NT domain. (w2kdc1 and w2kdc2...use whatever names fit your nomenclature)
Promote w2kdc1 to PDC and remove it from the network and promote your old PDC back to PDC.
Do a Win2k upgrade on w2kdc1...make sure you configure your AD & DNS stuff how you want it.
(of course as long as you don't put this one back on the network you can format and start over)
Pull w2kdc2 off the network (label him and put him in a safe place...this is your CYA box incase something goes wrong.)
When you are sufficiently happy with the config, put w2kdc1 back on the network.
Re-setup your DHCP, it is easy in Win2k to do, or you can leave it on your old DC til your transistion is finished.
Setup WINS as a replication (push-pull) partner with your old WINS server, that will pull your WINS dBASE.
(we left WINS on the old DC and removed it from the network when we went native..
DNS kicks WINS all day long, bye bye WINS)

It has been a year since we did this, so I may have left a step or two out but it looks right. You may need to setup reverse lookups/secondary zones to your old DNS server/name space for downlevel clients, but that should be covered in the book you buy.

If you have a larger network (multiple offices) you will need to setup sites and transports for replication and I would definately build another w2kdc as a backup even if you have a small network. I'd get a book, there are tons that deal with network migration.

Hope this helps.

 

[DreamKaZz]

Thanks you guys for your advices, I continue reading but the best option I think would be to take it slowly I'll run some test in the lab.

I'll migrate everything next year since we will be updating our LAN topology and create new subnets. I'll migrate users to the new AD domain and think about linking our other offices domain together in AD.

Thanks again I'm sure I'll have more question in 2002.

cya