Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Replacing PDC with updated server hardware

Status
Not open for further replies.
Deskey123

Deskey123

Technical User
May 20, 2005
17
0
0
US
I have a question for anyone out there. Here is my scenario:

I have a VERY old PDC on NT4 server in a remote site.
I have a more updated Win2k server as a BDC in the main site

I need to replace the PDC with new up-to-date hardware which my company is in the process of ordering.

For example purposes, the NT4 domain on the PDC and BDC is Domain A. We have relocated a lot of our equipment to a datacenter. I've installed the 1st domain controller in the new Active Directory domain (let's call it Domain B). I need to either migrate all user, group, computer accounts (logon scripts, H drives, etc...) and permissions to the new AD box in the datacenter as it will be a HUGE hassle to re-create all that OR come up with a solution for the PDC.

Upgrading the PDC to Win2k3 in not an option due to it being very old and outdated. Somehow and someway, I want to utilize that new server the company is ordering to make all this happen and still preserve all user, computer, group accounts as well as permissions. What are my options?

1.) Maybe installing the new server as an NT4 server and BDC
2.) Configuring synchronization from the older PDC to the new BDC
3.) Installing Win2k3 server on the new server that currently has NT4 as a BDC (after successful sychronization)
4.) Promoting the new Win2k3 server to Active Directory (can you do this being that the server is a BDC?) as an additional domain controller in Domain B (the datacenter has the 1st domain controller)
4.) Setup replication between the new Win2k3 server (formally a BDC in the NT4 domain with NT server installed) and the 1st domain controller in Domain B

I'm trying to find the best and easiest solution to this. Another reason i'm resorting to this is because i'm having issues with setting up trusts between the NT4 domain and the Active Directory domain. That would be the easist solution because then I can use ADMT to simply transfer the user, computer and group accounts from the PDC to the AD DC as the trust is in place.

Any help in this mattter would be GREATLY appreciated.
 
Sort by date Sort by votes
I highly recommend setting up a Win2K box or Win2003 or even WinXP and installing VMWare Server. It's free. In that create a virtual machine and install a fresh copy of NT4 and set it as a BDC. Then once it's online, promote it to the PDC (or maybe you have to demote the PDC first, not sure).

Once you have the new virtual machine working as a PDC and all is replicated, you can simply turn off the old machine.

The benefit of this is that you won't have any hassle getting drivers working for the virtual machine, whereas you definitely will if you install it on new hardware.
 
Upvote 0 Downvote
I need to either migrate all user, group, computer accounts (logon scripts, H drives, etc...) and permissions to the new AD box in the datacenter as it will be a HUGE hassle to re-create all that OR come up with a solution for the PDC.
Click to expand...
Have you look at ADMT (Active Directory Migration Tool)?

Jesse Hamrick
 
Upvote 0 Downvote
Griffyn,

So what you're saying is install Win2k3 on our newly purchased server (this will be the one to replace the very old PDC). Can I add it as a BDC on Win2k3 server or do I have to have a BDC only on the NT4 server software? Not sure if I can install Win2k3 and configure as a BDC. If i'm not mistaken (I could be wrong), I have to configure the BDC as installation of NT4 server.

I know that when you promote a BDC to a PDC and their's already a PDC in the domain, the old PDC will automatically be demoted to a BDC...nothing has to be done on my end. Is this how it should be:

-Purchase new server and install Win2k3 server as BDC then promote to PDC OR install NT4 server as BDC and promote to PDC (this way the accounts will move over to the new server). Also, on the new server that we purchased, whether I install NT4 server or Win2k3 server, do I add it to the current NT4 domain (I would think yes or I cannot get all the user, group computer accounts and permissions) and keep the same computer name and IP address as the older PDC? If so, after i've verified that I have all user and computer accounts, can I go ahead and change the domain to the new Active Directory domain?

I'm never really worked with VMware. I understand building the server as a BDC and promoting it to a PDC but what is the true benefit of installing VMware on the new server? A quick how-to would be a huge help. Thanks in advance.
 
