General discussion

Locked

Mixed Domain Controllers --NT/2000

By LEGJ1 ·
I have a simple question for you and hope to find some good answers. We are converting a 250 node workgroup to a domain. The workgroup has been running a PDC (NT 4) but it literally acts as a Member Server (file sharing). We have purchased 2 Win2000 servers that will be setup as a DC and an Exchange server. The question: Should I leave the PDC in place and demote it to a BDC once I install the new 2000 DC? Or would I be better off demoting the PDC to a Member Sever before the conversion(obviously via re-install of NT)? All clients are running Win2k and NT 4. I would like to utilize AD, but fear possible probs with NT BDC. Any thoughts would be appreciated on this. Demote to Member Server or leave as a DC(BDC)? Obviously, I get out of some work by leaving as a DC(BDC). Any thoughts? Thanks!

This conversation is currently closed to new comments.

10 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Mixed Domain Controllers --NT/2000

by LordInfidel In reply to Mixed Domain Controllers ...

First I am going to assume that you messed up your wording in saying that you have a "WorkGroup" with a PDC. (There are no PDC's in a Workgroup, only NT domains have PDC'S)

With that in mind, and assuming that you have a NT4 domain. In order tokeep your current domain you will need to Upgrade the PDC.

But before I would go doing this, I would first make sure that you have at least 2 BDC's already functioning on the network. If you do not have a BDC currently in the domain, build one first. This is in the event of an upgrade failure.

Also, It would be a good Idea to ghost the drive of your PDC and or back it up.

Once the upgrade to 2K is sucessful, upgrade any BDC's you have to 2K immediately after.

Collapse -

Mixed Domain Controllers --NT/2000

by LordInfidel In reply to Mixed Domain Controllers ...

Now the next part that I would do seems extreme, but there is a reason behind it.

Before I would start out I would also build a "temp" 2K server from scratch. This server would not be joined to the domain. It would just be a standalone.

Onceyour new domain is up and running with AD. Bring the "temp" 2k server online and make it a Global Catalog server. Then one by one remove the upgraded domain controllers, starting with the upgraded BDC, then the upgraded PDC. You use the dcpromo command in order to achieve this.

So by the time you are done, you have 1 freshly installed 2K AD DC. Then take the system(s) that you want to be the real DC's and reinstall them fresh and put AD back on them.

The reason I take this step is that I have been very leary about the end result's of upgrades.

Collapse -

Mixed Domain Controllers --NT/2000

by LordInfidel In reply to Mixed Domain Controllers ...

Now if you TRULY have a workgroup, that is you do not have a domain. There is not really an Upgrade path since you have no PDC.

I would then Bring a 2K temp server online, create the domain using AD, create your users and OU's. Then join a computer to the domain and test it. As long as it works, back up the server that you wish to be the real DC. **** it away and start fresh installing 2k on it.

Once 2k srvr is installed on it. Install AD, (using dcpromo), install it in the same domain. Once it is installed, Make it a GC (sites and services) then run dcpromo on the "temp" 2k DC, removing it from the domain.

Good rules of thumbs says to always have 2 DC's configured as a Global Catalog Server (GC).

Some books to get and read:
1. Inside windows 2000 server by william boswell, published by new riders

2. MCSE Win2000 Accelerated Training Kit, published by MSPress.

They both have excellent guides for doing this sort of thing.

Good Luck

Collapse -

Mixed Domain Controllers --NT/2000

by LEGJ1 In reply to Mixed Domain Controllers ...

I appreciate this help and will award points eventually, but I do have the same question. I know this is confusing, but the NT4 PDC is not authenticating or being used as a PDC. It has been used for File Sharing is all. So, in fact, we are running a 250 node workgroup (God help me). The PDC has NO role in the network...other than File Sharing. My question is the same: Should I demote to a member server before I bring the win2k servers on board? Or Should I leave as a PDC and demote to a BDC. I am concerned about having mixed DC's and running AD. Hope I have cleared this up a bit. It is a very different network. I appreciate your responses and look forward to the next one. You are the POINT man! Thanks! Is acceptable, but wanta bit more. Sorry!

Collapse -

Mixed Domain Controllers --NT/2000

by LordInfidel In reply to Mixed Domain Controllers ...

