Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Replace NT 4.0 server with 2000 Server ?

Status
Not open for further replies.
J741

J741

Technical User
Jul 3, 2001
528
CA
Current: Small business network. 30 Windows 2000 workstations. 2 Windows 98 workstations. 1 Windows NT 4.0 server.

We would like to replace the Windows NT 4.0 server with a new Windows 2000 server. I'm not quite sure how to do this without causing too much chaos.

I thought I could attach the Windows 2000 server to the network and run DCPROMO to make it the primary doain controller, which I thought would copy user acounts, passwords, etc. from the Windows NT 4.0 PDC and demote the Windows NT 4.0 server to a BDC and allow safe removal of it from the network. However, DCPROMO reports that it can not function because the domain is not an 'active directory' domain (which is correct: It's an NT domain).

Now, I've searched the internet, microsoft knowledge base, and other message threads on Tek-Tips and come out with the following options:


Option 1)
---------
Erase the new Windows 2000 server and install Windows NT 4.0 server on it as a BDC on the existing NT domain. Then run DCPROMO to promote it to be the PDC on the NT domain. Then put the Windows 2000 Server CD in, and upgrade it to Windows 2000 server.

Sounds simple enough but.... I don't want to erase the Windows 2000 Server, as I've already spent a lot of time installing many applications on it. Installing Windows NT 4.0 server on the new PC may be problematic due to hardware device drivers, especially for the SATA RAID controller. Installing an OS is very time-consuming, and I would estimate that this process would take more than 3 hours.


Option 2:
---------
Bring in a new, temporay computer and install Windows NT 4.0 server on it as a BDC on the existing NT domain. Then run DCPROMO to promote it to be the PDC on the NT domain. Then put the Windows 2000 Server CD in, and upgrade it to Windows 2000 server. Then run DCPROMO on the previously exisiting Windows 2000 server, so as to transfer the accounts and such. Then remove the temporary computer from the network.

Sounds a lot like option 1, but I would not have to undo the work already done on the Windows 2000 server. However This sounds a lot more time consuming than Option 1, and I would estimate that this process would take more than 4 hours.


Option 3:
---------
Write down all the user accounts on a piece of paper. (there's approximately 40 accounts). Use LC3 to extract the existing passwords for all accounts. Disconnet the NT server from the network. Run DCPROMO on the Windows 2000 server. Then manually enter all user accounts in to the Windows 2000 Active Directory.

This seems like the most time-efficient method, but I don't know what things would get lost. What else does DCPROMO transfer? And I also half-remember something about security between the workstation and server which would need to be reset on each workstation before it will connect to the new server (but I can't fully remember this). Also, we still want to have both the Windows NT 4.0 server and the Windows 2000 server operating simultaneously for about a month before removing the Windows NT 4.0 server completely.


Option 4
--------
Leave the Windows 2000 server as a standalone server without a domain, and change all the workstation logons to standalone instead of domain.

This would mean that no Domain exists, and security would be reduced. But I don't think that would be an issue here. The question is, what other advantages does a domain offer besides security and logon/logoff accounting?


-------
Anyways, I would like some professional feedback about this, as I'm not quite sure what the best option would be in terms of both time and function.

I've set up over a dozen different domain based networks using either Windows NT 4.0 or Windows 2000 server, but I've never upgraded one. This one will be my first upgrade.


- James.

My memory is not as good as it should be, and neither is my memory.

I have forgotten more than I can remember
 
Sort by date Sort by votes
Option 5)
Run full backup on nt box.
Upgrade nt to w2k
Make it a DC
Bring in new w2k box
Make it a DC
Replicate the 2
DCPROMO the old nt box and make it a stand alone
New w2k server in place and ready to go.
Good luck.


Click here to learn How to help with tsunami relief... Glen A. Johnson
"An investment in knowledge always pays the best interest."
Benjamin Franklin
 
Upvote 0 Downvote
GlenJohnsons option is the easiest by far to do but when I had to upgrade my Domain a used your second option, because my NT PDC controller was old and nobody wanted to take the risk of trying to upgrade it and something go wrong and we lose the entire domain. Also by doing your option two like we did you can simply load another NT server as your BDC, turn off your PDC and promote your newly created BDC to a PDC. Once you have done that upgrade it to w2k, and then you have an easy back out plan if something does go wrong in the upgrade because all you have to do is fire up your old domain controller because it has remained untouched and try again at a later date. I tend not to put a lot of faith in tape backups.
 
Upvote 0 Downvote
Thanks for the Option5 GlenJohnson, but it is not possible in our situation due to extremely old hardware and no space remaining on the hard drive (Windows NT was limited to 8GB on the boot partition). Also, we want to run both the NT server and the 2000 server side-by-side for about a month before removing the NT server (due to database software compatibility issues).

Thanks for your feedback shughesPB. You say that you have used my Option2, how long did it take to complete? What speed of PC did you use for the temporary PC?

