Migration from NT Mixed to 200 Native?

[O/Siris]

Hi, and sorry for the vague post, but I'm really only starting to get a
handle on things.

I've just become "the I.T. guy" at a company, and their directory system is
basically nonexistent right now. They upgraded from NT to 2K and a couple
of the five servers are 2K3 now. But I just realized they never fully
updated to a Win2K Native AD structure.

I'm wondering if there are any "gotcha" moments I need to check for before I
I make the decision about whether to upgrade the directory structure.

One complicating factor I've run into, although it may not *really* matter:
DHCP and DNS are run by our ISP. I do not have access to DNS records to see
if SRV records can be created/supported, and I know just enough about AD to
think this could be a problem.

Guidance? Ideas? Suggestions?

Whatever you can give would be greatly appreciated.

-RØß-

 

[Danny Sanders]

I've just become "the I.T. guy" at a company, and their directory system

is basically nonexistent right now. They upgraded from NT to 2K and a
couple of the five servers are 2K3 now. But I just realized they never
fully updated to a Win2K Native AD structure.

I'm wondering if there are any "gotcha" moments I need to check for before
I I make the decision about whether to upgrade the directory structure.

The switch to native mode ONLY affects replication between the AD DCs and
any NT 4.0 BDCs. The replication will stop. With a NT 4.0 BDC on a native
mode domain..............add a user to the AD DC and that user will not get
replicated to the NT 4.0 BDC. If the user already has an account in the
domain and they change their password, the changed password will not get
replicated to the NT 4.0 BDC. Since the NT 4.0 BDC holds a read-only copy of
the SAM there would be no way to change the password on the BDC. The two
servers would become out of sync.

One complicating factor I've run into, although it may not *really*
matter: DHCP and DNS are run by our ISP. I do not have access to DNS
records to see if SRV records can be created/supported, and I know just
enough about AD to think this could be a problem.

Basic AD DNS setup is to install DNS on the DC for the AD domain.Point the
DNS server to itself for DNS in the properties of TCP/IP. All AD clients
MUST point to the DNS server for the AD domain ONLY. For Internet access
configure your AD DNS server to forward requests and list your ISP's DNS
server(s) as the forwarder. This is the only place on an AD domain your
ISP's DNS servers should be listed.

See:

Setting Up the Domain Name System for Active Directory

http://support.microsoft.com/default.aspx?scid=kb;en-us;237675



Best Practices for DNS Client settings in Windows 2000 server and in Windows
Server 2003

http://support.microsoft.com/default.aspx?scid=kb;en-us;825036



How to configure DNS for Internet access in Windows Server 2003

http://support.microsoft.com/default.aspx?scid=kb;en-us;323380





hth

DDS