upgrade stand alone server into domain

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have an NT4 server authenticating users onto our domain. Don't ask me why
but all the data is on a windows 2000 standalone server with the Everyone
group having full access everywhere. This server also has Sql Server running
on it.

I would like to promote this stand-alone server into a BDC. Can I trust
DcPromo to do it correctly for me? There are no user accounts on this
machine. I notice that DcPromo advises me to export any cryptographic keys.
Do I need to worry about this?
 
There is no such thing as a Win 2k "BDC".

The PDC of your NT 4.0 domain is the only DC that holds a writeable copy of
the SAM.
If you upgrade the PDC you will bring the SAM into the new domain. Upgrading
*any* *other* server will create a new SAM. New SAM = new domain. You will
then have a NT 4.0 domain and a separate Win 2k domain.
During dcpromo you will be asked if you want to join an existing domain, if
you say yes you will be required to point it to and Active Directory DC
(which you don't have) or the install will fail. If you say no you are
creating a new domain.


To upgrade a NT 4.0 domain to Win 2k you must upgrade the PDC first.


hth
DDS W 2k MVP MCSE
 
This isn't going to be straight forward.

Ultimately, I want to get rid of the NT4 box and be left with just the Win2K
server. If I create a new domain on the Win2k server, bearing in mind that
the two servers are on the same network, will I be allowed to choose the same
domain name? Then Is there a way to get the user accounts imported onto the
win2k server? Or will I have to create them manually.

While I run dcpromo to create the domain, is it safe to allow users to
access the sql server?

Tia
 
There are basically 2 ways to move from NT 4.0 to Win 2k, Upgrade by
upgrading the NT 4.0 PDC first or migrate, by setting up the two domains
"side by side" on the same wire and using ADMT to migrate users from the NT
domain to the AD domain. To use ADMT you need to create a trust between the
two domains which you can't do if they have the same name.
To work around this I would suggest renaming the NT 4.0 domain before
starting the migration and use the "right" name on the AD domain.

See:
How to Rename a Domain

http://support.microsoft.com/default.aspx?scid=kb;en-us;169741



And

How to Set up ADMT for Windows NT 4.0 to Windows 2000 Migration

http://support.microsoft.com/default.aspx?scid=kb;en-us;260871






Or you can remove Win 2k from the new server, install NT 4.0 on it as a BDC
while connected to your existing network, promote to PDC then upgrade the
new PDC to Win 2k.



See:


How to Upgrade Windows NT Server Version 4.0 to Windows 2000

http://support.microsoft.com/default.aspx?scid=kb;en-us;298107




While I run dcpromo to create the domain, is it safe to allow users to
access the sql server?
Click to expand...




I wouldn't run dcpromo while the network was being used. I would do this on
a weekend when no one is on the network. If you can, set up a couple of
computers and test before doing this to your live systems. If nothing else
it will give you an Idea of the questions you need to answer. It is pretty
straight forward if you know what you are doing but there is *always* the
chance something will not work as expected.



You should research the pros and cons of upgrade vs. migrating. Example: do
you need to have NT 4.0 BDCs on your network? If so that leaves out
migrating. To migrate your Win 2k domain MUST be in native mode. In native
mode Win 2k DCs do not replicate with NT 4.0 BDCs. In this case you have to
upgrade. Upgrading you can leave the Win 2k domain in mixed mode which DOES
allow the Win 2k DCs to replicate with NT 4.0 BDCs.





hth

DDS W 2k MVP MCSE
 
Thanks Danny, this is all usefull stuff.

When you say upgrade the NT4 box, do you mean upgrade it to Win2000, or is
there a AD upgrade available for NT4?

I don't think renaming the old domain is going to be easy, because all the
clients would have to be reconfigured to access it until I have done the
migration. Then they would all have to be reconfigured back again afterwards.

I can access the 2000 server outside of office hours using Terminal
Services, but I can't access the NT4 server in this manner. So i'm limited in
what I can do. I only have 30 clients, so over a weekend, I could use dcpromo
to create a new domain on the 2000 server and manually create all the
accounts.

Would this be allowed if the NT4 server was running on the same network with
the same domain name?

Thanks again.
 
When you say upgrade the NT4 box, do you mean upgrade it to Win2000, or is
there a AD upgrade available for NT4?
Click to expand...


Upgrade to Win 2k and AD. There is no way to make NT "AD aware".
Would this be allowed if the NT4 server was running on the same network
with
the same domain name?
Click to expand...

Not sure if you can do this or not.

If you can get physical access to the Win 2k server, removing Win 2k and
installing NT 4.0 on it as a BDC while connected to your existing network is
the way to go. You *really* won't need access to the NT server. Promoting a
NT BDC to PDC automatically demotes the PDC to BDC. From there all your work
to upgrade your network to AD is done on the newly promoted PDC.


hth
DDS W 2k MVP MCSE
 
Hello Danny,

I can't remove win2k from the standalone server and put NT4 on it. because
a) I have to keep this server running for most of the day, and b) because it
is running sql server 2000 which won't run on NT4.

Ian
 
Can you get you hands on a "box" to set up as the first DC in the AD domain?
You will only need to use it to install NT 4.0 on it as a BDC while
connected to your existing network, promote to PDC then upgrade to Win 2k
and AD.

Then run dcpromo on your existing Win 2k server, transfer the 5 FSMO roles,
make the new Win 2k server a global catalog, set up DNS (AD Integrated) and
let the DNS zone replicate from the "box" to your new Win 2k server. Then
run dcpromo on the "box" to make is a member server and finally remove it
from the domain.

You are left with your existing Win 2k member server promoted to DC and your
existing NT 4.0 PDC is now a BDC in your Win 2k mixed mode domain.

See;

How To View and transfer FSMO Roles in the Graphical User Interface

http://support.microsoft.com/default.aspx?scid=kb;en-us;255690



Using Ntdsutil.exe to seize or transfer FSMO roles to a domain controller
http://support.microsoft.com/default.aspx?scid=kb;en-us;255504



How To Create or Move a Global Catalog in Windows 2000

http://support.microsoft.com/default.aspx?scid=kb;en-us;313994



hth

DDS W 2k MVP MCSE
 
Hello Danny,

That sounds like a good plan. One thing i'm not sure of though...

I've only ever done a clean install with windows 2K, Do all versions of the
install cd allow me to upgrade from an existing NT4 server?

Ian
 
Back
Top