Upvote 0 Downvote
WhoKilleyKenny,

I'm aware of the ADMT tool for migrating security info to AD (user, computer, group accounts, permissions, logon scripts, H drives, etc...). I tried that way first as it would be the easiest for our companies migration but I just CANNOT get the trust relationship to work from the NT4 domain to the Active Directory domain and that is a prerequisite for using ADMT. Since I can't get the trust working, i've resorted to other ways, like:

-Purchasing a new server
-Installing either NT4 server or Win2k3 server (assistance?)
-Configure new server as BDC in current NT4 domain initially
-Promote new server to PDC in current NT4 domain
-After verifying that all user accounts are on the new server, install Win2k3 server
-Add Win2k3 server to current Active Directory domain
-Promote Win2k3 server to DC to allow it to replicate with 1st DC in current Active Directory domain.

A 1st DC in the new Active Directory domain has been already created and configured. I need to somehow get all the user, group, computer accounts, permissions, etc... to that 1st DC and then have that replicate to all future DC's we configure for the company so we don't have to re-create all user accounts and MORE IMPORTANTLY, re-assign permissions on all current NT4 resources (shared drives, folders, files, etc...)

Any help and assistance would be GREATLY appreciated.

-Tommy
 
Upvote 0 Downvote
VMWare server is an application you install in any late version of windows, Windows 2003 Server, WinXP it doesn't matter. It then allows you to create any number of virtual machines. A virtual machine appears as a normal application window in which appears to be running another computer. It has it's own hardware, memory, harddrives, BIOS - all simulated by the VMWare Server application. You pop in your NT4 CD, and by default the virtual machine's virtual CD Drive links to your actual CD Drive, and you can partition, format and install NT4 into the virtual machine. Nothing in the virtual machine has any affect on your real windows install. You can set the virtual machine's network card to be as if it is a new device on the network (default). So your one physical machine now has two concurrently running operating systems. You can install anything in a virtual machine, Linux, DOS, Windows servers. You're only limited by the amount of RAM you have and the CPU processing power available.

Virtual machines don't run as fast as if they were running on real hardware of course, but they are still plenty fast. Unless you loaded it up or ran some benchmarking software, you'd never notice.

Plus you can do lots of cool things like take snapshots of a virtual machine, doing anything you like, destroy the virtual OS, change registry settings, play around to your heart's content, and then return to the snapshot and everything will be exactly how it was at that time. It's an amazing tool to test stuff with.

The benefit of running NT4 in a virtual machine compared to recent hardware is that you will have drivers for all the virtual hardware, whereas you may struggle with the recent hardware. Plus every virtual machine will have the same hardware so you can easily move a virtual machine from one physical machine to another without skipping a beat.
 
Upvote 0 Downvote
I like Griffyn's discussion about VMWare. This post is to continue discussing the issue with your trusts. Did you set up DNS forwarders so that name resolution occurs between domains? This is usually the number one reason trusts fail.

Jesse Hamrick
 
Upvote 0 Downvote
WhoKilledKenny,

To my understanding, DNS doesn't have anything to do with the trust between the NT4 domain and Active Directory domain. I thought DNS would be a big factor in name resolution issues between 2 Active Directory domains.

I have LMHOSTS on the PDC and PDCe and I can ping from the PDC to the PDCe and back via NETBIOS name and IP. I cannot ping the domain names on either side though.
 
Upvote 0 Downvote
I'm trying to find the best and easiest solution to this. Another reason i'm resorting to this is because i'm having issues with setting up trusts between the NT4 domain and the Active Directory domain. That would be the easist solution because then I can use ADMT to simply transfer the user, computer and group accounts from the PDC to the AD DC as the trust is in place.

Is the 2kX AD in mixed mode or native ?


This may help
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MaioMaio
  • Question
Server Remote Desktop License
Replies
0
Views
101
MaioMaio
MaioMaio
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
116
Aquiles Vidal
Aquiles Vidal
ravalos
  • Question
Problem with PDFs in IIS
Replies
1
Views
237
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
141
DrB0b
DrB0b
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
142
suncit
suncit

Part and Inventory Search

Sponsor

Back
Top