Help reverse win2k upgrade

[annapuvat]

I am a newbie to win2k who recently upgraded our departmental NT
domain(1pdc + 2 bdc + 2 win2k servers) to Win2k mixed mode. Am now
having trouble promoting a new WIN2K server to a DC. The steps I
undertook to upgrade are:
Promote an NT4 bdc (host name: bdc02) to pdc. Disconnect the original
pdc(host name: dept-pdc). Upgrade new bdc to Win2k. Start AD and
enable DNS on the new DC. NT domain name is dept-domain. We use static
IP and corporate DNS (suffix abc.com) and proxy servers for internet
access. During win2k upgrade, I provided a new domain name def.corp
with the intention of creating a standalone intranet domain that would
use dns forwarders to the corporate DNS servers for internet access.
Everything seemed to work as all desktops and users continued
connecting to 'dept-domain' without any problems.
At this point I made the mistake of bringing back 'dept-pdc' online as
an additional NT bdc. Next I setup a new Win2k server and tried to
promote it DC, but dcpromo did not recognize either win2k domain
'def.corp' or the NT4 domain 'dept-domain'. I also notice in ipconfig
that the Win2k DCs host name is bdc02.abc.com and it's primary DNS
suffix is def.corp. I also notice that the host name for my win2k
desktop shows desktop.def.corp
I suspect that the DC was not setup right as evidenced by its host
name and would like to start over.
Can I remove the DC from the network and promote one of the NT bdcs to
a pdc.
Any help/advise would be greatly appreciated

 

[Ace Fekay [MVP]]

Wow, complicated set of circumstances. Read below inline...

In

I am a newbie to win2k who recently upgraded our departmental NT
domain(1pdc + 2 bdc + 2 win2k servers) to Win2k mixed mode. Am now
having trouble promoting a new WIN2K server to a DC. The steps I
undertook to upgrade are:
Promote an NT4 bdc (host name: bdc02) to pdc. Disconnect the original
pdc(host name: dept-pdc). Upgrade new bdc to Win2k.

You should have promoted this to a PDC prior to the upgrade.

Start AD and
enable DNS on the new DC. NT domain name is dept-domain. We use static
IP and corporate DNS (suffix abc.com)

The Primary DNS Suffix MUST match the AD domain name that the machine is a
domain controller of. That can be pre-set in NT4 prior to the upgrade by
going into NT4's TCP/IP properties, DNS tab.

and proxy servers for internet
access. During win2k upgrade, I provided a new domain name def.corp

I guess you didn't change the suffix in NT4 prior to the upgrade?

with the intention of creating a standalone intranet domain that would
use dns forwarders to the corporate DNS servers for internet access.
Everything seemed to work as all desktops and users continued
connecting to 'dept-domain' without any problems.

Is that dept-domain.abc.com or dept-domain.def.corp?
If this is miss-matched to the Primary DNS Suffix, the SRV records would
never have been created and would cause major problems. If the users are
using the legacy method to logon (username, password and select NeBIOS name
on the bottom drop down box), then I can see why they can login. Otherwise,
I bet a UPN logon ([email protected] + password) will not work.

At this point I made the mistake of bringing back 'dept-pdc' online as
an additional NT bdc.

Never should have done that.

Next I setup a new Win2k server and tried to
promote it DC, but dcpromo did not recognize either win2k domain
'def.corp' or the NT4 domain 'dept-domain'.

That is a DNS issue and points back to the SRV records probably not being
there.

I also notice in ipconfig
that the Win2k DCs host name is bdc02.abc.com and it's primary DNS
suffix is def.corp.

A mis-match. Not good. What is the domain name again? (getting confused with
the names that it should be compared to what you have).

I also notice that the host name for my win2k
desktop shows desktop.def.corp
I suspect that the DC was not setup right as evidenced by its host
name and would like to start over.
Can I remove the DC from the network and promote one of the NT bdcs to
a pdc.
Any help/advise would be greatly appreciated

If still in mixed mode, dump your W2k boxes, bring the original PDC back up
and use that for authentication, then take one of the W2k's you dumped,
reinstall NT4 as a BDC, then take the PDC offline, then take the BDC,
promote it to a PDC, set the DNS suffix correctly in it's properties,
install DNS on it, then run the upgrade and tell it to use this server for
DNS. It will upgrade everything properly. Then when adding another DC, only
point DNS to the first one you just upgraded, then run DCPROMO on it.

