Bart,
in - line....
That much I understood, (I belive) so I'll try to sum up
what you are saying to confirm this.
A WIN 2K server can not run active directory in native
mode on a NT4 network, it can however be set to run as a
Domain controled in AD mixed mode, with NT4 BDC's.
Again, and this is just semantics - if you have a WIN2000 Domain
Controller in your environment then this is a WIN2000 Active Directory
environment. Period! Whether it is is Native Mode or Mixed Mode is of no
consequence. In this very strict sense. It is a WIN2000 Active Directory
environment. I am sure that you understand this, it is just the language
that you used that causes me to think that there might still be some
confusion.
The offices PC's and servers are all over the place in
terms of OS, however the amount of WIN 2k servers is
growing and the amount of NT4 servers slowly shrinking.
From a support standpoint I would try to get every computer to at least
WIN2000 Professional. Dealing with WIN9x in a corporate environment is just
no fun. Granted, it can do the job. I just feel that WIN2000 Professional
should be the minimum. There are so many more things available to you -
Group Policy, for example. Moving towards WIN2000 Server can be a good
thing! WIN2000 is really a lot of fun and much easier to deal with than
WINNT 4.0 in my opinion. Although, WINNT 4.0 will still do the job. Just
depends on what you need to do.
Service pack 4 is on "Trouble"
That is also a good thing. I would try to have all of my WIN2000 Servers at
the same Service Pack level if possible. Start with the Domain Controllers
and then go to the Member Servers.
Our finance department needs somesoftare that requires AD
native mode, which means we need to move away from AD
mixed mode.
Who is telling you this? Being in Mixed Mode affects one and only one
thing: WINNT 4.0 BDCs continue to function as Backup Domain Controllers.
This is essentially the whole enchilada. That is it! Going to Native Mode
affects one and only one thing: WINNT 4.0 BDCs fail to function as Backup
Domain Controllers. Granted, there are a couple of other nice things that
are added: Universal Groups become available ( well, should say that
Universal Security Groups become available ), Group Nesting becomes
available and a couple of other things.
I am not aware of software requiring that you are in one specific AD Mode.
Making the one-time, one-way switch does not really affect anything else! I
would question this. Bear in mind, it very well may be true. I just am not
aware of any software having this requirement.
Currently if I switch to AD native mode I will be left
with only one machine running AD... not a situation I'm
comfortable with... adding to that is the fact that I'm
unsure what problem I'm encountering with "Trouble" could
it continue once I switch off the NT4 BDC's? I'll feel
much more comfortable if I can get "Trouble" running AD
in mixed mode as well or is this impossible?
It is a very wise and prudent thing to have multiple Domain Controllers.
Glad that you are unconfortable with having only one DC. Having the BDCs
*should* not interfere with dcpromoing Trouble from Member Server to Domain
Controller. Also, the mode -either Mixed or Native - should not have any
bearing on doing the dcpromo. Have you looked at the log which indicates
just what happened during the dcpromo process? This should guide us to the
problem.
Understood, I would like to have "Trouble" running when I
do this.
Remind me - is there a VPN between between these two Sites? We are talking
about two physical locations, correct? This was practically your first
sentence. You were able to join trouble to the domain while it was in the
172.19.32.0 Site, correct? Is the VPN a Site-to-Site VPN ( meaning,
Firewall-to-Firewall )?
Fine by me. It's good to know I can leave them running
during the swichover.
That you may.
This is an existing network, "Trouble" is the first
server I've worked on that relates to AD, or BDC, or are
you asking about on "Trouble"?
Then I might suggest that you look at the Active Directory Sites and
Services MMC and see if you have two Sites or just the one. WIN2000 creates
the first Site and it is called Default-First-Site-Name. There will not be
any Subnets created. You have to do that. All of your domain controllers
will be placed in this first Site - by default. That is, until you start to
create Subnets and associate those Subnets with Sites.
So, you would have the Default-First-Site-Name and nothing else. I would
start small and simply create the first Subnet ( the 172.19.0.0 Subnet ) and
associate it with the Default-First-Site-Name. No biggie. Give that 30
minutes. This is more than sufficient time for everything to replicate (
well, since you currently have only one WIN2000 AD Domain Controller there
really is no replication, is there? ). I would then create the second Site.
You can call it whatever you like - just so long as it makes sense to you.
BTW - you can also rename the Default-First-Site-Name to whatever makes
sense to you as well. This will not hurt anything or break anything.
Create the second Subnet and associate it with that second Site.
These appear to be for the first time setup, there is
already a running configured AD Mixed mode maching for
the site, just not on the subnet, since the subnet is
remote and on a sometimes fragile connection, it needs an
BDC or AD machine localy.
What type of connection are we talking about? This is important because
when you create the two Sites you will need to create a Site Link between
them. There are four parts to a Site Link - and the transport is one of
them. You have two choices: ISM-SMTP or DS-RPC. If you have a fragile
connection then typically you would use SMTP as the transport. When you
have a strong connection you would use RPC.
I will however read further into them, perhaps I'm not
understanding something.
Not understanding things is okay. There is a lot to know about WIN2000
Active Directory. Unfortunately, we can not simply put a book under our
pillows and know everything the next morning! Asking is always a good
thing.
2 DNS servers are listed 172.19.0.4 and 172.19.0.6.
and the options
Append primary and connection specific DNS suffixes,
Append parent suffixes of the primary DNS suffix
are checked.
That is a good thing to have: two DNS Servers. However, I see via the IP
Addresses that neither of these is your sole WIN2000 AD Domain Controller.
This could be a part of the problem as far as dcpromoing 'Trouble'. Are
these BIND DNS Servers or WINNT 4.0 DNS Servers? If they are BIND Servers,
what version? Hopefully at least 8.2.1 ( IIRC ) so that they support SRV
records. If they are WINNT 4.0 DNS Servers would it be possible to upgrade
them to WIN2000 so that you could be running WIN2000 DNS?
I'll look into this, I'll have to install some of the
commands before I can follow up with it.
Thanks
Bart
HTH,
Cary
