DNS 1

[19902003]

Hi,

I have a sort of complex windows envirnment here, running NT and windows mix modes; my NT is my top domain and win 2k is my sub domain, what would be the best practice to clean the domain? also, I have 4 DNS servers and would like to clean it up, what would be the recommended method to clean it without messing up the Active Directory?

Many thanks,
Steve

 

[markdmac]

Probably, but you shouldnt have emails on a company address that admins arnt aloud to see.

You need to define what you mean by that. Are you looking to get rid of NT4? Consolidate to a single domain?

We need more information to go on to be able to provide any answers.

I hope you find this post helpful.

Regards,

Mark

 

[newbie000]

4 DNS in one domain ! I suggest to make DC on W2K and then start cleaning up (or remove) the NT servers. Follow KISS.

 

[19902003]

Hi Mark,

I like to consolidate two domains into one single domain; currently, I have a domain called "art" (NT 4.0) and below that, I have a win 2k domain called "art.local" all of the clients are login to "Art", but the computer name calls "test.art.local" eg. for the win 2k domains, I have 3 win 2k domain controllers and AD2 is my main one; how do I get rid of the Art (NT) domain without mess the Active Directory? there were 4 DNS servers, what is the best practice to just keep two DNS instead of 4 Dns? all of the settings were setup by previous admin. It is time for me to clean it up, your help is greatly appreciated!

many thanks,
Steve

 

[markdmac]

OK, you can do this and it won't be TOO hard if you do it smart.

You are however going to have to abandon the existing AD since it is not in the root domain. :-(

Here are the steps you need to take.

1. Demote one of the Windows 2000 DNS servers to a member server. Remove from the domain. Remove the OS and install NT4 as a BDC in the NT4 domain. This server will become your swing server to get this domain upgraded to Windows 2000.

2. Promote the swing server to PDC. Wait for syncronization. Take the old PDC offline for safe keeping if anything goes wrong.

3. Install Windows 2000 on the swing server. This will get the root domain on Windows 2000. Allow it to setup DNS on the swing server. You now have AD running on the root domain.

You can now migrate all resources from the old domain servers to the new ones. (assuming you wantto retire the NT4) Get the new server setup with WINS and DHCP and remove those services from whatever server they were on before.

If I understand your post above, all the user IDs and computer objects were in the NT4 domain which means they are now int he new Windows 2000 root. You should at this point then be able to move the child domain into the root domain. use DCPROMO on the remaining child domain server to make it a member. When asked you will want to say that this is the last dc in the domain. Run DCPROMO again to join this server as a DC in the root domain.

The steps above are general but should be enough for you to get the job done. Take care to document any file shares you have and their permissions in case any of them get hosed up during the move of DCs.

When you have migrated all services, settings and files from the NT4 servers you can decommision them and raise the domain level to Win2k native.



I hope you find this post helpful.

Regards,

Mark

 

[19902003]

Mark,

Thanks for the infor,I appreciated; Is this process call

'Swing' upgrades"? why do I need to install NT again to promote it to "PDC"? then install the Win 2000 server; Can I actually install the Windows 2003 Active Directory instead of the Win 2k Active Directory? Is there a way to migrate NT to win 2003 or I need to do it one step at a time? Just to make it clear of my situation:

three Win 2k Dc, DC#1 does the following: DNS for art.local (contains Root Hints); Domain Naming master role, schema/Operations Master role, global catalog server, software pub Group policy; Dc#2 does the following: DNS, RID master, PDC emulator, infrastracture Master Roles, Global catalog server; DC#3 DNS, the last one is NT 4.0 (root Domain), it seems like it doesn't do anything and it is just sitting there. When I look at my users and groups, all of them are list under "art.local" instead the Root "Art" does it mean all of my containers are located on my Win 2k AD? It would be nice If I can just upgrade my domain to Win 2003 Active Directory domain. I appreciated your help.

Many thanks,
-Steve

 

[markdmac]

You need to investigate your NT4 domain more.

THe reason for a swing server is that in order to upgrade an NT4 domain the PDC MUST be upgraded first. You could just upgrade the existing PDC, however more often than not these old NT4 boxes don't have the disk space free to even install WIndows 2000 or 2003. That is why a swing server is used. Often a swing server will be fully removed from the environment when the upgrade is completed, but in your case you could leave it, or remove it and then reload it fresh with 2003 (that would be my preference in all honesty because I don't like an upgraded machine).

So I am confused by your post as to whether the 2000 machine in the NT4 domain is a DC or not. If it is then the server you have been referring to as the PDC is really a BDC and the 2000 is already a DC and FSMO role holder. If THAT is the case then your life just got a lot easier.

Let me know which is right and I'll try to help you out with a more detailed plan.

I hope you find this post helpful.

Regards,

Mark

 

[19902003]

Hi Mark,

I have a question in regards of the network setup, can you please give me some ideas? here is the situation:

two seperate networks at two different locations, one location has the domain and the other don't. As of now, For Workgroup location, I used the firewall to act my DHCP server; for the domain I have DNS and DHCP, but not used Firewall as the DHCP server. I had the site 2 site vpn setup, but the connection seems slow; the name resolution wasn't great; for the workgroup, on the firewall I enable the netbios, so the workgroup can access the pc by computer name at the remote location. Do you any suggestions? should I put a BDC(want to configure it as DNS as well on the same system) there, will it give me a better performance?

Many thanks,

-Steve

 

[markdmac]

Setting up an additional DC will offer you some advantages.

1. Centralized security will replace the workgroup model
2. Shared AD between sites
3. Replication between sites
4. Local logons would process on the local DC instead of across the WAN.
5. Local DNS

Down side is there is more to support and additional cost.

Personally, I'd go with the extra DC, use it as both a DC and file/print server for the remote location.

I hope you find this post helpful.

Regards,

Mark

 

[19902003]

Mark,

I appreciated your help.

Thank You,

Steve