General discussion

Locked

NT to 2000 Domain

By Tim.Doyle ·
I have an NT 4 domain with 1 PDC, 2 BDC's and a number of NT4 and 2000 member servers. I have need to migrate to a 2K active directory. Thrown in for good measure is an Exchange 5.5 server running on one of my BDC's (bad idea I know...I didn't do it) which I want to migrate to Exchage 2000. I own all the licensing and media and the Exchange server is due for a hardware replacement anyway. ABout 180 domain users and 150 Exchange users across 11 locations, none more than a half hour one way drive from our central office where the servers are located, but one office is exactly opposite all other offices (one half hour north, all others are south of here).

My thoughts are to create a whole new domain, setup a full trust relationship andthen setup the Ex2K server with a full trust between the two Exchange servers so mail can flow transparently. This would leave me the leisure of moving users a department at a time to the new system without any major interruptions in services provided. Then once the mail is done I can remove the member servers and have them join the active directory...when all is said and done I'll simply shut off the old NT DC's and reformat them for another function.

My question is, is my basic premise sound? I want to minimize downtime and inconvenience to the users while minimizing my own headaches, driving time and off hours time (oddly enough I have some sort of life outside of work). Does anyone have anything to contribute to my basic plan orany tips to help avoid problems they experienced during a similar migration?

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

NT to 2000 Domain

by timwalsh In reply to NT to 2000 Domain

Actually, while your plan should work, you might be making this harder than it needs to be (by adding extra steps you don't really need).

A couple of unbreakable rules first (I like to reiterate these first as it can often save you from massive headaches later):
1. A Win2K Active Directory (AD) Domain Controller (DC) CANNOT exist in an NT4 domain.
2. An NT4 PDC CANNOT exist in an AD domain (but NT4 BDCs can).
3. Installing AD (by running dcpromo) on ANY Win2K server will create a Win2kDC.
4. To migrate an NT4 domain to a Win2K AD domain, Win2K (and AD) MUST be installed on the NT4 PDC (won't work on a BDC).
5. In order for AD to work properly, usually you MUST be hosting DNS locally. DNS must be capable of dynamic updates.
The process I am going to suggest is based on a couple of assumptions:
1. Your NT4 domain structure is functionally sound.
2. Your NT4 PDC meets all requirements for running Win2K Server.

The process I will suggest will require some off-hours work, but could remove any need to travel to the other locations.

Suggested process.

1. Take one of your BDCs (obviously not the one hosting Exchange) and force synchronization with the PDC. Physically disconnect this BDC from the network.This BDC will act as your fallback position should the following migration steps go awry. You could restore full domain functionality by reconnecting this BDC to the network and promoting it to PDC.
(continued)

Collapse -

NT to 2000 Domain

by timwalsh In reply to NT to 2000 Domain

2. If you aren?t running DNS locally, you need to install and configure it. Create forward and reverse lookup zones for your proposed AD domain name (your company.com). Enable dynamic updates. All servers and workstations need to point to thisDNS server for Primary DNS. If you wish (or need) to point to a DNS server outside your organization for Internet-related DNS queries, instead of adding this outside DNS server as a secondary DNS server, add the servers IP address as a Forwarder.
3. This is the part that should probably be done off hours. Install Win2K on your NT4 PDC. The installation program will recognize that Win2K is being installed on a PDC and automatically invoke the installation of AD.
During the AD installation process, you will be asked for an AD Domain name. Notice that you will have a NetBIOS domain name in addition to the AD domain name. When conducting a migration, this will default to your NT4 domain name (regardless of what the AD domain name is), and cannot be changed (more on why later).
Also during the AD installation process, you will be asked for the IP address of the DNS server hosting your AD DNS domain. This will be the DNS server created in step 2.
Unless you are joining a larger AD organization (maybe the AD forest of a parent company), this operation shouldn?t take more than a couple of hours. This of course assumes no glitches.
(continued)

