How to Fallback NT Domain incase of fail

  • Thread starter Thread starter New User
  • Start date Start date
N

New User

Hello:

I have using the in-place upgrade to upgrade the existing NT4 Domain
to AD.

NT4 Domain: NTDOMAIN
AD: ad01.ent.corp.com

However, I have find that the Win2K, Win2003 & WinXP have automatic
changing their "Full Computer Name" to xxxx.ad01.ent.corp.com" after the
first successful login to AD.

Would you mind to let me know how can I fall back to NT4 Domain in-case
of need?

Thanks!
 
Hello:

Thanks for your information. This process is upgrade, how about the
downgrade?

Thanks!
 
Hi
If my memory serves me correctly the Windows 2000 machine can be taken
offline and the Windows NT 4.0 BDC can be promoted to a PDC in the NT
domain.



--
I hop that helps

Good Luck
Jorge Silva
MCSA
Systems Administrator
 
Jorge said:
Hi
If my memory serves me correctly the Windows 2000 machine can be taken
offline and the Windows NT 4.0 BDC can be promoted to a PDC in the NT
domain.
Click to expand...
But the Win2K & WinXP have change the Full name to the AD's name. I
can't login with original NT Domain!
 
Hi
But the Win2K & WinXP have change the Full name to the AD's name. I can't
login with original NT Domain!
Click to expand...

I believe that is incorrect because the NT 4 Only uses NetBIOS Account
name - sAMAccountname att. (Something like : WORKSTATION01$)
But would be better to setup a lab test to confirm the behavior.

--
I hop that helps

Good Luck
Jorge Silva
MCSA
Systems Administrator
 
correct and because of that you would need to rejoin all wxp/w2k/w2k3 that
have started using kerberos.

do it in steps...

first....
use the NT4Emulator key so that all w2k3 DCs emulate NT4. at this point you
w2k3 dcs and nt4 dcs....
test authentication by:
(1) shutting down NT4 DCs and using only w2k3 dcs
(2) shutting down w2k3 DCs and using only NT4 dcs

if things are not OK remove all w2k3 DCs and promote one NT4 DC to PDC.
(don't forget you also have a NT4 BDC "in the closed". you can use that one
the upgrade to AD screws your complete NT4 domain)


if everything is OK start by the NT4Emulator key and at that moment the NT4
DCs will not be used after kerberos is being used. because of that you can
start removing the NT4 dcs.

in my experience I have NEVER seen this go wrong. however, make sure you
create a procedure to do this and make sure you test it!

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
 
Hi

Ops...

Thanks Jorge for correcting me I was forgetting about the kerberos
authentication that Isn't supported in NT 4. In fact after the NT4 Upgrade
if your "new" Windows Server goes down, the clients that already had an
authentication with Kerberos can't authenticate with the "old" BDC.

Once again i'm sorry for the mistake (It has been some time that I don't use
NT 4 Domains).

--
I hop that helps

Good Luck
Jorge Silva
MCSA
Systems Administrator





"Jorge de Almeida Pinto [MVP]"
 
Hello:

Thanks for all for kindly help, no need to say sorry because we just
share the experience. Now I have doing the POC test in the lab.

What is "NT4Emulator key"? Does I need to enable it before logon?

I have observe that the WinXP & Win2K that the full name has change to
XXXX.abc.test.com
The AD name is abc.test.com. I have try to shutdown all Win2K3 DC seems
all the WinXP & Win2K can't logon.

The original full name is just only computer name with NT4 Domain name.

Any hints?

Thanks!
 
Hello:

Thanks for your information, does I need to enable this registry key
before to perform the in-place upgrade?

Thanks!
 
Hello:

I work fine, but it hasn't register their record in the AD DNS. It is
correct?

Thanks!
 
Does using this methods can use the Group Policy? It seems a NT4 Domain!
how about the DFS...... AD Feature?

Thanks!
 
Back
Top