Re: NT Domain to AD migration
- From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
- Date: Tue, 25 Sep 2007 22:34:50 +0100
Windows 2000? Remember that 2000 is under MS extended support, and soon will
be no support for 2000.
The steps are basically the same.
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
"Charles Woolever" <info@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:info-C59B1D.17201825092007@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Right now we're upgrading to W2K. You mention 2003. Is the process the
same?
Charles
In article <#KkHFqw$HHA.5360@xxxxxxxxxxxxxxxxxxxx>,
"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote:
Hi
* Backup the Servers.
* Take at least one BDC Offline (In case of UPGRADE FAILURE you always
can
promote it to a PDC). The only drawback to this method is that all
changes
that were made while the safe BDC was offline are lost. To minimize this
loss, you could periodically turn the safe BDC on and off (when the
domain
is in a stable state) during the upgrade process, to update its safe copy
of
the directory.
To convert the BDC to a PDC: Start -> Programs -> Administrative Tools ->
Server Manager -> Select the BDC, then go to the Computer Menu -> choose
Promote to primary Domain Controller.
* Make sure that the Hardware and apps meets the requirements.
* Make sure that all Apps installed are compatible with W2K3 and don't
cause
problems with the upgrade process or pos upgrade process.
* Run from command prompt:
Cdsource\I386\winnt32.exe /checkupgradeonly
- Before Upgrade:
* You can install a new computer (more powerful) make it a BDC,
SYNCRONIZE
and promote it to PDC and them perform the upgrade on the new PDC.
* Windows 2000/XP always prefer Kerberos authentication, so if the newly
upgraded NT4 to Windows 2003 goes down (Offline), the client machines
won't
be able to authenticate in the domain.
* If this is the case, before upgrade the NT.4 PDC, make the necessary
changes on the registry (NT4Emulator). If the NT4Emulator is configured
on
the newly PDC, and you want o upgrade the Existent BDCs, you also need to
create a registry entry on the BDCs (NeutralizeNT4Emulator) before the
upgrade.
Check:
Windows 2000-based clients connect only to the domain controller that was
upgraded from Windows NT 4.0 in a mixed-mode domain
http://support.microsoft.com/?kbid=284937
How to prevent overloading on the first domain controller during domain
upgrade
http://support.microsoft.com/kb/298713/
Once that all domain controllers are upgraded, remove the registry
settings
created in the previous steps.
Note: This sometimes may not need: E.g - if all existent BDCs will be sun
upgraded to Windows 2003.
- Dns Planning:
Prior to beginning the upgrade from Windows NT Server 4.0 to the Windows
Server 2003 Active Directory service, ensure that you have designed a DNS
and Active Directory namespace and have either configured DNS servers or
are
planning to have the Active Directory Installation Wizard automatically
install the DNS service on the domain controller.
Active Directory is integrated with DNS in the following ways:
Active Directory and DNS have the same hierarchical structure. Although
separate and implemented differently for different purposes, an
organization's namespace for DNS and Active Directory have an identical
structure. For example, microsoft.com is both a DNS domain and an Active
Directory domain.
DNS zones can be stored in Active Directory. If you are using the Windows
Server DNS service, primary zone files can be stored in Active Directory
for
replication to other Active Directory domain controllers.
Active Directory uses DNS as a locator service, resolving Active
Directory
domain, site, and service names to an IP address. To log on to an Active
Directory domain, an Active Directory client queries its configured DNS
server for the IP address of the Lightweight Directory Access Protocol
(LDAP) service running on a domain controller for a specified domain.
While Active Directory is integrated with DNS and they share the same
namespace structure, it is important to distinguish the basic difference
between them:
DNS is a name resolution service. DNS clients send DNS name queries to
their
configured DNS server. The DNS server receives the name query and either
resolves the name query through locally stored files or consults another
DNS
server for resolution. DNS does not require Active Directory to function.
Active Directory is a directory service. Active Directory provides an
information repository and services to make information available to
users
and applications. Active Directory clients send queries to Active
Directory
servers using LDAP. In order to locate an Active Directory server, an
Active
Directory client queries DNS. Active Directory requires DNS to function.
If use BIND DNS servers Make sure that you have BIND 8.1.2
- Supports: Srv records, Dynamic Updates, Doesn't Support Secure Dynamic
Updates (this is one disadvantage over the MS Dns server Servers, and
represents security issues).
- Create Primary Zone
If Use 2003 DNS
* Create Primary Zone
* You can use an pre existent Dns or you can create it during the upgrade
process.
* Convert to AD-Integrated.
* NetDiag /fix (This is an extra measure, to register the necessary dns
records).
