Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NT 4.0 to Windows 2003 Server

Status
Not open for further replies.
Manthis

Manthis

Technical User
Jun 7, 2002
17
0
0
PA
Hi all,
Our IT department (we are three not very experienced Admins) has been looking everywhere for a solution for our problem, but we can't find a specific solution to it, so here it goes:

Currently we have this distribution on our network.

- One PDC (running NT 4.0)
- One BDC (NT 4.0)
- One Exchange 5.5 Server (NT 4.0)
- One Web Server (Windows 2000)
- Two Data/File servers (Red Hat Linux)
- Four Data/File Servers (Windows 2003)
- 40 Client Pcs running Windows XP Pro and Windows 2000 Pro

All computers are running under a NT 4.0 domain (let's call it DOM_X), and we have configured users, groups, security and hardware with a working setup.

We want to migrate our network to Win 2003 Active Directory, and have already bought two servers. One of them will be our Domain Controller, and the other one will be running Exchange Server 2007.

This is what we have accomplished so far (not much):
- We have setup a new domain under Win 2003 Active Directory (let's call it DOM_Y) on the new domain controller.
- We have successfully created the domain trust between DOM_X and DOM_Y.
- We have setup a common Admin between the old PDC and the new DC.
- We have installed ADMT V3.0 on the new DC.

Here is where the problem starts; when we try to migrate groups/users... we get the following error: "The target domain is not native mode". I've read about this error and all we have to do is to switch to Win 2003 native mode and this makes us worried for the following reasons:
- If we switch to native mode, will functionality of the old domain DOM_X be affected in any way?
- When we start migrating users to DOM_Y, will the functionality of DOM_X be affected in any way?
- When we start migrating users to DOM_Y, will they be able to access their Exchange 5.5 accounts that are currently under DOM_X?

We have lots of other questions, but they would make this message to long.

We would really appreciate any help or tip that could guide us through this complicated process.

Thanks Again! and sorry for the bad English
 
Sort by date Sort by votes
This is requirement. The target domain MUST be in native mode. In a Windows 2000 Server environment, the target domains must be operating in Windows 2000 native mode. In a Windows Server 2003 environment, the target domains must be at the Windows 2000 native or Windows Server 2003 Active Directory domain functional level.

Please refer to Page 33 of ADMT V3 Migration Guide. I suggest you read the guide completely before starting.

Hope this helps. Please post back if you have any questions.

-Keshav / IT Consultant
 
Upvote 0 Downvote
Thanks for the reply kmkeshav,
Ok, you are right, we will read the ADMT guide thoroughly, hope this migration goes well. I’ll be posting back more questions if we find anything we can’t handle ourselves during the process.
Thanks again!
 
Upvote 0 Downvote
We went through a similar migration 3yrs ago from NT4 to 2003 - Exch 5.5 to Exch 2003 but I did have a consultant assist with this.

I can not remember the exact steps but I am pretty sure when you migrate user accounts, a duplicate account in the new domain is created and does not affect the original unless you set the ADMT tool to disable source account.

You then can test the newly created accounts in the new domain to confirm their access is still working.

You can run this tool over and over for testing, by deleting the newly migrated account and then running the ADMT tool again.

Start with a single test account then move to a few acutual users and have them login to the new domain for a few weeks before migrating others. Do this in stages, slow and steady.

As I said I can not remember all the details but you will also run a migration tool on each workstation and if done and tested correctly your users will not notice any difference other than the domain logon name has changed.

Our Exchange migration was performed after all workstaion and user accounts were migrated and tested for a while.

Once we had migrated we turned off servers in the old domain to test things then deleted the trusts. Removing the oringal Exch 5.5 had a few more steps with moving Free/busy public folder replication and other services to the new Exch server.

I think the whole process took use about 3months to complete. This took a bit longer as we were only had 1 new physical server and all the others were formated and reinstalled with 2003 in the new domain. All their rolls had to be moved around to other server until they up and running in the new domain.

Hope this helps.
 
Upvote 0 Downvote
Thanks for the info KRPGroup, it sure helps us know that we can keep the old domain working 100% during the migration process.
I have one question, during your migration, were the migrated users able to access their exchange 5.5 mailboxes when they were logged inside the new domain? having two-way domain trusts between the domains is enough to allow you to access exchange 5.5 mailboxes and other resources?
Thanks again!
 
Upvote 0 Downvote
Yes they were able to access mail as the Exch migration was done after all users and computers were migrated.

Infact we setup the new domain in 2003 and got all the trusts working with test accounts and didn't move anyone for a few days just to make sure all was fine. Didn't want to make too many changes at 1 time so we could easily figure out any problems that came along. The good news is the migration doesn't have to be done all in 1 weekend. Unless of course you you like high stress situations. :)

I was probably over causious but my users did notice any issues and the mgt was very happy with the migration, no down time at all.

If you are willing to provide an email address or other means I can send you an our migration plan that breaks down the steps.

Of course our firm can not take any responsibility for any results by following these steps as our environments are not the same and there has been serveral update/changes to the 2003 Server OS via updates/SP and available mirgration tools.

 
Upvote 0 Downvote
That would be great KRP!, when you have time please send me any info to la_tegen@yahoo.com
We have successfully migrated one active user :)
And this user was able to access his 5.5 mailbox through the new domain.
We know this is the first step in a long process, but it has helped us solve many questions we had.

Thanks again for giving us some of your time, we really appreciate it. We will be posting soon, hehehe, we know we will have more questions during the migration
 
Upvote 0 Downvote
Hello, i'm posting in this thread a little late but I was wondering (KRPGroup), if I can get a copy of that migration plan as well. We are also migrating from NT4 to Win2k3 and that migration plan would be a huge help!

Manthis, can I ask how you got the trusts between the NT4 & AD domain set up? I am having HUGE problems setting it up and almost ready to give up. I have ran through all the forums on the Internet and the KB. Any info would be GREATLY appreciated. I can provide my email as well. Thanks in advance.
 
Upvote 0 Downvote
Hi Deskey, we also had some problems setting up the trusts between the two domains.
Here is what you should do:
Under NT 4.0:
-Start > programs > Administrative tools (common) > User Manager for Domains
-Menu Policies > Trust Relationships > Add… > type the name of your AD domain and a password
-You’ll get a message, click OK.
-In the same window click “Add…” under trusting domains and type your AD domain and the same password again

Under Win2K3:
-Start > Administrative Tools > Active Directory Domains and Trusts
-Right-click over your AD Domain and select “properties”
-Click over the “trusts” tab and then “New trust…”
-Next > Type your NT Domain name > Two-Way > Domain-wide autentification > type the password you used under your NT domain > Next > verify the trust is set up ok and click next > Yes, then next
-Yes again, and type “yourNTdomain\Administrator” and its password (or type any user with admin rights, replace yourNtdomain with the name of your current NT domain)
-And if everything is ok, click “finish” > click ok.

Under NT 4.0:
-Start > programs > Administrative tools (common) > User Manager for Domains
-In the Group area double click over the administrators group > Add... > select your AD domain form the ComboBox > and select a user with Admin rights in the AD domain. This user will be a shared Admin between the two domains.
-Click add and then ok.

Hope this helps, if you have any other questions I will be glad help you.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
116
Aquiles Vidal
Aquiles Vidal
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
142
suncit
suncit
MaioMaio
  • Question
Server Remote Desktop License
Replies
0
Views
101
MaioMaio
MaioMaio
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
92
antonio_dsanchez
antonio_dsanchez
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
141
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top