Re: Upgrading NT4.0 To Windows Server 2003
- From: "dw" <donWilwol@(EMAIL)yahoo.com>
- Date: Sun, 30 Apr 2006 11:36:19 -0400
<SEE INLINE>
--
--------
Hope It Helps!
dw
_______________________________
Don Wilwol
Distributed Application Technologies.
dwilwol(DELETE)@datbusiness.com
http://spaces.msn.com/members/wilwol/
www.datbusieness.com
www.skyphere.com
"Robert" <R_L99@xxxxxxxxxxx> wrote in message
news:4FE52DD0-29DB-41C4-83F7-A9F55AA1903B@xxxxxxxxxxxxxxxx
Hi All,Absolutely
we are supposed to upgrade existing PDCs from NT4.0 to Win2K3. For some
reason, we have to keep 1 NT BDC in other physical site. Before
implementation, i have some questions and need your help.
1. After the upgrading, there're 3 servers in our environment, Win2k3AD,
NTBDC1, NTBDC2. Is it possible that NT4.0 coexist with Win2k3?
2. I did testing in virtual environment and foundOnce an XP machine has authenticated to the AD machine it will always look
i) when i power off Wink3AD, user cannot logon, even there're backup DC
online, why? authentication? special configuration?
to authenticate to AD. Here is why......(found at
http://technet2.microsoft.com/WindowsServer/en/Library/8f492d26-379b-4743-a20a-5c5467108e491033.mspx)
When performing an in-place upgrade of a Windows NT 4.0 domain to Windows
Server 2003, the first domain controller upgraded is the Windows NT 4.0 PDC.
If clients in the domain running Windows 2000, Windows XP, and Windows
Server 2003 select the new Active Directory domain controller for
authentication, the negotiation of the authentication protocol will reveal
that there are now domain controllers in the domain that support the
Kerberos protocol. These clients will then upgrade their secure channel to
exclusively use the Kerberos protocol for authentication requests and will
no longer attempt to authenticate using the NTLM protocol, potentially
causing the new Active Directory domain controller to become overloaded with
authentication requests.
To prevent Windows Server 2003-based domain controllers from being
overloaded with authentication requests, configure each Windows Server
2003-based domain controller to emulate a Windows NT 4.0-based domain
controller during the upgrade process. Configuring a newly upgraded Windows
Server 2003-based domain controller to emulate a Windows NT 4.0-based domain
controller by using the NT4Emulator registry entry shields the new domain
controller from getting too many authentication requests from Active
Directory clients. Shielding the Active Directory domain controller takes
place before the operating system is upgraded to Windows Server 2003 to
prevent clients running Windows 2000, Windows XP, and Windows Server 2003
from ever establishing exclusive communications with a Windows Server
2003-based domain controller.
When upgrading additional Windows NT 4.0-based domain controllers after the
PDC has been configured to emulate a Windows NT 4.0-based domain controller,
you must remember to configure the computer you are upgrading with the
NeutralizeNT4Emulator registry entry. This is so that the additional domain
controller will recognize the upgraded PDC that is emulating a Windows NT
4.0-based domain controller as an Active Directory domain controller. If the
computer is not configured to neutralize emulation, you will not be able to
install Active Directory because the additional domain controller will not
be able to authenticate to an Active Directory domain controller.
For each site in which clients are running Windows 2000, Windows XP, and
Windows Server 2003, ensure that you have enough Windows Server 2003-based
domain controllers deployed in that site before removing Windows NT 4.0
emulation.
ii) logon script cannot export/import between Dcs, cause of the differentUse lbridge.cmd out of the resource kit to replicate sysvol on 2003 and
path? how to get rid of this problem?
netlogon in NT.
http://technet2.microsoft.com/WindowsServer/en/Library/6e81e1f0-7d13-480b-be24-5887f8bfa3cc1033.mspx
iii) if Win2k3AD is crashed, can we promote the existing NTBDC to NTPDC?I don't know if this is technicaly possible, but the thought of trying it
makes the hair on the back of my nech raise. I'd put another AD domain
controller on the network AND keep a good system state backup. The second
machine could even be a desktop class machine for now.
some detailed i need pay more attention?
Many thanks in advance for your kindness and share.
.
- Prev by Date: Re: Tombstoned DC
- Next by Date: Re: Managing another domain via AD
- Previous by thread: Re: Upgrading NT4.0 To Windows Server 2003
- Next by thread: Re: Managing another domain via AD
- Index(es):
Relevant Pages
|
Loading
