Re: Rollback of failed NT domain upgrade

From: v-xuwen@xxxxxxxxxxxxxxxxxxxx (Vincent Xu [MSFT])
Date: Fri, 25 Aug 2006 02:52:57 GMT

Hi Steve,

Greate, let's know the results! I really appreciate that !

Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================

--------------------

Thread-Topic: Rollback of failed NT domain upgrade
thread-index: AcbGjptpesH/VzGmQiy7HAJB25R5Mg==
X-WBNR-Posting-Host: 24.161.121.108
From: =?Utf-8?B?c3RldmUgdHJldGFraXM=?=

<stevetretakis@xxxxxxxxxxxxxxxxxxxxxxxxx>

References: <1155575582.439192.178890@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>

<JD#7b4AwGHA.5696@xxxxxxxxxxxxxxxxxxxxx>
<1155665466.066504.270880@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
<2nRjDyNwGHA.5696@xxxxxxxxxxxxxxxxxxxxx>
<9848B6D4-0A63-409F-AEB2-12B9DD676890@xxxxxxxxxxxxx>
<BVVB1XnxGHA.4548@xxxxxxxxxxxxxxxxxxxxx>

Subject: Re: Rollback of failed NT domain upgrade
Date: Wed, 23 Aug 2006 01:32:02 -0700
Lines: 216
Message-ID: <44D87E1F-1D65-4B5E-B9B0-2525BF22B49C@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.windows.server.migration
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl

microsoft.public.windows.server.migration:24886

NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.windows.server.migration

Thanks for the quick reply, I was just about to test this,. Ill post amy
issues.

steve tretakis

"Vincent Xu [MSFT]" wrote:

Hi,

So far I don't see any issue on 2003&XP clients.

Thanks.

Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader

that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no

rights.

======================================================

--------------------

Thread-Topic: Rollback of failed NT domain upgrade
thread-index: AcbF69ugoFlIlijHSeq9xd+W+ZZsvg==
X-WBNR-Posting-Host: 65.215.0.150
From: =?Utf-8?B?c3RldmUgdHJldGFraXM=?=

<stevetretakis@xxxxxxxxxxxxxxxxxxxxxxxxx>

References: <1155575582.439192.178890@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>

<JD#7b4AwGHA.5696@xxxxxxxxxxxxxxxxxxxxx>
<1155665466.066504.270880@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
<2nRjDyNwGHA.5696@xxxxxxxxxxxxxxxxxxxxx>

Subject: Re: Rollback of failed NT domain upgrade
Date: Tue, 22 Aug 2006 06:07:01 -0700
Lines: 130
Message-ID: <9848B6D4-0A63-409F-AEB2-12B9DD676890@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.windows.server.migration
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl

microsoft.public.windows.server.migration:24872

NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.windows.server.migration

If i read that KBID that you posted correctly, that was an early

Windows

2000

issue, is it still an issue with 2003 & xp clients?

steve tretakis

"Vincent Xu [MSFT]" wrote:

Hi,

Yes. :)

Your understanding is correct.

Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your

newsreader

so

that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no

rights.

======================================================

--------------------

From: "phatgeezer" <LDunham@xxxxxxxxx>
Newsgroups: microsoft.public.windows.server.migration
Subject: Re: Rollback of failed NT domain upgrade
Date: 15 Aug 2006 11:11:06 -0700
Organization: http://groups.google.com
Lines: 56
Message-ID:

<1155665466.066504.270880@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>

References:

<1155575582.439192.178890@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>

<JD#7b4AwGHA.5696@xxxxxxxxxxxxxxxxxxxxx>
NNTP-Posting-Host: 216.8.88.3
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Trace: posting.google.com 1155665471 28268 127.0.0.1 (15 Aug

2006

18:11:11 GMT)

X-Complaints-To: groups-abuse@xxxxxxxxxx
NNTP-Posting-Date: Tue, 15 Aug 2006 18:11:11 +0000 (UTC)
User-Agent: G2/0.2
X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT

5.1;

SV1;

.NET CLR 1.1.4322; .NET CLR 1.0.3705),gzip(gfe),gzip(gfe)

Complaints-To: groups-abuse@xxxxxxxxxx
Injection-Info: m73g2000cwd.googlegroups.com;

posting-host=216.8.88.3;

posting-account=OAMDXg0AAACTQiDCKuCXhZFtIPe6KxgD
Path:

TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS02.phx.gbl!newsfeed00

..sul.t-online.de!t-online.de!border2.nntp.dca.giganews.com!border1.nntp.dca.

giganews.com!nntp.giganews.com!postnews.google.com!m73g2000cwd.googlegroups.

com!not-for-mail

Xref: TK2MSFTNGXA01.phx.gbl

microsoft.public.windows.server.migration:24803

X-Tomcat-NG: microsoft.public.windows.server.migration

Let me see if I understand...If an NT4 PDC is simply upgraded to

2003

without preparation, 2000/XP boxes in that domain will notice the
change and new logins will connect with full AD information

exchange

which could overload the initial DC put in place.

