** Please Advise ** NT4 -> 2003 Upgrade Plan !!
From: SG (ab_at_cd.com)
Date: 01/14/05
- Next message: Paul Bergson: "Re: Domain Trusts and LDAP"
- Previous message: Andy: "Re: Launching a web page through a logon script"
- Next in thread: Brian Desmond [MVP]: "Re: ** Please Advise ** NT4 -> 2003 Upgrade Plan !!"
- Reply: Brian Desmond [MVP]: "Re: ** Please Advise ** NT4 -> 2003 Upgrade Plan !!"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 14 Jan 2005 10:35:32 -0500
Going to upgrade NT4 domain to 2003 AD. I have tested the process in test
lab. All was ok except the fallback test with a laptop from the NT4 domain.
I plugged into the test domain with the laptop and was able to login and the
pc's fqdn changed to the AD domain name, basically appending the .com I used
from the netbios name. As seen in other posts, I was unable to fallback to
the NT4 production domain with the laptop after I was on the test AD network
for some time. The message was "the computer account in its primary domain
is missing or the password on that account is incorrect". The current setup
includes PDC and one BDC in main office. One BDC in each of 4 remote
offices. We will be upgrading/replacing both the PDC and BDC in the main
office to 2003 and both will be DC's. My plan is as follows:
1) Install new nt4 BDC and promote to PDC. Synchronize domain and remove
former PDC (now BDC).
2) Upgrade to 2003 AD on current PDC.
3) Install fresh 2003 Server on a brand new pc and join domain. Run dcpromo
to make as DC. Enable as Global Catalog. Force Synchronize both DC's.
4) Run dcpromo on first DC (pc upgraded in step 2) to demote and force all
roles to newly installed 2003 machine in step 3.
5) Install fresh 2003 Server on another new pc and join domain. Run dcpromo
to make as DC. Enable as Global Catalog.
6) Remove Global Catalog from pc in step 3 since it will be the
infrastructure master.
Result: 2 freshly installed 2003 DC's with all user and computer accounts
intact.
My questions are:
1) Is there anything wrong or missing with this plan?
2) Should I use the NT4Emulator registry entry on all pc's that are going to
be 2003 DC's for purpose of fallback plan? If so, when is it ok to remove
the setting to force clients to append the domain suffix? I need the
fallback plan to work in case it is called upon. It's useless to remove a
BDC for a fallback plan just to have all client pc's to not work or have
invalid computer accounts when used with the old NT4 domain, per my
experience in first paragraph.
3) What will remote office users/computers experience when they log onto
network after upgrading domain to 2003 AD? Their local DC will still be a
NT4 BDC for some time. Will they authenticate successfully to their local
BDC or will they go accross the WAN link to authenticate with the new 2003
DC's, even though they will NOT be using AD dns servers? The AD dns
structure will expand to remote offices as each office BDC is upgraded to
2003. In other words, the remote office clients will still use their current
dns server entries and not point to the new dns servers in AD. WINS will
still be used on network to resolve server names. Only the local clients to
the new 2003 DC's will use the new AD dns servers.
4) If using NT4 Emulation on DC's, will Pro and XP clients local to the 2003
DC's still process group policies? Remote office XP/Pro clients will NOT
process group policies regardless of NT4 Emulation since they don't know
about the AD dns servers, correct?
Thanks in advance for any response, tips, assistance with this post.
SG
- Next message: Paul Bergson: "Re: Domain Trusts and LDAP"
- Previous message: Andy: "Re: Launching a web page through a logon script"
- Next in thread: Brian Desmond [MVP]: "Re: ** Please Advise ** NT4 -> 2003 Upgrade Plan !!"
- Reply: Brian Desmond [MVP]: "Re: ** Please Advise ** NT4 -> 2003 Upgrade Plan !!"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