Hope that helps.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[annapuvat]

Ace, thanks for your advice. I realize that I did not change the DNS
suffix abc.com in NT to def.corp prior to upgrade. I guess users are
therefore logging on in NT legacy method.

My original PDC (host name: dept-pdc) is now running as a BDC in the
new win2k domain def.corp If I disconnect and dump the win2k DC
(dept-bdc02), will I be able to promote dept-pdc to a PDC ? I have
approx 100 users, all using win2kpro. All our file and print servers
in old NT domain (dept-domain) were win2k servers. Will the users
still be able to login in NT legacy method ?

My departmental NT domain name is dept-domain using external dns
servers and dns suffix abc.com for internet access and other corporate
sites. With the win2k upgrade, I was trying to setup and
internal/departmental dns running on DC. The DC dns would then forward
internet requests to the external dns servers. That's the reason I
chose the AD domain name as def.corp instead of dept-domain.abc.com
Is this the right approach ??

thanks again, and regards

 

[Ace Fekay [MVP]]

Hi, my responses are inline...

In

Ace, thanks for your advice. I realize that I did not change the DNS
suffix abc.com in NT to def.corp prior to upgrade. I guess users are
therefore logging on in NT legacy method.

Sounds like it at this time.

My original PDC (host name: dept-pdc) is now running as a BDC in the
new win2k domain def.corp If I disconnect and dump the win2k DC
(dept-bdc02), will I be able to promote dept-pdc to a PDC ?

As long as dept-pdc is still an NT4 machine, absolutely. Just you can' bring
the W2k DC back online again once you've done that and would be pretty much
committed to the upgrade.

I have
approx 100 users, all using win2kpro. All our file and print servers
in old NT domain (dept-domain) were win2k servers. Will the users
still be able to login in NT legacy method ?

Yes. That is the only method that NT4 uses anyway. UPN is an AD only
feature.

My departmental NT domain name is dept-domain using external dns
servers and dns suffix abc.com for internet access and other corporate
sites.

That will need to change to whatever the AD DNS domain name you plan on
using. At this point, once you're back to NT4, you can change the name to
whatever you want. You do NOT have to use the ISP assigned name whatsoever.
That is what THEY (ISP) want you to think. No need to do that.

Do not forget, DO NOT USE your ISP's DNS server. Only YOURS. Setup DNS on
the NT4 machine and point itself to it ONLY. Remove the ISP's DNS please.

With the win2k upgrade, I was trying to setup and
internal/departmental dns running on DC. The DC dns would then forward
internet requests to the external dns servers.

That is the correct method. If everyone is currently pointing to the current
W2k DC for DNS, that is fine. Once you remove that to go theur the upgrade
again (as per my suggestions), you can either change the NT4 IP address to
reflect the old DC/DNS address or keep it whatever it's currently set to. If
you change it, you also have to change your DHCP option (and adjust WINS if
you have it running). (On another note, hope you're not using your router as
a DHCP server).

Maybe easier to change it to the W2k IP since that will save you having to
change DHCP Options.

That's the reason I
chose the AD domain name as def.corp instead of dept-domain.abc.com
Is this the right approach ??

No. The ISP has no bearing on what internal private domain name you choose
or what the suffix is. That is your own thing. The suffix MUST be set to
your planned AD DNS Domain name. If your current name is NT4 NetBIOS domain
name is "dept-domain", then I would suggest to use "dept-domain.com" or
"dept-domain.net" as the new name (to lessen confusion).

Keep in mind if you have an external company domain, you can choose to make
it the same, but requires additional admin tasks and reg changes. I would
rather suggest (to make it easier on you) that if your external domain is
dept-domain.com, to make your internal name dept-domain.net, etc. See what I
mean?

Whatever you choose, make sure that name is set in NT4's properties FIRST
prior to running dcpromo. MUST be the same.....

thanks again, and regards

Hope that helps. Here's a great general link on AD and DNS that you can use
as a reference:

Deploying and Designing Active Directory [DNS Design, Migration, Cert Auth,
Branch Offices, Exchange, ADC, Import-Export, etc]:
http://www.microsoft.com/technet/tr...prodtechnol/AD/windows2000/deploy/default.asp


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[annapuvat]

Ace, Thanks again for your valuable advice. I was able to redo the
upgrade correctly (imo) this time.
After the in-place upgrade, I now have a win2k domain def.corp with a
win2k domain controller DC1 The computer name correctly reads
DC1.def.corp. I was also able to build a new win2k server DC2 and
dcpromo it as the second win2k domain controller.
DC1 is setup with AD DNS and points to itself as the preferred DNS
server. I also setup DC2 as a DNS server with the intention of using
DC2 as the alternate DNS server in the domain. DC2 is pointing to DC1
as the preferred DNS server. Is this right, or should DC2 point to
itself as the preferred DNS server ?

