RE: NT4EMulator / NeutralizeNT4Emulator

Hi Paul,

You are welcome.

As I said, for rollback requirements, you can safely add the two values.
However, it is a temporary solution, you should change it back after the
upgard is over.

Thanks.


Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================



--------------------
Thread-Topic: NT4EMulator / NeutralizeNT4Emulator
thread-index: Aca2ZucmZLezWut/Rhim95AZmvwvjw==
X-WBNR-Posting-Host: 143.111.43.45
From: =?Utf-8?B?UGF1bA==?= <Paul@xxxxxxxxxxxxxxxxxxxxxxxxx>
References: <9FEB4CB7-6173-45B9-A351-5FC080EAD4B0@xxxxxxxxxxxxx>
<8$33lydtGHA.3920@xxxxxxxxxxxxxxxxxxxxx>
Subject: RE: NT4EMulator / NeutralizeNT4Emulator
Date: Wed, 2 Aug 2006 12:07:30 -0700
Lines: 109
Message-ID: <AFA36D1D-14B5-48FD-AA52-67CB72E9F8CB@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.windows.server.migration
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.migration:24694
NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.windows.server.migration

This is what I will be planning to do during migration
1. Add the Nt4 EMulator and NeutalizeNT4 Emulator on PDC
2. migrate to DC controller
3. Take the Second member server add the both key NT4Emulator and
NeutralizeNT4Emulator.
4. Run Dcpromo

The reason I am adding 2 keys since I don't want the clients to
authenticate
or switch to kerberos right away. If I don't add the Nt4 EMualator on the
Second server then the windows 2000 or XP client will login to that DC.

Is this the safety option to add this two keys on all the DC so that if
something goes wrong with migration the clients will not be switched to
DNS
domain and they can login directly to NT 4.0 BDC If I have to pull out
the
DC off the network due to some unseeable issues the Client can
authenticate
via NT4. domain.

Thanks . Vincent I really apprecaite for helping me out so many times...

"Vincent Xu [MSFT]" wrote:

Hi Paul,

By default, Windows 2000/XP clients use only Windows 2000-based domain
controllers in a mixed-mode domain. Therefore, if you remove your only
Windows 2003 domain controller, all the Windows 2000/XP clients cannot
log
into the domain.

For the rollback requirement, you may refer to article 284937 to add
NT4Emulator on Windows NT 4.0 PDC. Then upgrade the domain controllers
to
Windows 2003 domain controller. In this situation, a Windows 2000/XP
client
will no longer receive group policy nor will it do Kerberos
authentication.
The Windows 2003 domain controller may just work like a Windows NT 4.0
PDC.
You can roll back the domain without rejoining the workstations into
domain.

However, in this situation, if you want to promote a Windows 2003
domain
controller to a new Windows 2003 domain controller, you need to add the
value NeutralizeNT4Emulator. Otherwise, since the member server does
not
consider it as a Normal Windows 2003 domain, the promotion may not
work.

In addition, this procedure is a temporary solution. If you want to
have a
normal Windows 2003 domain, you should remove the NT4emulator registry
value on all the Windows 2000/2003 domain controllers.


Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader
so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no
rights.
======================================================



--------------------
Thread-Topic: NT4EMulator / NeutralizeNT4Emulator
thread-index: Aca1mMf5lDHekxezRM+lceDGzAFCeA==
X-WBNR-Posting-Host: 143.111.43.45
From: =?Utf-8?B?UGF1bA==?= <Paul@xxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: NT4EMulator / NeutralizeNT4Emulator
Date: Tue, 1 Aug 2006 11:32:02 -0700
Lines: 15
Message-ID: <9FEB4CB7-6173-45B9-A351-5FC080EAD4B0@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.windows.server.migration
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.migration:24678
NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.windows.server.migration

I have 3 NT 4.0 Domain server. The network is Mid size appx less 1000
PC
workstation. I am planning to migrate to Windows 2003 DC. Should I
add
this
to the registry on PDC before Migration the key NT4Emulator and
NeutralizeNT4
Emulator on all the NT machines before I upgrade to 2003 DC.

Seconldy the member server which will be upgraded to 2003 DC does it
also
have those 2 keys added as well. Is there any issues using this key.

What about the Member server do they need the NeutralizeNT4 key as
well
to
communicate with DC.
The reason want to add if the migration has problem then it is easy
to go
back to NT domain otherwise you have to rejoin the domain for the
workstation.

I really appreciate for help.
Thanks...





.

Relevant Pages

  • Re: How DNS provides DC access
    ... As for DNS, W2k and newer clients' clientside extensions query DNS for a GC ... Q247811 - How Domain Controllers Are Located in Windows: ...
    (microsoft.public.win2000.dns)
  • client install problem in remote sites
    ... Primary site is a member server in PA running on Windows 2003. ... Secondary site #2 is in Sweden, running on Windows 2003 domain controller. ... clients in each site show in the console as assigned. ...
    (microsoft.public.sms.admin)
  • Re: New Domain Contollers
    ... WIndows 2003 domain controllers. ... All my clients are WIndows xp and they all seem to be logging into 1 domain controller - all workstations are showing this as the logon server. ...
    (microsoft.public.windows.server.active_directory)
  • Re: New user on 98 machine cannot log on to 2003 domain
    ... > no Windows 9x machine users would be able to login to the network. ... users who had accounts before the domain controllers were ... Users with accounts created after the upgrade ... > cannot login to the domain from 9x clients. ...
    (microsoft.public.windows.server.active_directory)
  • RE: NT4EMulator / NeutralizeNT4Emulator
    ... The reason I am adding 2 keys since I don't want the clients to authenticate ... Second server then the windows 2000 or XP client will login to that DC. ... Windows 2003 domain controller, all the Windows 2000/XP clients cannot log ... since the member server does not ...
    (microsoft.public.windows.server.migration)