Migrate from NT to 2000 Server

[jcck2003]

Hi All:

we are using NT server domain with a PDC, a BDC and a few member server, that is the way NT calls, we bought a new server planned to use it for Win2k server ( and migrate the PDC into a Win2k domain/AD, I imagine there may be some documentation on how to do this from Microsoft, but my question is, will other NT servers be effected if we do the upgrade only on the PDC ? or should be do the upgrade/migration on both the PDC and BDC to Win2k ??

In Win2k domain, if I remember correctly, they don't have PDC/BDC anymore, so how would the user database be stored first, is there a wizard to do that ?

I think before we do all these, I definitely want to have a test environment setup a few dummy computers setup in an NT domain as PDC and BDC, attempt to upgrade to Win2k see what happen from there.. just like the old days we playing with a few computers try to connect to NT trust domain.

Thanks
JDK

 

[zaichik]

Hi JDK,

Here is what I suggest:

1. Install NT 4.0 on the new server. Join it to the domain, and when you are sure everything is good, promote it to PDC.

2. Take the BDC off-line. If something goes wrong, you can promote this BDC to PDC to restore your NT domain.

3. Upgrade the new PDC to Windows 2000, install SP3 (I still don't trust SP4) and any other updates you want.

4. When you are convinced that the new machine is stable, bring the BDC back on-line.

You will now have a "mixed mode" 2000 domain. In mixed mode, NT BDCs and member servers behave as though they are in an NT domain. In many respects, they are.

You are correct that Windows 2000 domains do not have the PDC/BDC distinction, there are only domain controllers and member servers. In theory, all DCs have a writable copy of the user database (well, and other things too). However, in a mixed mode domain, there is only server with a writable copy of the database.

In Windows 2000 domains, all DCs are equal, but some are more equal than others. There are three "roles" that only one DC per domain can have, and two "roles" that only one DC per forest can have. The forest-wide roles are Schema Master and Domain Naming Master, and the domain-wide roles are RID Master, Infrastructure Master, and PDC Emulator. Your new 2000 server will have all five of these roles to begin with, as well as being global catalog server.

As the PDC Emulator, the new server will have the only writable copy of the user database. The NT BDCs still have a read-only copy. The new server will behave just like an NT PDC for the BDCs.

I highly recommend that you introduce at least one more Windows 2000 DC into this domain as soon as you can and transfer some of the roles to it. When you are ready to do this, post here again for advice on which roles to transfer.

Regards,

z.

 

[PScottC]

Be cautious with the server that you inplace upgrade from NT 4 to 2000. I have had long term issues with systems such as that.

Zaichik's advice is perfect, but I would suggest a "swing" upgrade of your current network. Essentially, you would roll over all of your NT 4 servers and replace them with freshly built 2000 boxes. One at a time you install a fresh 2000 box and decommission the old server. As you decommission your NT 4 servers, fully rebuild them with Win2K and promote them into AD and continue the process. When you finish, rebuild the last box that was decommissioned, and replace the system that upgraded in place.

When you get ready to decommssion the last box be sure to transfer the FSMO roles and GC.

This also gives you the opportunity to replace or move hardware to locations that need newer or more powerful equipment.

PSC

 

[jutetrea]

Would you still recommend this process (install NT then upgrade) for a smaller network of 25 clients? Got a new server, 2000 small business OS and currently have a single NT 4 server as PDC. I would generally say they do not need Active Directory, but I am under the impression that it is needed any time you have a 2k machine as a DC... tried it without and DNS gave me tons of headaches till I activated AD.
If I do the NT 4 install, promote it, and upgrade... will it carry over the user data? Not such a big deal to manually enter 25 users, but it would be nice.
Thanks, Jute

 

[zaichik]

Hi Jute,

I think, in keeping with PCS's advice, that I would do a fresh install and recreate accounts if we are only talking about 25. While I have never had issues with an NT-to-2000 upgrade, I have heard of them (which is why I fully recommend taking a BDC off-line, just in case). Actually, I haven't just heard of them, such issues are in every newsgroup and forum! PCS's scenario is better if you have the budget for it, and redoing 25 user accounts is a matter of minutes.

Regards,

z.

 

[jutetrea]

Thanks, that's what I figured as well but it didn't hurt to ask. I'm hoping that I can avoid setting up AD for em, I just had to set it up for a 10 person network (cuz they'd heard of it and wanted it) and it was way more effort than a 10 person network should ever be. Unfortunately... it'll probably have to happen. At least it gives me something profitable to do over the weekend.

thanks again for the help, I appreciate it.

 

[jcck2003]

Hi PscottC:
what kind of long term issue you have when you upgrade the NT server to 2000 ?

Hi ZaiChik:
is it ok we just upgrade the NT PDC and leave the NT BDC and member server along for the moment because we have other applications on them, I know these NT boxes
won't have the functionality of AD, just want them to be able to get along

Also I have another question:

We have another site, it has a win2000 server in a AD domain of its own, and all the workstations there are members of NT domain here, because what happen was we meant to establish another domain which can manage its own user account, our main resource domain is still the NT domain, I have established the trust relationship so that the 2000 domain cannot modify the user and resources of the NT domain, althought it works that way, however as I later found out, people over there at other site who joined that 2000 domain can't get any file/mail resource from the NT domain, can this be better managed if we have upgrade the NT domain to 2000 ?

Thank you all
JDK

 

[PScottC]

Installing SP-4 will generally kill the upgraded box. You'll also notice intermittent hangs, excessively long reboot times, and spontaneous reboots.

As to the difficulty of a "swing upgrade" you only need 1 new box, because you're going to reuse all of your other servers as you roll them over.

PSC

 

[PScottC]

Jcck....

You need to check if your trust was built in both directions.

You have what is essentially a resource domain and a user domain, where your old NT 4 domain is the resource domain. Users logging into the 2000 domain do not have access to files or mail because permissions in the file system of your NT4 domain still look like [ntdomain\group ---- Full Control]. You need to add to the ACL's of your shares and file system [2000domain\group ---- Full Control]. (You don't have to give any of your users or groups Full Control, but this is an example)

If you're using Exchange 5.5 for mail, you need to specify which <2000domain\user> is associated with a particular mailbox.

PSC