Gerald,
Not sure what your issue is exactly. The subject line and the actual text
do not seem to coincide.
This is what I understand:
1) You currently have a WINNT 4.0 environment with 25 computers/users
2) You would like to upgrade to WIN2000
Take a look at the following link:
http://www.microsoft.com/technet/tr.../prodtechnol/ad/windows2000/plan/migntw2k.asp
You have to upgrade the WINNT 4.0 Primary Domain Controller to WIN2000 in
order to keep the same domain. This is usually accomplished by simply
dropping in the WIN2000 Server CD. This will upgrade you to WIN2000. You
M U S T start with the WINNT 4.0 PDC. This is the only way! You can keep
any WINNT 4.0 BDCs in your environment. So long as you remain in WIN2000
Mixed Mode your WINNT 4.0 Backup Domain Controllers will continue to
function in that capacity. You may want to take precautionary measures to
ensure that you do not paint yourself into a corner.....
Please note that you can indeed make the one-time, one-way switch from
WIN2000 Mixed Mode to WIN2000 Native Mode. Your WINNT 4.0 BDCs will still
be a part of the domain and continue to function as far as File Server,
Print Server, etc services are concerned. However, they will no longer be
able to handle logons. They, simply put, are turned into Member Servers.
You could then take a new Server machine, install WIN2000 on it, join it to
the domain as a Member Server and then run dcpromo on it ( just make sure to
select join to an existing domain and add as an additional domain
controller ). This would then be your second Domain Controller. You have
now reached that wonderful place known as redundancy.
Many people, myself included, would then suggest that you either add another
true WIN2000 Domain Controller ( a new machine ) or remove the first,
upgraded DC from the status of DC ( via dcpromo and make sure to do a meta
cleanup ), remove the now member server from the domain and then format the
HDDs and install a fresh copy of WIN2000 Server and promote it to be a DC
via dcpromo. I am not a fan of 'upgrades' as - generally speaking - you are
stuck with all of the mess that was!
Granted, this is a bit simplified. You need to make sure that you take DNS
into consideration. I would suggest that you consider Active Directory
Integrated DNS ( aka Dynamic DNS ). You also need to take into account the
Global Catalog Server. I would suggest that both of your DCs be made GCs
*AND* that there is always at least one GC available ( talking about if you
were to remove the 'upgraded' DC from your environment - make sure that the
second DC has already been made a GC *AND* that you have rebooted that DC
before removing the first ).
You also need to take into account the five FSMO roles. The 'upgraded' DC
will hold all five roles ( Schema Master, Domain Naming Master; PDC
Emulator, RID Master and Infrastructure Master ) as it is the first WIN2000
AD DC in the forest. Should you decide to remove the 'upgraded' DC you will
need to transfer them first to the other existing DC. If you forget to do
this and remove the 'upgraded' DC first then you have a little bit of work
to do. You would need to seize them ( by using ntdsutil ). Be very careful
with this, though. You can use ntdsutil to do the transfer. I might
suggest that you consider using the MMCs, though.
Please keep in mind that your WIN2000 Professional machines might have a
problem if you stay in Mixed Mode and do indeed to get rid of the 'upgraded'
DC ( easily resolved and I would not use this one fact as the sole reason to
not remove the upgraded DC ).
Please look at the following MSKB Articles:
How to create / move a Global Catalog Server:
http://support.microsoft.com/default.aspx?scid=kb;en-us;313994&Product=win2000
How to prevent overloading the first DC:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;298713
WIN2000 Clients authenticate only against the upgraded DC in Mixed Mode:
http://support.microsoft.com/default.aspx?scid=kb;en-us;284937
How to use NTDSUTIL to transfer or seize FSMO roles:
http://support.microsoft.com/default.aspx?scid=kb;en-us;255504&Product=win2000
WIN2000 DNS:
http://support.microsoft.com/default.aspx?scid=kb;en-us;317590
This is a really big procedure as there is a lot to know and to take into
account. I might suggest that you create a test environment and play with
it so that you have some experience with this before doing it on your live
production environment. I have never seen an upgrade fail, for what it is
worth. However, there can be a lot of things to clean up first.
And we have not even touched on Exchange. If you use Exchange ( probably
Exchange 5.5? ) make sure that you first upgrade it to at least SP3 ( I
would recommend SP4 ). You will need to consider installing the ADC (
Active Directory Connector ) once the upgrade is complete. Will you plan on
keeping Exchange 5.5 for an extended period of time or quickly upgrading to
Exchange 2000?
HTH,
Cary
