Re: Common Issues

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

the following is an EXAMPLE for upgrading NT4 to W2K3 AD.

* introducing two additional NT4 BDCs (fresh installed - desktops will be
OK)

* Introduce two fresh installed W2K3 member servers to the domain and
install and configure DNS (with DNS zones and DDNS), WINS (and DHCP if
needed) on it (these will be promoted to DC later on)

* Configure the NT4Emulator and NeutralizeNT4Emulator registry keys on the
w2k3 member servers. Reboot the server (see:
http://www.petri.co.il/first_dc_in_domain_problem.htm &
http://support.microsoft.com/?kbid=284937)

* Point all servers the new DNS/WINS servers in their TCP/IP settings

* Promote on the fresh installed NT4 BDCs to a PDC and sync the domain

* Configure the NT4Emulator and NeutralizeNT4Emulator registry keys on the
new NT4 PDC. Reboot the server (see:
http://www.petri.co.il/first_dc_in_domain_problem.htm &
http://support.microsoft.com/?kbid=284937)

* shutdown the other fresh installed NT4 BDC and keep that as a safe measure

* Upgrade the new NT4 PDC to a W2K3 DC and choose during the AD install for
Forest functional level Windows Server 2003 Interim

* promote both w2k3 member servers to DCs and after that make both DCs a GC

* Transfer the FSMO roles from the upgraded w2k3 DC to one of the fresh
installed W2K3 servers (now DCs)

* Configure the DNS zones to be AD integrated and configure secure DDNS

* Demote the upgraded w2k3 DC to a member server and remove from the domain

* If everything is OK remove the NT4 BDCs from the domain and cleanup
computer accounts

* If everything is OK remove the NT4Emulator and NeutralizeNT4Emulator
registry keys from the fresh installed w2k3 servers (now DCs). Reboot the
servers one by one. If you have w2k/wxp/w2k3 clients and/or servers these
will start using kerberos authentication as soon as these the w2k3 DCs.
These clients/servers were not able to see them because the w2k3 DCs were
emulating NT4 DC behavior to prevent upgrading the secure channel to
kerberos and stay with NTLM. If you would not have done this and you wanted
to revert back to the NT4 DCs and thus removing the W2K3 DCs, you needed to
re-add each w2k/wxp/w2k3 clients and/or servers to the domain

* If everything is OK increase the domain and forest functional level to
windows server 2003


REMARK: the use of the NT4Emulator registry on the DCs also prevents
W2K/WXP/W2K3 clients/servers to apply GPOs. That key is just a safe measure
so the first W2K3 DC is not overloaded. The other safe measure is to first
test everything using NTLM authentication and then switch to Kerberos by
removing the keys (NT4Emulator and NeutralizeNT4Emulator) from the DCs

There is more to it then this, so make sure you look at:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/b170bdc5-ba55-4184-8a8f-acb7705ff04a.mspx

If you also have exchange, you need to take care of that to!

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto #
BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
-----------------------------------------------------------------------------


-----------------------------------------------------------------------------
"Seelan Raja" <seelan_rd@xxxxxxxxxxxxxxx> wrote in message
news:%231gs$$vEGHA.3064@xxxxxxxxxxxxxxxxxxxxxxx
> Hey Guys,
> Im working on a team to deploy Windows Server 2003 AD (Upgrading from NT
> Domain). Before doing that, we'd like to make sure that we have documented
> a
> lot of things so if things go wrong, we'd be in good shape to recover. One
> of the important things that I want to do now is prepare a list of issues
> that COULD arise while deploying the AD. I was wondering if any one who
> might have done this before could help me out here...your help would
> greatly
> be appreciated.
> Thanks
> Seelan
>
>


.

Relevant Pages

  • Re: Problem establish trust between NT4 and W2K3 AD
    ... I had my NT4 PDC and W2K3 DCs trusted no problem without ... >> You could install WINS on the W2K3 DC, point all servers for WINS to the ...
    (microsoft.public.win2000.active_directory)
  • Chickened-out and now the rent is due
    ... I have several older NT4 servers ... in a relatively established NT4 domain. ... W2K and W2K3 application servers. ...
    (microsoft.public.windows.server.migration)
  • Re: upgrade NT 4.0 to Windows 2000 AD
    ... and not w2k3 AD? ... Introduce two fresh installed W2K3 member servers to the domain and ... promote both w2k3 member servers to DCs and after that make both DCs a GC ... I've a windows NT 4.0 based network & I need help to upgrade it to 2000 ...
    (microsoft.public.win2000.active_directory)
  • Re: Domain Controller to Active Directory
    ... insert the W2K3SP1 CD and upgrade it to a W2K3 AD domain... ... w2k3 member servers. ... * promote both w2k3 member servers to DCs and after that make both DCs a GC ...
    (microsoft.public.windows.server.active_directory)
  • Re: Problem establish trust between NT4 and W2K3 AD
    ... make sure you point all your clients to the w2k3 server. ... This posting is provided "AS IS" with no warranties, and confers no rights. ... > resolution is needed to find DCs in both domains. ... > You could install WINS on the W2K3 DC, point all servers for WINS to the ...
    (microsoft.public.win2000.active_directory)