Therefore the NT4Emulator key goes on the PDC before upgrading it

2003, so that 2000/XP boxes will still connect to it as an NT

domain

as

a temporary measure until all 2003 DC's are in place.

However, the second 2003 DC in that domain will not promote

properly

if

the existing DC is running NT4Emulator, so the

NeutralizeNT4Emulator

key is installed on the 2nd DC so that it will participate in

full AD

information exchange as it is promoted. In addition, the 2nd DC

will

also require the NT4Emulator key before promotion so that 2000/XP

boxes

will not try to connect to *it* in full AD mode.

Once the 2nd 2003 DC is in place (or however many DCs are

required),

the NT4Emulator is removed from the all DCs, so that full AD
participation can begin by all machines in the domain.

Is that correct?

Vincent Xu [MSFT] wrote:

Hi,

By default, Windows 2000/XP clients use only Windows 2000-based

domain

controllers in a mixed-mode domain. Therefore, if you remove

your

only

Windows 2003 domain controller, all the Windows 2000/XP clients

cannot

log

into the domain.

For the rollback requirement, you may refer to article 284937

to add

NT4Emulator on Windows NT 4.0 PDC. Then upgrade the domain

controllers

to

Windows 2003 domain controller. In this situation, a Windows

2000/XP

client

will no longer receive group policy nor will it do Kerberos

authentication.

The Windows 2003 domain controller may just work like a Windows

4.0

PDC.

You can roll back the domain without rejoining the workstations

into

domain.

However, in this situation, if you want to promote a Windows

2003

domain

controller to a new Windows 2003 domain controller, you need to

add

the

value NeutralizeNT4Emulator. Otherwise, since the member server

does not

consider it as a Normal Windows 2003 domain, the promotion may

not

work.

In addition, this procedure is a temporary solution. If you

want to

have a

normal Windows 2003 domain, you should remove the NT4emulator

registry

value on all the Windows 2000/2003 domain controllers.

Best regards,

Vincent Xu
Microsoft Online Partner Support

References:
- Rollback of failed NT domain upgrade
  - From: phatgeezer
- RE: Rollback of failed NT domain upgrade
  - From: Vincent Xu [MSFT]
- Re: Rollback of failed NT domain upgrade
  - From: phatgeezer
- Re: Rollback of failed NT domain upgrade
  - From: Vincent Xu [MSFT]
- Re: Rollback of failed NT domain upgrade
  - From: steve tretakis
- Re: Rollback of failed NT domain upgrade
  - From: Vincent Xu [MSFT]
- Re: Rollback of failed NT domain upgrade
  - From: steve tretakis

Prev by Date: Re: ADMTv3 Questions
Next by Date: Re: WIN2K Pro cannot login to domain (In-place upgrade to 2003 R2 from NT4.0)
Previous by thread: Re: Rollback of failed NT domain upgrade
Next by thread: RE: Migration from Corrupt AD?
Index(es):
- Date
- Thread

Relevant Pages

Re: IE6 Wont let me See Graphics
... Vincent Xu ... Microsoft Online Partner Support ... NNTP-Posting-Host: 71.123.249.122 ...
(microsoft.public.windows.inetexplorer.ie6.browser)
RE: FSMT Fatal error - Non cluster - Src Win2k SP4 DC to Win2K3 SP
... Vincent Xu ... Microsoft Online Partner Support ... Get Secure! ...
(microsoft.public.windows.server.migration)
Re: Win2K to Win2003
... Microsoft Online Partner Support ... Thanks Vincent for your assistance. ... I have now raised a support ticket with Microsoft to resolve the ...
(microsoft.public.windows.server.migration)
Re: IE6 Wont let me See Graphics
... Vincent Xu ... Microsoft Online Partner Support ... NNTP-Posting-Host: 71.123.249.122 ...
(microsoft.public.windows.inetexplorer.ie6.browser)
RE: FSMT Fatal error - Non cluster - Src Win2k SP4 DC to Win2K3 SP
... Best regards, ... Vincent Xu ... Microsoft Online Partner Support ...
(microsoft.public.windows.server.migration)