Re: ** Please Advise ** NT4 -> 2003 Upgrade Plan !!

From: Brian Desmond [MVP] (desmondb_at_payton.cps.k12.il.us)
Date: 01/16/05 

Date: Sat, 15 Jan 2005 22:39:19 -0600

Hi there,

As far as the error you're receiving, this is expected behavior. The
computer has changed its machine account password on its schedule (ususally
every 30 days), and now it has a different password than when it was in the
NT4 domain.

I've answered the rest of your points inline below. 

-- 
--Brian Desmond
Windows Server MVP
desmondb@payton.cps.k12.il.us
www.briandesmond.com
> 1) Install new nt4 BDC and promote to PDC. Synchronize domain and remove
> former PDC (now BDC).
> 2) Upgrade to 2003 AD on current PDC.
> 3) Install fresh 2003 Server on a brand new pc and join domain. Run 
> dcpromo
> to make as DC. Enable as Global Catalog. Force Synchronize both DC's.
> 4) Run dcpromo on first DC (pc upgraded in step 2) to demote and force all
> roles to newly installed 2003 machine in step 3.
> 5) Install fresh 2003 Server on another new pc and join domain. Run 
> dcpromo
> to make as DC. Enable as Global Catalog.
> 6) Remove Global Catalog from pc in step 3 since it will be the
> infrastructure master.
If this is a single domain environment, you do not need to do item 6, just 
mark all your DCs GCs. This is only relevant in a multidomain environment.
>
> Result: 2 freshly installed 2003 DC's with all user and computer accounts
> intact.
>
> My questions are:
> 1) Is there anything wrong or missing with this plan?
>
> 2) Should I use the NT4Emulator registry entry on all pc's that are going 
> to
> be 2003 DC's for purpose of fallback plan? If so, when is it ok to remove
> the setting to force clients to append the domain suffix? I need the
> fallback plan to work in case it is called upon. It's useless to remove a
> BDC for a fallback plan just to have all client pc's to not work or have
> invalid computer accounts when used with the old NT4 domain, per my
> experience in first paragraph.
The NT4Emulator reg key is not a fall back option. It is to prevent all your 
2k/XP/2003 clients from immediately swamping the new DC. See this KB for 
more info http://support.microsoft.com/default.aspx?scid=kb;en-us;Q284937.
>
> 3) What will remote office users/computers experience when they log onto
> network after upgrading domain to 2003 AD? Their local DC will still be a
> NT4 BDC for some time. Will they authenticate successfully to their local
> BDC or will they go accross the WAN link to authenticate with the new 2003
> DC's, even though they will NOT be using AD dns servers? The AD dns
> structure will expand to remote offices as each office BDC is upgraded to
> 2003. In other words, the remote office clients will still use their 
> current
> dns server entries and not point to the new dns servers in AD. WINS will
> still be used on network to resolve server names. Only the local clients 
> to
> the new 2003 DC's will use the new AD dns servers.
My experience is that sometimes the clients need a reboot after the upgrade. 
Not always, though. Without the NT4Emulator, the PCs will go across the WAN 
to a 2003 DC. Your clients need access to the AD DNS infrastructure whether 
they'll be talking to a BDC or not. You need to fix this right away. 2k+ 
clients will need to locate the PDC emulator, global catalogs, site 
information, etc.
>
> 4) If using NT4 Emulation on DC's, will Pro and XP clients local to the 
> 2003
> DC's still process group policies? Remote office XP/Pro clients will NOT
> process group policies regardless of NT4 Emulation since they don't know
> about the AD dns servers, correct?
GP will not be processed unless there is a NeutralizeNT4Emulator reg key on 
teh client. See above about DNS, you can't do what you're planning as far as 
skipping the DNS goes.
>
> Thanks in advance for any response, tips, assistance with this post.
>
> SG
>
>

Relevant Pages

  • Re: Anmeldevorgang in einer Misch Umgebung (inplace Upgrade NT4 --> W2003)
    ... WOHER zum teufel erfahren die Clients in der Zweigstellt und wie vro allen ... es wird ja NT4 PDC emuliert. ... Die melden sich gegen den BDC an ... Der PDC in der Zentrale ist niemals abgeschottet. ...
    (microsoft.public.de.german.win2000.active_directory)
  • NT4 and Win03 DNS / WINS / DHCP Co-existance
    ... I wish to co-exist NT4 clients and XP clients on the same ... DNS servers, but the NT4 clients to point to the old DNS ...
    (microsoft.public.win2000.dns)
  • Re: Is this right?
    ... > The clients have them both listed. ... at the cache, now that I know it is there. ... > They (the zones) appeared automatically. ... >> It is correct if you have BOTH DNS servers working. ...
    (microsoft.public.win2000.dns)
  • Re: Fallback to NT4 - Clients wont talk to Domain
    ... >> We have been experimenting in the lab with the UPGRADE ... >> route for converting our NT4 domain to Active Directory. ... >> an easy way to move all the clients back to the NT4 ...
    (microsoft.public.win2000.active_directory)
  • Re: Network desintegrating(?)
    ... 15 clients XP Pro SP2 ... I made a reservation for Noodserv in DHCP. ... I know PDC and BDC are NT 4 terms, TELSERV is the SBS box, NOODSERV ... Ethernet adapter Local Area Connection: ...
    (microsoft.public.windows.server.sbs)