Incorrectly named AD after no planning

?

######

Can anyone advise...
I have just started a new role where they have already
upgraded their old NT4 domain to Windows 2000 AD -
without any planning.
The current mess is as follows:
The Netbios domain is HQ-NTDOM0
The namespace is HQ-ntdom0.(charityname).South.Org.uk
The namespace that we want to use is (charityname).org.uk
and this will give us a domain of "charityname"

Does anyone know the best way to do this? I have three
ideas...
1) Create a new 2003AD domain called charityname in the
namespace charityname.org.uk - then create a "federated"
inter-forest trust and use ADMT to move clients and
accounts into the new domain.
2) Create a child domain and force it to have a different
namespace, then migrate clients into the new domain
3) Move to 2003 Native Mode and use Domain rename.

The two main problems that I have with all these options
is that all client machines will need to have their
domain name changed, and that our deployment of Exchange
2003 will need to wait until the new domain exists (we
have Exch5.5)

Any ideas anyone?
 
M

Matjaz Ladava [MVP]

If you have exchange in your forest, then forget about domain rename. If you
have budget to create a new forest and migrate then I would go with that.
This way you will have a clean AD without any legacy
who-knows-what-configuration problems.

--
Regards

Matjaz Ladava, MCSE, MCSA, MCT, MVP
Microsoft MVP - Active Directory
(e-mail address removed), (e-mail address removed)
http://ladava.com
 
S

Scott Harding - MS MVP

Another idea that I have done. Bring a NT4 BDC onto the network. Physically
disconnect the Win2k DC from the network. Promote the NT4 to PDC. Upgrade
that box to Win2k with the correct domain name and basically do the
migration again with the correct name. You can even rename the entire NT
domain name before upgrading to get it where you want if needed. Then your
Win2k AD domain will be up with the correct name and you won't have to touch
the clients. Once you know this is working keep your Win2k DC disconnected
and Dcpromo it down to a member server making sure to say it is the last DC
in the domain. This will remove Active Directory from that machine. Then you
can join the domain that was just re-upgraded from this machine and dcpromo
it back to a DC in the new domain and voila! This works quite well and
solves the domain rename issues that cannot be changed in Win2k. This could
be a tough depending on Group Policies or other things that may be in place
that are Win2k specific and you may have to rebuild those things from
scratch.

--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server

scrockel@***No_SPAM***hotmail.com
 
G

Guest

If I do this, and re-upgrade my NT4 domain called "HQ-
NTDOM0", does it allow me to change the NetBIOS name of
the domain from HQ-NTDOM0 to "Charityname". If so, will
all the client machines change their local domain
membership? I have 75 sites and 3000 clients, of which
99% of them are non-technical.
If the client computer profile is set up to be linked to
the username as in HQ-NTDOM0\username will it keep the
profile for the user when they log in as
CharityName\username?

Thanks for your advice, it seems like this could work...
 
S

Scott Harding - MS MVP

Well this is where it gets a little tricky. If you want to change your
Netbios domain name this must be done BEFORE upgrading to Win2k. So in this
case you will have to touch the clients but their profiles shouldn't change
because the Domain SID will still be the same. The only thing I am not sure
about is the domain name change, as in, will you have to touch all machines
to add the new domain name. This I am not sure about. The Domain SID will be
the same but the machines will still show the old domain name. What I would
suggest is to create this in a test environment first. Install a NT domain,
join a client to this domain, rename the domain and then see what you have
to do to the client machine to make it see this new domain, and check the
profile, this extra time testing this should only take a couple hours and
could ultimately save you a TON of work. Usually I do this when the AD FQDN
DNS name is wrong but the Netbios name is correct so I haven't done this
exact thing.....yet. This is one of the worst things about upgrading and I
have ran into this many times so you have to get creative. Using the ADMT
may be an option as well but I think the idea of changing the name is worth
pursuing becuase it may save a lot of time. Good luck and let us know what
happens!!

--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server

scrockel@***No_SPAM***hotmail.com
 
S

Scott Harding - MS MVP

Looks like your touching boxes from what that article
says.....hmmmm......changing domain name is not easy :) you might want to
talk to your boses and tell them No Way!!! I do it all the time. :) You
really don't want your internal name to be the same as your real Internet
name anyways for security reasons. Here's some info. on that.

http://support.microsoft.com/default.aspx?scid=kb;en-us;254680

http://support.microsoft.com/default.aspx?scid=kb;en-us;285983


--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server

scrockel@***No_SPAM***hotmail.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Incorrect AD namespace 2
AD domain name question 2
Strategies for cloning our production AD forest to a "dev" forest ? 2
Replication Topology Problems 1
NT4 to Active Directory Domain/Site Migration 1
Permissions Issue During NT4 to AD migration 3
Migrating User Profiles After Moving To New Domain 3
Migration Approach in NT4 to Win2K3 AD 1

Top