Collapse -

NT to 2000 Domain

by timwalsh In reply to NT to 2000 Domain

Once this step has completed successfully, you have accomplished the following:
All user accounts have been migrated; all security settings/permissions/user rights have been maintained; domain membership of all computers/servers has been maintained(because the AD NetBIOS domain name is the same as your NT4 domain name); all file/printer shares have been maintained. You don?t need to travel to any of the other sites to change domain membership of any workstations/servers.
4. Since it soundslike you want to install Exchange 2K on a different server, you can actually do this at your leisure, though it would be easier if you were conducting an in-place upgrade (install Exchange 2K on top of Exchange 5.5). Install Exchange 2K on your chosen server (doesn?t have to be a DC), as an additional server in your existing Exchange 5.5 site. You can then move mailboxes/public folders from the old Exchange Server to the new Exchange server. The only downtime experienced by users will be thetime needed to move his mailbox and the time needed to point his email profile to the new Exchange server.

BTW, one reason I can think of that you WOULD want to follow the plan you initially layed out has to do with business politics (i.e. you want to rid your network of any vestiges of your previous NT domain name - regardless of what your AD domain name is, the NetBIOS domain name is what is seen by users in both the log-on box and in Network Neighborhood; in the case of a migration, this will be your previous NT domain name).

Hope this helps and good luck.

Collapse -

NT to 2000 Domain

by Tim.Doyle In reply to NT to 2000 Domain

Poster rated this answer

Collapse -

NT to 2000 Domain

by curlergirl In reply to NT to 2000 Domain

A lot of tim's comments are sound, but I think he is missing the point on something. If what are describing is what I THINK you are describing, you are talking about doing a full domain migration. That is, your Win2K domain will be a completely separate and new domain. If this is the case, I think your plan is very sound. I have done migrations this way in a couple of instances, and also done them the other way (by direct upgrade). I prefer the migration method for just the reasons you express. Doing it this way allows you to keep your old domain running with all attendant services and never miss a beat as you migrate users a dept. at a time. A few pointers from my experience:

1. First, download the Active Directory Migration Tool (lovingly called the ADMT) from the MS Windows 2000 web site and read up on it. This tool works well and is invaluable for the situation you are contemplating.

2. Establish your two-way trust between the two domains and TEST IT CAREFULLY and OFTEN. This is one of the things that seems to be a problem for a lot of people. I didn't have great problems with it, but I did find that I had to keep testing and checking to make sure it was working properly. It seemed to get wierd sometimes and I would have to remove and re-establish the trust even though it appeared that everything was working.

Collapse -

NT to 2000 Domain

by curlergirl In reply to NT to 2000 Domain

3. It works better, IMHO, if you do your Exchange migration all at once, either at the end or at the beginning. IOW, don't set up a separate Exchange server in the Win2K domain and leave the older 5.5 server running. Either move the entire Exchange organization to the new domain first, or last. Your users in both domains (by virtue of the two-way domain trust) will be able to use the Exchange server that is in either one of the two domains. I recommend doing it at the end, when all users are in the new domain. You can then install your new Exchange server into the same Exchange organization, move the mailboxes, public folders, etc. and remove the older server pretty much immediately. Here's a good MS Knowledgebase article on how to do this that you should read - 316886.

4. Think about any TCP/IP and DHCP issues carefully first. If you will have too many hosts (remember to include printers, routers, etc.) to have everything in one subnet, you have to work out any routing needs so that all will go smoothly. In my case, I had a large enough subnet already set up so that I could have both domains in one IP subnet. I set up my first new Win2K DC as the DHCP server for both domains using the same scope as my old one (remember, DHCP doesn't care about domain membership) and shut down my old NT4 DHCP services right away, so that all workstations and peripherals were using the new server for DHCP as soon as they renewed their leases. It worked very smoothly and I didn'thave to worry about setting up routing.

That's all I can think of at the moment. Good luck, and if you run into any problems, feel free to post back for additional help, or email me at synergy@synoffsys.com.

Hope this helps!

Collapse -

NT to 2000 Domain

by Tim.Doyle In reply to NT to 2000 Domain

Poster rated this answer

Collapse -

NT to 2000 Domain

by Tim.Doyle In reply to NT to 2000 Domain

This question was closed by the author

Back to Windows Forum
8 total posts (Page 1 of 1)  

Related Discussions

Related Forums