moving a 4.0 domain to an existing 2000 domain

  • Thread starter Thread starter Deb
  • Start date Start date
D

Deb

Hi,

We are running on a Windows 2000 network with just one domain. We want to
move an old 4.0 domain to our domain, but want this domain to be an island
of it's own with it's own security. The administrators of the 4.0 domain
should be the only people to have access to this domain. What's the best
way to accomplish this?

Thanks in advance,
Deb
 
Sorry, my original post was a bit vague. We want to eliminate the 4.0
domain and have only ONE domain, our existing 2000 domain. I believe there
is a way to make this old 4.0 domain a site or an organizational unit in our
2000 domain and give the 4.0 admins full control with nobody else having
control, but I'm not sure how to do this.
 
You *can* use ADMT to migrate users from the NT 4.0 domain to the Win 2k
domain and set them up as a site or an OU.
In that case the Admin for the Win 2k domain has access to change whatever
they want in the site/OU.
Example:

Mycompany.com is the root domain in the Win 2k forest. Mychild.mycompany.com
is a child domain of mycompany. So you have 2 domains, the root or parent
domain of "mycompany" and the child domain of "mychild". By default the
administrator has access to *all* sites and OUs in the mycompany domain.
There is *nothing* you can do to stop the Administrator in mycompany domain
from adding themselves to the enterprise admin group and as the enterprise
admin, they have access to *all* domains, sites, and OUs in the forest. In a
pure Win 2k set up the *only* way to keep the admin of mycompany domain from
accessing the mychild domain is to set up 2 forests. One forest would be
mycompany.com and the second forest would be mychild.com. Basically you
would have 2 parent domains and no child domains.

If you want the Win 2k domain admin's to have no access/authority over the
NT 4.0 domain you can not add it to the Win 2k forest.

You options are upgrade the NT 4.0 domain to Win 2k in a separate forest, or
leave it as NT 4.0 and set up trusts between the two domains.


hth
DDS W 2k MVP MCSE
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

moving an NT 4 domain to a 2000 domain 3
Windows 2000 can't join Windows server 2003 PDC 7
Windows 2008 R2 Domain controller 1
Adding a new win2000 Domain to a existing network with a NT 4.0 Do 1
Old domain name remains after migration 1
Changing domains for a windows domain controller 3
Moving data to Windows 2000 domain 1
Adding Domain Admins from a Trusted NT 4.0 Domain 2

Back
Top