Also, how do I create a backup of the global catalog from DC1 to DC2 ?

Thanks in advance

Hi, my responses are inline...

In

Ace, thanks for your advice. I realize that I did not change the DNS
suffix abc.com in NT to def.corp prior to upgrade. I guess users are
therefore logging on in NT legacy method.

Sounds like it at this time.

My original PDC (host name: dept-pdc) is now running as a BDC in the
new win2k domain def.corp If I disconnect and dump the win2k DC
(dept-bdc02), will I be able to promote dept-pdc to a PDC ?

As long as dept-pdc is still an NT4 machine, absolutely. Just you can' bring
the W2k DC back online again once you've done that and would be pretty much
committed to the upgrade.

I have
approx 100 users, all using win2kpro. All our file and print servers
in old NT domain (dept-domain) were win2k servers. Will the users
still be able to login in NT legacy method ?

Yes. That is the only method that NT4 uses anyway. UPN is an AD only
feature.

My departmental NT domain name is dept-domain using external dns
servers and dns suffix abc.com for internet access and other corporate
sites.

That will need to change to whatever the AD DNS domain name you plan on
using. At this point, once you're back to NT4, you can change the name to
whatever you want. You do NOT have to use the ISP assigned name whatsoever.
That is what THEY (ISP) want you to think. No need to do that.

Do not forget, DO NOT USE your ISP's DNS server. Only YOURS. Setup DNS on
the NT4 machine and point itself to it ONLY. Remove the ISP's DNS please.

With the win2k upgrade, I was trying to setup and
internal/departmental dns running on DC. The DC dns would then forward
internet requests to the external dns servers.

That is the correct method. If everyone is currently pointing to the current
W2k DC for DNS, that is fine. Once you remove that to go theur the upgrade
again (as per my suggestions), you can either change the NT4 IP address to
reflect the old DC/DNS address or keep it whatever it's currently set to. If
you change it, you also have to change your DHCP option (and adjust WINS if
you have it running). (On another note, hope you're not using your router as
a DHCP server).

Maybe easier to change it to the W2k IP since that will save you having to
change DHCP Options.

That's the reason I
chose the AD domain name as def.corp instead of dept-domain.abc.com
Is this the right approach ??

No. The ISP has no bearing on what internal private domain name you choose
or what the suffix is. That is your own thing. The suffix MUST be set to
your planned AD DNS Domain name. If your current name is NT4 NetBIOS domain
name is "dept-domain", then I would suggest to use "dept-domain.com" or
"dept-domain.net" as the new name (to lessen confusion).

Keep in mind if you have an external company domain, you can choose to make
it the same, but requires additional admin tasks and reg changes. I would
rather suggest (to make it easier on you) that if your external domain is
dept-domain.com, to make your internal name dept-domain.net, etc. See what I
mean?

Whatever you choose, make sure that name is set in NT4's properties FIRST
prior to running dcpromo. MUST be the same.....

thanks again, and regards

Hope that helps. Here's a great general link on AD and DNS that you can use
as a reference:

Deploying and Designing Active Directory [DNS Design, Migration, Cert Auth,
Branch Offices, Exchange, ADC, Import-Export, etc]:
http://www.microsoft.com/technet/tr...prodtechnol/AD/windows2000/deploy/default.asp


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Ace Fekay [MVP]]

In

Ace, Thanks again for your valuable advice. I was able to redo the
upgrade correctly (imo) this time.
After the in-place upgrade, I now have a win2k domain def.corp with a
win2k domain controller DC1 The computer name correctly reads
DC1.def.corp. I was also able to build a new win2k server DC2 and
dcpromo it as the second win2k domain controller.
DC1 is setup with AD DNS and points to itself as the preferred DNS
server. I also setup DC2 as a DNS server with the intention of using
DC2 as the alternate DNS server in the domain. DC2 is pointing to DC1
as the preferred DNS server. Is this right, or should DC2 point to
itself as the preferred DNS server ?

Also, how do I create a backup of the global catalog from DC1 to DC2 ?

Thanks in advance

Glad to hear it! You've got the DNS settings correct. First to the other
one, second to itself. If you have any more probs, just post back and one of
use will surely take care of you!