upgrade NT 4.0 to Windows 2000 AD

  • Thread starter Thread starter Webmaster - iPlus
  • Start date Start date
W

Webmaster - iPlus

Hello:

I've a windows NT 4.0 based network & I need help to upgrade it to 2000
Active Directory single forest single domain (Mixed mode). Is there any way
that I can do this without upgrading my PDC / BDC - I mean by just intalling
Windows 2000 server - can I port all the NT 4.0 settings into the AD and
then make it a Master Controller ?

Thanks for all the help. Best, Sam.
 
Just re read your post and saw you want to keep your Win 2k domain in mixed
mode. ADMT requires the AD domain to be in native mode.

You will need to remove Win 2k from the new server and install NT 4.0 on it
as a BDC while connected to your existing domain, promote to PDC then
upgrade to Win 2k and AD.


hth
DDS W 2k MVP MCSE
 
look at the following example upgrade.... by the way.. why upgrade to w2k AD
and not w2k3 AD?


--------------

If you want to keep the same domain and its name you could do an in-place
upgrade of the domain by:

* introducing two additional NT4 BDCs (fresh installed - desktops will be
OK)

* Introduce two fresh installed W2K3 member servers to the domain and
install and configure DNS (with DNS zones and DDNS), WINS (and DHCP if
needed) on it (these will be promoted to DC later on)

* Configure the NT4Emulator and NeutralizeNT4Emulator registry keys on the
w2k3 member servers. Reboot the server (see:
http://www.petri.co.il/first_dc_in_domain_problem.htm &
http://support.microsoft.com/?kbid=284937)

* Point all servers the new DNS/WINS servers in their TCP/IP settings

* Promote on the fresh installed NT4 BDCs to a PDC and sync the domain

* Configure the NT4Emulator and NeutralizeNT4Emulator registry keys on the
new NT4 PDC. Reboot the server (see:
http://www.petri.co.il/first_dc_in_domain_problem.htm &
http://support.microsoft.com/?kbid=284937)

* shutdown the other fresh installed NT4 BDC and keep that as a safe measure

* Upgrade the new NT4 PDC to a W2K3 DC and choose during the AD install for
Forest functional level Windows Server 2003 Interim

* promote both w2k3 member servers to DCs and after that make both DCs a GC

* Transfer the FSMO roles from the upgraded w2k3 DC to one of the fresh
installed W2K3 servers (now DCs)

* Configure the DNS zones to be AD integrated and configure secure DDNS

* Demote the upgraded w2k3 DC to a member server and remove from the domain

* If everything is OK remove the NT4 BDCs from the domain and cleanup
computer accounts

* If everything is OK remove the NT4Emulator and NeutralizeNT4Emulator
registry keys from the fresh installed w2k3 servers (now DCs). Reboot the
servers one by one. If you have w2k/wxp/w2k3 clients and/or servers these
will start using kerberos authentication as soon as these the w2k3 DCs.
These clients/servers were not able to see them because the w2k3 DCs were
emulating NT4 DC behavior to prevent upgrading the secure channel to
kerberos and stay with NTLM. If you would not have done this and you wanted
to revert back to the NT4 DCs and thus removing the W2K3 DCs, you needed to
re-add each w2k/wxp/w2k3 clients and/or servers to the domain

* If everything is OK increase the domain and forest functional level to
windows server 2003

REMARK: the use of the NT4Emulator registry on the DCs also prevents
W2K/WXP/W2K3 clients/servers to apply GPOs. That key is just a safe measure
so the first W2K3 DC is not overloaded. The other safe measure is to first
test everything using NTLM authentication and then switch to Kerberos by
removing the keys (NT4Emulator and NeutralizeNT4Emulator) from the DCs

There is more to it then this, so make sure you look at:

http://www.microsoft.com/technet/pr...Kit/b170bdc5-ba55-4184-8a8f-acb7705ff04a.mspx

If you also have exchange, you need to take care of that to!


--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
 
Hi Jorge,
I already have additional lic of w2k which are unused and really have no
budget to get 2k3 right now. Thats why the 2k server - Thanks for the help :
Here is what I would do now :
Install fresh BDC, promote to PDC and upgrade it as win2k AD. Now after this
is done - is there a way I can install a fresh win2k adv srv and make it
the master control ? Will ADMT help doing that ?
Best,Sam.


"Jorge de Almeida Pinto [MVP]"
 
hi Danny / Jorge,

I found out that if I use ndsutil.exe - I can change the FSMO roles. Any
steps of caution you can suggest ? Thanks for all the help once again.

Best, Sam.
 
Not sure why you are going to use Adv Server, not needed for a DC. Since AD
is a multimaster directory service you don't need or have a master
controller other than the FSMO roles held by the DC. I would have to same
the PDC emulator role is probably the most active but your environment is so
small the roles will all lie on one box anyway. If both DC's are at the
same site I would look at which DC has the newest hardware (Least likely to
fail) of the two and place the fsmo roles on that one unless you plan on
putting addtional services on one of them then I would move the fsmo roles
to the machine that has the least additional software on it. If you can
avoid it, place nothing else on your Dc's and let them just be DC's.

--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
http://www.pbbergs.com

This posting is provided "AS IS" with no warranties, and confers no rights.
 
when upgrading the AD, ADMT is not needed

after upgrading the PDC introduce another server with a fresh w2k install
and promote it to DC. see the steps I mentioned earlier

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
 
Back
Top