Check:
Troubleshooting DNS
http://technet2.microsoft.com/windowsserver/en/library/e42d510a-443d-4c31-96da
-f66a67a89d861033.mspx?mfr=true
How to Verify the Creation of SRV Records for a Domain Controller
http://support.microsoft.com/?id=241515
Verify DNS server responsiveness using the nslookup command
http://technet2.microsoft.com/windowsserver/en/library/f8761f04-d665-4507-9509
-ebb92bbb66ef1033.mspx?mfr=true
- The Upgrade.
* Check if you're on the PDC -> Start -> Programs -> Administrative
Tools ->
Server Manager. Right click on Network Neighborhood -> check the name.
Run from command prompt:
Cdsource\I386\winnt32
* The first server running Windows NT Server 4.0 that you must upgrade is
the primary domain controller (PDC), then you upgrade all remaining BDCs.
To
check if you're on the PDC: Start -> Programs -> Administrative Tools ->
Server Manager.
Check:
How To Upgrade a Windows NT 4.0-Based PDC to a Windows Server 2003-Based
Domain Controller
http://support.microsoft.com/?id=326209
If you don't have windows 2000 (Only NT4 and Windows 2003) in the domain
choose the FFL (Forest Functional Level) Windows 2003 interim.
* Make sure that your DCs Dns properties point to Right Dns server
(usually
the Dc is also a Dns server so it must point to itself).
* Once you have upgraded the Windows NT Server 4.0 and earlier PDC, you
can
proceed to upgrade all remaining BDCs.
* Make sure that you have 1 GC per site (GCs are needed unless: you only
have one domain, or the DFL is prior to Windows 2000 or Windows 2003).
* Make sure that network clients point to the Network Dns server only
(Usually the DC).
* If everything is ok, then and if all DCs are already Windows 2003, now
it's time to remove the registry entries (NT4Emulator,
NeutralizeNT4Emulator), and make the DFL and FFL windows 2003.
Verifying Active Directory Installation
http://technet2.microsoft.com/WindowsServer/en/Library/3d157c1a-5c80-...
Migrating from Windows NT Server 4.0 to Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?FamilyID=e92cf6a0-76f...
Upgrading from Windows NT Server 4.0
http://www.microsoft.com/windowsserver2003/upgrading/nt4/default.mspx
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
"Charles Woolever" <info@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:info-386A50.20013724092007@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I'm helping a small company move from an NT Domain to active directory.
I've prepped a few things. Some added details:
1) 1 PCD and 3 BDCs. All 4 have NT4. PCD and 1 BDC are too old to
upgrade to W2K Server. One BDC on a "newer" machine will get promoted
to
a PCD (old PCD demoted). Old PCD will be left running as a member. Old
BDC will get turned off. This leaves "newer" PCD and "newer" BDC.
2) Two "newer" machines will be upgraded to W2K Server. The PDC will
have AD enabled.
3) My understanding is that the wizard for AD will see that it was a
PDC
and "convert" things over.
4) The current domain for NT is..."NT_DOMAIN". I assume that AD will
want the domain that is used in Internal DNS and what externally is
used, abcde.com. How will the wizard convert users from "NT_DOMAIN" to
abcde.com? The suffix used all over already is abcde.com. I was using
BIND on a Linux box and I'm converting over to MS DDNS for AD and
dynamic support.
5) Domain is a simple domain, no tree or forests. No branch offices. It
actually serves them fine but they want to upgrade to a better Exchange
and SQL version. All other servers are already W2K. Desktops are W2K
and
XP Pro.
This is a small company with minimal use of servers. There is a file
server with permissions set via groups for that. There is no print
server; printers are accessed via TPC/IP. They have Exchange 5.5 SP4.
Once they move to AD, then they are going to upgrade to Exchange 2003.
I
know I need the AD connector from the W2K server CD for Exchange. There
is also WINS and DHCP on W2K server.
One other possible issue is a MS SQL 6.5 server that handles a
financial
package. My understanding is they have talked to the company who made
the software and they are stuck with 6.5. They are looking at
purchasing
a new package ($10K+) but are stuck right now with SQL6.5.
I'd love to hear some tips and suggestions for getting migrated over.
What to do first, etc.?
Thanks,
Charles
.
- Follow-Ups:
- Re: NT Domain to AD migration
- From: Charles Woolever
- Re: NT Domain to AD migration
- References:
- NT Domain to AD migration
- From: Charles Woolever
- Re: NT Domain to AD migration
- From: Jorge Silva
- Re: NT Domain to AD migration
- From: Charles Woolever
- NT Domain to AD migration
- Prev by Date: Re: Server 2000 domain upgrade to Server 2003
- Next by Date: ADAMsync not syncing all items
- Previous by thread: Re: NT Domain to AD migration
- Next by thread: Re: NT Domain to AD migration
- Index(es):
Relevant Pages
|
