Migrating from NT4 Domain to AD 5

[Iota]

It may be easier to point me in the direction of a FAQ/Tutorial, but I'd thought I ask anyhow.

Currently we are running a NT 4 Domain environment. The PDC is rather small and really should be upgraded. The majority of our servers in the domain are Win2K S, with a few NT4 machines.

I'd like to take a Win2K server, that is currently a member of the domain, and make it a PDC in an AD environment. (The current PDC in the domain will still be used, but only as a member server in the future).

To make things even more complicated, Exchange 5.5 is envolved as well--on another server.

Thanks.

-Iota

 

[jatkinson]

Hi Tesh

When you say I'd lose user info what exactly do you mean?

We don't use any roaming profiles are have any advanced setup (such as shared directories etc.) presently so is anything major going to be lost.

In fact setting up group policy and restricting user access to certain folders on the network etc is one of the main reasons for migrating!

 

[GlenJohnson]

Hate to burst bubbles, but there's pros and cons on all sides. I upgraded my NT4.0 machine with no problem. Did a dcpromo and it went great. Took a second server with a fresh install of w2k, did a dcpromo, it failed, and now I'm stuck with a ghost dc. Did dcpromo from a second clean w2k server, went perfect. I'd have to agree that you want to upgrade, and have some fresh installs, but problems can arise, and I found out the hard way. Good luck. Glen A. Johnson
Microsoft Certified Professional
glen@nellsgiftbox.com


"The past, though it cannot be relived, can always be repaired."
John La Farge (1835-1910); U.S. artist.

 

[tesh]

Jatkinson.

in your case it sounds you'll be ok you'll have to put all the users in to AD Thats the only Down side to it, But other wise you should be ok.

Tesh

 

[jatkinson]

Hi Guys

Thanks for the advice. However I'm not still not fully sure of one thing and that's on the client side.

If I build a W2K server from scratch and use the same domain name as the NT4 server and IP address, swap the NT4 server for the W2K server, have AD installed with all the client computer names and usernames setup will I be able to simply log on from a client PC???

Thanks

 

[brontosaurus]

No. You'll need to remove your workstations from their existing domain membership and join them to the 2K domain.

 

[tesh]

Well in theory you should be OK as long as you Add all the PC names. but I wouldn't bet on it. Best to visit a few PC's afterwards and check they made it over.

If they haven't just add them in like you normally would

Tesh

 

[jatkinson]

Hi guys,

It looks like this is going to get messy!!

Isn't there anyway to do this without having to visit each client PC in turn and adding it to the new 2K domain??

Cheers

 

[tesh]

Not really, as its the Sam database I believe that is stopping you.

How many users you got ??

 

[jatkinson]

Hi tesh, thanks for the advice

What a pain!!

Heaven forbid that you should be able update your servers and not have to reconfigure all your clients!!!

Oh well if it must be done.

I've 120+ users at the moment and gradually rising.

 

[jatkinson]

Hi

I was just wondering, would it be possible to add a spare NT4 server to my existing domain and then promote it the the PDC and then upgrade it to W2K with AD?? Would I then be able to run my doamin in mixed mode and have my workstations authenticate against AD without the need to add each workstation to the domain again?

Cheers

 

[GlenJohnson]

jatkinson, install tightvnc on all of your clients. It's a free remote admin tool that lets you run their pc's without having to leave your desk. It'll help you down the road also. I use it on over 250 machines, saves me tons of legwork. Good luck. Glen A. Johnson
Microsoft Certified Professional
glen@nellsgiftbox.com

"Life is a succession of lessons which must be lived to be understood."
Ralph Waldo Emerson (1803 - 1882); US philosopher, poet, essayist.

 

[jatkinson]

Thanks Glen

We use a similar VNC product here, however will still have to go round and boot all the workstations up.

Probably easiest if I get staff to return to a log in prompt before going home and then I can log in as local admin and change the domain settings from there.

 

[GlenJohnson]

Painful, but that'll work. Good luck. (Moving from Novell 4.0 to W2K myself. Real mess.) Glen A. Johnson
Microsoft Certified Professional
glen@nellsgiftbox.com

"Life is a succession of lessons which must be lived to be understood."
Ralph Waldo Emerson (1803 - 1882); US philosopher, poet, essayist.

 

[dbotto1]

Hi!

I am with a similar problem...
I have one NT 4 Domain like this:

1- PDC + SQL7
1- BDC + Exchange 5.5
1- BDC + File Server

I choose to create a 2nd W2k Domain with AD and then, copy all the users, groups and PC's from the NT4 Domain to the new W2k Domain, with the "Active Directory Migration Tool".

I am with a little problem: I can't copy Accounts like "Domain Admins" because they are built-in accounts. I have the same problem with the "administrator" account.
It's very painfull to me because I have all the Folders of my File Server with "Domain Admins" - Full Control, and this guy's are the only ones with that type of permissions... and in the "administrator" side I have many services and other things configured with that account...

So, is there any tool that can migrate the SIDHistory of the Built-in accounts, or other way to accomplish this...?

Thanks
Diogo Botto