- James.

My memory is not as good as it should be, and neither is my memory.

I have forgotten more than I can remember
 
Upvote 0 Downvote
I really don’t remember an exact time frame, but it really did not take that long. It only took the time it would normally take to load NT and do the upgrade. NT does not take anytime at all to load and if you load it as a domain controller it will automatically see your other DC and replicate the users. I have over 1000 users and it took it very little time to do that. It is also really worth it to go that route because as I said in the last post you are not touching your other NT DC so if something does go wrong you have a an easy back out plan. I was in the same shape you are in and that is the reason I decided to go that route. My DC was a 4-year-old Compaq Proliant 3000 and only had like 400 MB free space on the hard drive. I would have in no way tried to upgrade that thing.

As far as the temp server goes that I used to do the conversion I would say you would not have to use near what I did. At the time I was doing my upgrade I was also replacing several other servers and I had already gotten my new equipment in so I used one of the new servers that I had planned on using some other place. I just decided that I would put a hold on my other project for about a month and I had that luxury. I used a dual processor 2.4 GHz Xeon box with 4gb of ram and that was over kill for a DC but at the time I had it and did not need it for a month. Lol

The only other issue I had was the default partition size for NT being 4gb so after I upgraded the server to 2000 I had to use a partitioning program to increase the size to what I wanted it to be.

If I had to do it all over again I would do it the exact same way I did then. It did not take that long and even if it would have it would have been worth it to keep from having to touch that old Proliant.
 
Upvote 0 Downvote
Good luck. I realize this is the only way you can really do it, just keep in mind MS has retired NT4.0. You can't get support for nt anymore from ms. Keep TT close at hand in case you have problems. (Do you have an extra copy of nt to load?)

Click here to learn How to help with tsunami relief... Glen A. Johnson
"An investment in knowledge always pays the best interest."
Benjamin Franklin
 
Upvote 0 Downvote
I appreciate the feedback so-far, but when I present these options to my boss, I know he will want me to use Option3 or Option4. Why? Because of the bottom line; Time is money. In order to use Option1 or Option2 I will need to present him with solid reasoning as to why to use Option1 or Option2 and why not to use Option3 or Option4. So far, I can't think of anything definitive to tell him. Can anyone out there detail specific reasons why I should not use Option3 or Option4?

- James.

My memory is not as good as it should be, and neither is my memory.

I have forgotten more than I can remember
 
Upvote 0 Downvote
With both Option3 and Option4, you will need to visit every workstation to authenticate them to the new server. Seems like a lot of time to me.

Plus (I think) with Option3 you would not be able to bring your NT server back online, as it will still be a PDC, and I'm pretty sure you would have a conflict.

Option2 is your best bet. That is how I have done it in the past. All I had at the time was a Pentium 2 computer to use as the temporary NT server, and the process took a little over 3 hours to complete. I'm sure that if you used a pentium 4, you could cut that back to around 2 hours.

Help! I've fallen and I can't reach my beer.
cheers.gif
 
Upvote 0 Downvote
I agree with beerhunter on that would take even more time not to mention it would be a lot harder in the long run to manage, because you are going to have to go around to every workstation to do just about anything. Also when a user locks their self out of the workstation you will physically have to walk to that workstation and unlock their account for them. Another problem with a workgroup environment is if you have a user that uses multiple stations and you set up a policy on that machine for the passwords to expire they will eventually get out of sink and one day the user will need multiple passwords. If you do decide one day to implement any security policy on the workstations that will also be a nightmare considering you will also need to implement that on ever single workstation.

Your option 3 is at least a little more viable but that could also become very time consuming, because there is no guarantee that lopht will crack the password with in a reasonable amount of time. I know it will crack the password eventually but I have personally seen lopht take 2 weeks to crack a password. Also you will have to rejoin any workstation that is NT based to the Domain if you do not perform some sort of upgrade on your existing domain.

Your option 2 is defiantly the best option and like beerhunter said you would not need very much of a temp PC to accomplish that.
 
Upvote 0 Downvote
Well, it seems that all my research and planning may be for naught anyway; My boss has informed me that we will set up the Windows 2000 server as a new domain, and manually change all workstations to use the new domain instead of the old one. Seems like more work to me, but the decision has been made, and I no longer have any input on the matter.

Thank you all for your valuable input on this issue. I really appreciate it.

- James.

My memory is not as good as it should be, and neither is my memory.

I have forgotten more than I can remember
 
Upvote 0 Downvote
Good luck. I realize this is more work, but it might end up saving you a lot more in the long run.
[cheers]

Click here to learn How to help with tsunami relief... Glen A. Johnson
"An investment in knowledge always pays the best interest."
Benjamin Franklin
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
205
MaioMaio
MaioMaio
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
255
Aquiles Vidal
Aquiles Vidal
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
292
suncit
suncit
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
215
antonio_dsanchez
antonio_dsanchez
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
264
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top