Re: In-place upgrade from NT to 2003, member server question
- From: "Ziek" <ziek@xxxxxxxxxx>
- Date: Wed, 15 Jun 2005 06:54:40 -0400
Hi Amanda,
I'm aware of the NT4Emulator key, but this is not the answer that I'm
looking for.
You say that "based on your experience, you needen't reboot the win2k member
servers and they will detect win2k3 DC and authenticate with them."
How will they detect win2k3 DC? I set up a test lab, and watched the
process happen, and the win2k member servers never detected win2k3 until I
rebooted them. So if you could explain to me why you think that they do not
need to reboot in order to detect win2k3, I would appreciate it.
When they reboot, win2k member servers perform DNS SVR lookups and detect
the new win2k3 DC's. But if they don't reboot, and they have already
authenticated using NTLM with a BDC, then how would they "switch" to
kerberos, while still online, without rebooting?
"Amanda Wang [MSFT]" <v-amanwa@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:95%23n9UWcFHA.3336@xxxxxxxxxxxxxxxxxxxxxxxx
> Hello,
>
> Thanks for your post.
>
> I understand you after in place upgrade from WinNT to Win2k3, if you don't
> reboot the Win2k member servers, how will they continue to operate?
>
> Based on my experience, you needn't reboot the Win2k member servers and
> they will detect Win2k3 DC and authenticate using kerberos with them.
>
> If you want to avoid overload issue, you need to add nt4emulator key and
> use Windows Server 2003 interim Functional Level. Actually, don't add
> NT4mulator, also work.
>
> Please note: this procedure is a temporary solution because that some
> win2k3 function does not work if you use NT4emulator. When you have
> sufficient Windows 2k3 domain controllers, you can remove the NT4emulator
> registry value on all the Windows 2k3 domain controllers. Then I would
> like provide some information related nt4emulator and Windows Server 2003
> interim Functional Level:
>
> 1. Add nt4emulator key
>
> After upgrading Windows NT PDC to Windows 2003, all the Windows 2000/XP
> clients may only authenticate with the Windows 2000/2003 DC, which make
> this DC overloaded.
>
> To avoid the problem, we can add an NT4Emulator registry entry before the
> upgrade. If we add it after the upgrade, we have to rejoin the Windows
> 2000/XP clients, which is not a good idea.
>
> HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters
>
> Entry: NT4Emulator
> Type: REG_DWORD
> Value: 0x1
>
> Reference:
>
> 298713 How to Prevent Overloading on the First Domain Controller During
> Domain
> http://support.microsoft.com/?id=298713
>
> 2. Use Windows Server 2003 interim Functional Level
> Interim functional level:
> o Supported domain controllers: Windows NT 4.0, Windows Server 2003
> o Supported features: There are no domain-wide features activated at this
> level. All domains in a forest are automatically raised to this level when
> the forest level increases to interim. This mode is only used when you
> upgrade domain controllers in Windows NT 4.0 domains to Windows Server
> 2003
> domain controllers.
>
> For more references:
>
> Enabling Windows Server 2003 Functional Levels in a Windows NT 4.0
> Environment
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKi
> t/faf881bd-5189-40bb-b2bb-08bd5b6759c9.mspx
>
> How To Raise Domain and Forest Functional Levels in Windows Server 2003
> http://support.microsoft.com/default.aspx?scid=kb;en-us;322692
>
> HTH!
>
> Thanks & Regards
>
> Amanda Wang [MSFT]
>
> Microsoft Online Partner Support
>
> Get Secure! - www.microsoft.com/security
>
> ====================================================================
>
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
>
> =====================================================================
>
> --------------------
>>From: "Ziek" <ziek@xxxxxxxxxx>
>>Subject: In-place upgrade from NT to 2003, member server question
>>Date: Tue, 14 Jun 2005 17:09:08 -0400
>>Lines: 10
>>X-Priority: 3
>>X-MSMail-Priority: Normal
>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>>X-RFC2646: Format=Flowed; Original
>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>>Message-ID: <#YHIKVScFHA.584@xxxxxxxxxxxxxxxxxxxx>
>>Newsgroups: microsoft.public.windows.server.migration
>>NNTP-Posting-Host: ottawa-hs-209-217-84-31.d-ip.magma.ca 209.217.84.31
>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
>>Xref: TK2MSFTNGXA01.phx.gbl
>>microsoft.public.windows.server.migration:10652
>>X-Tomcat-NG: microsoft.public.windows.server.migration
>>
>>If I do an in-place upgrade of my domain from NT4 to W2k3, I know that if
> I
>>reboot my win2000 member servers, they will detect the new Active
> Directory
>>domain controllers, and authenticate using kerberos with them.
>>
>>But if I don't reboot the win2000 member servers, how will they continue
> to
>>operate? Will they continue to use the BDC's ? What if I start
>>decomissioning my BDC's and shutting them down - will the win2000 member
>>servers suddenly "discover" the new win2k3 DC's ?
>>
>>
>>
>
.
- Follow-Ups:
- Re: In-place upgrade from NT to 2003, member server question
- From: Amanda Wang [MSFT]
- Re: In-place upgrade from NT to 2003, member server question
- References:
- In-place upgrade from NT to 2003, member server question
- From: Ziek
- RE: In-place upgrade from NT to 2003, member server question
- From: Amanda Wang [MSFT]
- In-place upgrade from NT to 2003, member server question
- Prev by Date: RE: PC Netlink
- Next by Date: RE: grant resource from domain to another domain
- Previous by thread: RE: In-place upgrade from NT to 2003, member server question
- Next by thread: Re: In-place upgrade from NT to 2003, member server question
- Index(es):
Relevant Pages
|
