RE: Can win9x clients connect to new 2003 domain
From: Jerryboz (Jerryboz_at_discussions.microsoft.com)
Date: 11/18/04
- Next message: Rebecca Chen [MSFT]: "RE: w2k3 DHCP, DNS, and WINS on same DC"
- Previous message: Rebecca Chen [MSFT]: "RE: Corrupted Recycle Bin - after migration"
- In reply to: Bob Qin [MSFT]: "RE: Can win9x clients connect to new 2003 domain"
- Next in thread: Bob Qin [MSFT]: "RE: Can win9x clients connect to new 2003 domain"
- Reply: Bob Qin [MSFT]: "RE: Can win9x clients connect to new 2003 domain"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 17 Nov 2004 23:35:04 -0800
Bob thanks for your reply and answers.
Question 1: Is the situation as i discribed in my first post an good
solution.
Question 2: Is it workable with the WAN links i discribed???? (Creating on
forest with 10 site, with each site having his own DC, and on the main site
min. of 2 dc's )
Question 3: What's the trigger for installing an second DC, besides failover
or redundancy. The amount of clients creating workload on AD?
With regards,
Jerry
"Bob Qin [MSFT]" wrote:
> Hi JerryBoz,
>
> Thanks for your posting here. Please see my comments inline...
>
> Question 1: When the new 2003 forest/domain is in native mode, is it still
> possible for win9x or NT4 clients without DSCLIENT to authenticate on the
> 2003 domain??
>
> --- Downlevel clients (such as Windows 9x/NT) will still authenticate to
> Windows Server 2003 via NTLM. DSClient adds support for NTLM version 2
> which is a more secure form of NTLM authentication. For added security, it
> is best if all Windows 95 and Windows 98 clients install the DSClient.
>
> In addition, you may have to turn off SMB Signing in the default DC policy
> but this was not recommended. Please refer to the following document for
> more information.
>
> 823659 Client, service, and program incompatibilities that may occur when
> you
> http://support.microsoft.com/?id=823659
>
> Question 2: Can the win9x or NT4 clients without DSCLIENT work with the
> data on the new DC's and still access files on the NT4 domain??
>
> --- Yes, you need to migrate user SID history during User account migration
> and keep the domain trusts there.
>
> Question 3: if question 1 and 2 are not possible what can we do to make it
> work??
>
> --- /
>
> Question 4: can y2k and XP clients who will be move to join the new 2003
> domain connect to the old NT4 domain to access the data still left on that
> domain??
>
> --- Yes. In fact, sIDHistory is used as a transitional tool intended to
> preserve access permissions until security on resources can be translated.
> The SIDHistory is stored on the new user account in the domain where the
> user was migrated. When user access is evaluated, SIDs from the ACLs and
> the access token are compared to find a match.
>
> Moving the clients to new 2003 domain does not touch the ACLs on the file
> server at all. The users will still have access through the SIDHistory.
>
> Wish the information helps.
>
> Regards,
> Bob Qin
> Microsoft Online Partner Support
>
> Get Secure! - www.microsoft.com/security
>
> ====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> ====================================================
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> --------------------
> From: "=?Utf-8?B?SmVycnlib3o=?=" <Jerryboz@discussions.microsoft.com>
> Subject: Can win9x clients connect to new 2003 domain
> Date: Tue, 16 Nov 2004 06:49:11 -0800
> Newsgroups: microsoft.public.windows.server.migration
>
>
> Hello a'm Jerry Boz and have the following situation:
>
> I have 9 resource domains (each on a different location connected by
> a 128
> or 256 WAN link) and 1 master domain (2Mb WAN link). All domains are
> NT4 with
> 1 PDC on the resource locations and 1PDC and 2 BDC and 1 central
> exchange 5.5
> server and internet connection with firewall on the master domain.
> (all the
> current hardware of the PDC's do not support windows server 2003)
> 200 clients (mostly win95 and NT and some XP) and 250 users on the
> master
> domain and approx. 240 global groups.
>
> We want to migrate from NT4 (10 domains) to 2003 with 1 domain. And
> leave
> the NT4 working as it is until all client are upgraded to XP (time
> approx. 6
> months)
>
> Recently we bought 2 new IBM x235 servers (not NT4 compatible).
> On these server we want to install a fresh copy of Windows 2003 and
> make
> them DC's for the new 2003 domain with AD and 1 new 2003 Exchange
> server.
>
> Next we want to make a 2way trust between the NT4 domain and the
> Yk203
> forest/domain.
>
> Next we want to copy all the user and groups from NT4 to the new 2003
> domain
> with AD with the ADMT2 tool. It seems that ADMT works only with the
> 2003 AD
> in native mode.
>
> Question 1: When the new 2003 forest/domain is in native mode, is it
> still
> possible for win9x or NT4 clients without DSCLIENT to authenticate on
> the
> 2003 domain??
>
> Question 2: Can the win9x or NT4 clients without DSCLIENT work with
> the data
> on the new DC's and still access files on the NT4 domain??
>
> Question 3: if question 1 and 2 are not possible what can we do to
> make it
> work??
>
> Question 4: can y2k and XP clients who will be move to join the new
> 2003
> domain connect to the old NT4 domain to access the data still left on
> that
> domain??
>
> Please forgive me my poor english.
>
> With regards
> JerryBoz
>
>
>
>
- Next message: Rebecca Chen [MSFT]: "RE: w2k3 DHCP, DNS, and WINS on same DC"
- Previous message: Rebecca Chen [MSFT]: "RE: Corrupted Recycle Bin - after migration"
- In reply to: Bob Qin [MSFT]: "RE: Can win9x clients connect to new 2003 domain"
- Next in thread: Bob Qin [MSFT]: "RE: Can win9x clients connect to new 2003 domain"
- Reply: Bob Qin [MSFT]: "RE: Can win9x clients connect to new 2003 domain"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
