Re: NT4 domain migration to Active Directory questions
From: ptwilliams (ptw2001_at_hotmail.com)
Date: 02/22/05
- Next message: ptwilliams: "Re: AD and Group Policy - Hiding computers from network"
- Previous message: DirkDiggler: "RE: Restrict user log ins"
- In reply to: Leroy Pierce: "NT4 domain migration to Active Directory questions"
- Next in thread: Leroy Pierce: "Re: NT4 domain migration to Active Directory questions"
- Reply: Leroy Pierce: "Re: NT4 domain migration to Active Directory questions"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 22 Feb 2005 18:18:51 -0000
I don't quite follow your questions, but I'll answer this:
> Would it still be possible to migrate the NT4 users, groups and computers
> into this AD domain at a later
date? Would SID loss occur resulting in broken security? In other words,
is it possible/practical to migrate an NT4 domain into an existing domain?
The AD domain would no longer be pristine at the time of the migration.
Yes, nothing wrong with that. The domain doesn't have to be empty to
migrate into (although it has to be in Native mode for ADMT). Remember,
some of us consolidate multiple NT domains into a single, flat forest
(domain). This means that at some point, the domain is far from empty...
-- Paul Williams http://www.msresource.net/ http://forums.msresource.net/ "Leroy Pierce" <LeroyPierce@discussions.microsoft.com> wrote in message news:1C552D47-5D73-4220-B56D-E55E5B68F6F9@microsoft.com... Our existing network is based on a single WindowsNT4 domain for employees. Our web portal project will be based entirely on an Active Directory tree. We have the forest root and a single portal subdomain already established with the idea of migrating the NT domain into a separate subdomain. Due to timelines, development of the portal project including the employee subdomain will occur prior to the actual migration of the NT4 employee domain. What is the best way to give the functionality of the employee subdomain prior to the actual migration of the NT4 domain? Several options have been discussed including: 1. Create a pristine version of the employee subdomain and populate it with groups and OUs appropriate to the portal project. Later move/migrate the NT4 domain users, groups and computers into it. This would allow the portal security to be established immediately. Would it still be possible to migrate the NT4 users, groups and computers into this AD domain at a later date? Would SID loss occur resulting in broken security? In other words, is it possible/practical to migrate an NT4 domain into an existing domain? The AD domain would no longer be pristine at the time of the migration. 2. Migrate a copy of the NT4 domain into the new AD subdomain. While the domains would not be in sync, SIDs and security associations may be preserved. Would it be possible to effectively resync on the NT4 domain is migrated? Any suggestions or answers would be greatly appreciated. Thanks, --Leroy
- Next message: ptwilliams: "Re: AD and Group Policy - Hiding computers from network"
- Previous message: DirkDiggler: "RE: Restrict user log ins"
- In reply to: Leroy Pierce: "NT4 domain migration to Active Directory questions"
- Next in thread: Leroy Pierce: "Re: NT4 domain migration to Active Directory questions"
- Reply: Leroy Pierce: "Re: NT4 domain migration to Active Directory questions"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