Sorry for "the book", but there is a lot of information to cover.

Ok so I am going to try to repeat what you just told me so that I see if I have this straight.

You have

1 NT4 Server configured as a PDC for a NT4 domain called lets say Domain1

You have 250 Client machines running 95/98/NT. NO machines are joined to Domain1. ALL machines are running in Workgroup mode.
Let's call it workgroup1

Questions: If the NT4 server is only doing File sharing, what accounts are being used to access the server from the client machine?

Is everyone logging in with the same account? That is you created a account on domain1 that is what everyone
uses to log in. If so then the solution is very easy.

Or do you have seperate accountsfor each person created on the PDC? If so then your PDC IS doing authentication. And in order to keep the accounts you will need to use the upgrade scenario.

Collapse -

Mixed Domain Controllers --NT/2000

by LordInfidel In reply to Mixed Domain Controllers ...

Now If there are NO user accounts created on the PDC for Domain1, then this is what I
would do.

The very first thing I would do is Map out my domain on paper (visio etc). In reality you are starting from
scratch. Write down the hierachy, the differnent sections, figure out what you want
to call the domain, etc. Get a good working model of your new domain. Because that is what it basically is.

This is also a perfect time to redo your file structure.

Then Make a "Temp" Win2K server. First thing that you do is Install DNS on it.
After you install DNS, Configure it to accept dynamic updates. This is where you specify
what domain name your dns is authoritative for. It will be the same one as your AD domain name.
IE Company.com

Once DNS is installed. Then use the DCpromo command to start ActiveDirectory. (start/run/dcpromo)

Make a New Forest, New Domain in forest, first server in domain/forest. Call it company.com.

Once AD is installed and configured. Go into Computers and Users and start populating it with
OU's, Printers and Users. Get the hierachy and permissions all worked out first before bringing the
domain officially on-line first.

Collapse -

Mixed Domain Controllers --NT/2000

by LordInfidel In reply to Mixed Domain Controllers ...

TIP- your file structure should mimic your organazational structure. When all sections are seperated into
their own units, it makes it 1000x's easier to manage, even though it takes some work and planning at first.

You are going to run into 1 problem, and that is how to bring your NT4 PDC file server into the new domain.
You can try to upgrade it and join in to an existing 2K ad domain. (I just have a disdain for upgrades)

Or if the files that you share out are on a seperate drive or in a drive array. You can disconnect the drive
that contains the files and rebuild the server from scratch with 2K. Joining into the DOmain and running
DCPromo on it. Don't forget to enable it as a GC.

Make sure that before you do anything with the NT4 PDC that you back up all of the files on it. Regardless of
whether or not it is on a seperate drive or array. Always backup!

Now comes the question, what do I do now with the temp 2k server. Well a rule of thumb is to have at least 2
servers up for authenticification. If you GC goes down and you do not have a redundant one, then that is a bad
thing. So In this scenario, I would eat the cost and buy another 2k server liscense. But you do not need
all 250 CAL's for it. For 250 users using 2 GC's for authent, I would buy 25 cals for it. As long as it is
doing nothing but authents.

Collapse -

Mixed Domain Controllers --NT/2000

by LordInfidel In reply to Mixed Domain Controllers ...

If you have not purchased CAL's for the 2K server that will be handling the File Sharing, I strongly suggest it.
You will need to figure out how many connections you will allow to the server. This will depend on how your
users use the file server.

Once you have the new domain completely rebuilt, you can then start joining ALL of your client machines to the
domain. Get them out of workgroup mode. There is no sense in building an AD domain if you are not going
to take advantage of it.
I know that this was long and drawn out. But you have to sit down and design this out before you start doing
it. And before designing it out, get those 2 books and read up on it. Don't feel pressured to jump in and
breaking your network apart if it is basically working. Do it right the first time and you will save yourself
from tons of work down the road.

Collapse -

Mixed Domain Controllers --NT/2000

by LEGJ1 In reply to Mixed Domain Controllers ...

Thanks Man! Good help! I will take this advice to the heart.

Collapse -

Mixed Domain Controllers --NT/2000

by LEGJ1 In reply to Mixed Domain Controllers ...

This question was closed by the author

Back to Windows Forum
10 total posts (Page 1 of 1)  

Related Discussions

Related Forums