Windows NT to Windows 2003 and Active Directory

[jlh1]

I have a windows NT 4.0 network / domain. I would like to install an additional Windows 2003 R2 server into this network keeping the domain name. Once I do that I would like to install active Directory and import the Windows NT 40 users into the Windows 2003 Active Directory. Then demote the Windows NT 4.0 servers.

Is this possible or will I have to create a new Domain for the windows 2003 Active Directory.

Thank you
Jlh1

 

[baddos]

As far as I'm aware the standard practice is to "upgrade" your PDC to windows2k/2k3 using the in place upgrade. It's been years though since I did mine. ;-)

If you want to keep your 4.0 domain as a 4.0 domain you can though and just add 2003 server as member servers. I'm pretty positive that you cannot add windows2000 or 2003 domain controllers without upgrading the PDC and domain to a windows 2000/2003 domain.

As far as the domain name is concerned, you should be able to keep the domain provided it doesn't have any illegeal characters in it.

 

[LWComputingMVP]

baddos is essentially correct and any parts I may disagree with below I will chalk up to his elapsed time since the last time he did one (frankly, it's been a while for me, but I talk about it enough that it's still fresh enough in my mind).

Basically, to introduce a 2000 or 2003 domain controller, you MUST upgrade the PDC to 2000 AT LEAST. That said, you DO NOT have to upgrade your EXISTING PDC. What you can do (and what I often recommend) is install Virtual PC/VMware/Virtual Server on one system and then install NT4 as a BDC in the Virtual machine. Then (so you have a backup of your old domain) backup the .vhd file onto a DVD or at least a file somewhere. Once it's backed up, change the BDC into the PDC. Then UPGRADE the Virtual system (now the PDC) to 2000/2003. This will essentially give you Active Directory in Mixed Mode. Leave your network like this (assuming things seem to be working) and make sure all is good before trying to remove the NT4 BDC. Once you are certain all is ok, you can remove the NT4 BDC by simply shutting it down and deleting the computer account.

Now, presumably, you don't want to run your FSMO master AD DC off a Virtual System forever... (remember, in Active Directory, there are no PDC or BDC systems - everything is a DC. There are 5 FSMO roles that can be broken up and run on any DC and initially these roles are all run off the upgraded former NT 4 PDC). So you'll want to move them to a newer physical system and then properly DEMOTE the 2000/2003 Virtual system from it's DC role. (Note: You should never just remove a DC without removing it through DCPROMO as this can cause problems with AD). Once demoted, you can remove the virtual machine from your network or keep it as a second DC for backup purposes (up to you).

Couple of warnings/notes - DNS is VERY important to Active Directory - if you're not familiar with it, I would suggest checking out my links page on DNS and AD -

http://www.lwcomputing.com/tips/static/dns.asp

You'll also want to use a domain.local domain name for your fully qualified domain name. keep your original netbios domain name - what I (and most people) do is to use the netbios domain name for the fully qualified domain name and attach a .local to the end of it.

 

[jlh1]

Thank you for your input.
We created a new domain, left the NT as is and took the opportunity to clean up and correct user and directory issues that we have wanted to correct for a while.

Jlh1