upgrade 2k server to AD in an nt4 domain

[Skunk]

While running dcpromo ive tried the add an additional domain controller to existing domain. Input the right account and domain name but everytime i get the message "The domain " " is not an active directory domain, or an AD controller for the domain can not be contacted. Dns is working properly and ive already joined the domain i just cant get dcpromo to finish.. Any ideas?

 

[Rainsford]

I might be wrong, but you can't have an AD server in a pre-existing NT domain. You can create a new domain with the AD system, then add legacy NT BDCs, but it doesn't really work the otherway around. I could be wrong about this, but I don't think you can setup an AD system to be a BDC in an NT domain.

 

[stash]

Rainsford is correct. The only way to convert an NT 4.0 domain to AD is to upgrade the PDC to Windows 2000. The Active Directory will then be in mixed mode to accomodate any NT BDCs that you may have left. You can then upgrade those at whatever pace you want, but its best to do them quickly so you can convert the domain to native mode and take full advantage of AD.

Still, upgrading your NT DCs to Win2k can be risky. The absolute best way to convert an NT domain to AD is to not really convert at all. Instead create a new Windows 2000 domain with a box that has been cleanly installed with Win2k. Then use a migration tool to migrate all accounts and groups over.

 

[Skunk]

Ok But how will that effect our domain name? We are running exchange 5.5 on the nt4 pdc and its internet connected? Wont that ah heck up income and outgoing internet mail since the company.com name will have changed? Would i be better off making the 2k machine a bdc and replicating all user data etc across then promoting it to pdc and then moving to AD?

Exchange is whats giving me the headaches heh it will eventually be brought up to 2k once Active directory is in place.

 

[stash]

Yes, if you created a separate new AD domain, it would have to have a different name than your exisiting NT domain.

You could make the machine an NT BDC and then promote it to the PDC. Then upgrade to Win2k and your domain will be AD. Just make sure that when you promote the new machine to the PDC, take the old PDC (now a BDC) completely offline and store it somewhere safe. That way if your upgrade goes haywire, you can still restore your NT domain.

 

[Skunk]

Cool Thx. Im guessing this wont totally blow my exchange 5.5 setup? Exchange runs on the pdc(i know its bad but funds are limited) Is there anything i have to do to avoid losing that?

 

[Rainsford]

I would suggest you find a consultant, or, if that's out of the budget, find a good book about migrating from NT4.0 domains to AD and read it cover to cover. The company I work for spent a lot of time and money doing the migration, and it went off without a hitch (well, at least no major ones). Other haven't been so lucky. Every situation is different, and most companies won't be too happy if you bork up their domain system by not knowing exactly what you are doing.

That being said, what STaSh said is correct about upgrading. As far as Exchange goes, your problem will come in when you take your old NT PDC offline as a backup, since it has Exchange on it. If all you have right now is a PDC that is also running Exchange, there is no way to have a backup of your domain without having another server to run Exchange on. What I would suggest is get another server and make it a BDC. Then take it offline and put it somewhere safe so it can act as a backup. Then you have your Exchange server which you can upgrade to Windows 2000 (don't ask me how well that works though, I make no promises) and you now have two AD global catalog servers with one running Exchange. Once this seems to be working, I would suggest taking your backup NT BDC and upgrading it to Windows 2000 and making it an AD global catalog server. Then remove the ADGC role from your Exchange server (yes, you can do this without reinstalling in Windows 2000, unlike NT). Now you have two ADGC servers to back eachother up, and a seperate Exchange server. This does force you to buy another server, but running the DCs and Exchange on the same server is not something I would do unless you 100% have to.

 

[stash]

Yeah rainsford's plan is probably the best way to do it. And I can't stress this enough. Setting up a AD domain is all about planning, planning, planning. And migrating from NT to Win2k requires even more planning.

If you have some workstations (they don't need to be server-class machines, just enough to meet the requirements of Win2k Server), I highly recommend setting up a test environment. Try to replicate what you have now with NT, and then run some migration scenarios.

Whatever you do, just DO NOT jump into this headlong, especially with a production network.