Re: Rollback of failed NT domain upgrade

Tech-Archive recommends: Fix windows errors by optimizing your registry

Thanks for the quick reply, I was just about to test this,. Ill post amy
issues.

steve tretakis


"Vincent Xu [MSFT]" wrote:

Hi,

So far I don't see any issue on 2003&XP clients.

Thanks.


Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================



--------------------
Thread-Topic: Rollback of failed NT domain upgrade
thread-index: AcbF69ugoFlIlijHSeq9xd+W+ZZsvg==
X-WBNR-Posting-Host: 65.215.0.150
From: =?Utf-8?B?c3RldmUgdHJldGFraXM=?=
<stevetretakis@xxxxxxxxxxxxxxxxxxxxxxxxx>
References: <1155575582.439192.178890@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
<JD#7b4AwGHA.5696@xxxxxxxxxxxxxxxxxxxxx>
<1155665466.066504.270880@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
<2nRjDyNwGHA.5696@xxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Rollback of failed NT domain upgrade
Date: Tue, 22 Aug 2006 06:07:01 -0700
Lines: 130
Message-ID: <9848B6D4-0A63-409F-AEB2-12B9DD676890@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.windows.server.migration
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.migration:24872
NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.windows.server.migration

If i read that KBID that you posted correctly, that was an early Windows
2000
issue, is it still an issue with 2003 & xp clients?

steve tretakis

"Vincent Xu [MSFT]" wrote:

Hi,

Yes. :)

Your understanding is correct.


Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader
so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no
rights.
======================================================



--------------------
From: "phatgeezer" <LDunham@xxxxxxxxx>
Newsgroups: microsoft.public.windows.server.migration
Subject: Re: Rollback of failed NT domain upgrade
Date: 15 Aug 2006 11:11:06 -0700
Organization: http://groups.google.com
Lines: 56
Message-ID: <1155665466.066504.270880@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
References: <1155575582.439192.178890@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
<JD#7b4AwGHA.5696@xxxxxxxxxxxxxxxxxxxxx>
NNTP-Posting-Host: 216.8.88.3
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Trace: posting.google.com 1155665471 28268 127.0.0.1 (15 Aug 2006
18:11:11 GMT)
X-Complaints-To: groups-abuse@xxxxxxxxxx
NNTP-Posting-Date: Tue, 15 Aug 2006 18:11:11 +0000 (UTC)
User-Agent: G2/0.2
X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
SV1;
.NET CLR 1.1.4322; .NET CLR 1.0.3705),gzip(gfe),gzip(gfe)
Complaints-To: groups-abuse@xxxxxxxxxx
Injection-Info: m73g2000cwd.googlegroups.com; posting-host=216.8.88.3;
posting-account=OAMDXg0AAACTQiDCKuCXhZFtIPe6KxgD
Path:

TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS02.phx.gbl!newsfeed00

.sul.t-online.de!t-online.de!border2.nntp.dca.giganews.com!border1.nntp.dca.

giganews.com!nntp.giganews.com!postnews.google.com!m73g2000cwd.googlegroups.
com!not-for-mail
Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.migration:24803
X-Tomcat-NG: microsoft.public.windows.server.migration

Let me see if I understand...If an NT4 PDC is simply upgraded to 2003
without preparation, 2000/XP boxes in that domain will notice the
change and new logins will connect with full AD information exchange
which could overload the initial DC put in place.

Therefore the NT4Emulator key goes on the PDC before upgrading it to
2003, so that 2000/XP boxes will still connect to it as an NT domain
as
a temporary measure until all 2003 DC's are in place.

However, the second 2003 DC in that domain will not promote properly
if
the existing DC is running NT4Emulator, so the NeutralizeNT4Emulator
key is installed on the 2nd DC so that it will participate in full AD
information exchange as it is promoted. In addition, the 2nd DC will
also require the NT4Emulator key before promotion so that 2000/XP
boxes
will not try to connect to *it* in full AD mode.

Once the 2nd 2003 DC is in place (or however many DCs are required),
the NT4Emulator is removed from the all DCs, so that full AD
participation can begin by all machines in the domain.

Is that correct?





Vincent Xu [MSFT] wrote:
Hi,

By default, Windows 2000/XP clients use only Windows 2000-based
domain
controllers in a mixed-mode domain. Therefore, if you remove your
only
Windows 2003 domain controller, all the Windows 2000/XP clients
cannot
log
into the domain.

For the rollback requirement, you may refer to article 284937 to add
NT4Emulator on Windows NT 4.0 PDC. Then upgrade the domain
controllers
to
Windows 2003 domain controller. In this situation, a Windows
2000/XP
client
will no longer receive group policy nor will it do Kerberos
authentication.
The Windows 2003 domain controller may just work like a Windows NT
4.0
PDC.
You can roll back the domain without rejoining the workstations
into
domain.

However, in this situation, if you want to promote a Windows 2003
domain
controller to a new Windows 2003 domain controller, you need to add
the
value NeutralizeNT4Emulator. Otherwise, since the member server
does not
consider it as a Normal Windows 2003 domain, the promotion may not
work.

In addition, this procedure is a temporary solution. If you want to
have a
normal Windows 2003 domain, you should remove the NT4emulator
registry
value on all the Windows 2000/2003 domain controllers.


Best regards,

Vincent Xu
Microsoft Online Partner Support







.

Relevant Pages

  • RE: NT4 server and W2K3
    ... When responding to posts, please "Reply to Group" via your newsreader so ... |Subject: RE: NT4 server and W2K3 ... |Dell sent me a "Not For Upgrade" Windows SBS 2003 license, ...
    (microsoft.public.windows.server.migration)
  • Re: NT 4.0 to Windows 2003 Active Directory Upgrade
    ... I have tested the NT4Emulator key extensivly in multiple migration/domain ... The purpose of the NT4Emulator key is to prevent domain controller ... windows xp clients or member servers will authenticat againts it causing ... are upgrade ...
    (microsoft.public.windows.server.active_directory)
  • Re: Can you put Pro upgrade over full version Home?
    ... I believe answer some of your posts yesterday. ... "Can I put the new windows xp cd on my old ... did you purchase an upgrade windows xp professional cd? ... > home computers - we want Pro on our new computer, ...
    (microsoft.public.windowsxp.general)
  • RE: upgrade from Windows Server 2003 Standard R2 to Windows Server 2003 Enterprise R2
    ... microsoft.public.windows.server.migration (Subject: upgrade from Windows ... When responding to posts, please "Reply to Group" via your newsreader so ...
    (microsoft.public.windows.server.migration)
  • Re: WINDOWS XP HOME EDITION : UPGRADE vs FULL INSTALL VERSION
    ... >> WHAT IS THE DIFFERENCE BETWEEN A FULL INSTALL VERSION & AN UPGRADE ... MY COMPUTER CURRENTLY HAS WINDOWS ME. ... Why have mine and Ken Blake's posts disappeared from this newsgroup? ...
    (microsoft.public.windowsxp.newusers)