Pretty Sure I Did This Wrong

D

Dave Waller

But...

I have an old NT 4 PDC (no BDC) and I have new machine and Windows 2003.
I built the new machine up as the PDC for the new domain and used
ADMT2 to get the users and groups.

Then I used robocopy to the move the files and dirs to the new machine.

However, I used the /SEC switch and the files now have the old domain
name on them along with the appropriate perms.

Is there a simple way to switch the domain part of the DACL?

I have been reading and I think I should have made the new machine a BDC
on the old domain and then promoted it to PDC then renamed the domain.
I can do that but I would rather not rebuild the machine. However in
retrospect it might have been quicker.

Dave Waller
 
H

Herb Martin

Dave Waller said:
But...

I have an old NT 4 PDC (no BDC) and I have new machine and Windows 2003.
I built the new machine up as the PDC for the new domain and used
ADMT2 to get the users and groups.
Click to expand...

First, you could NOT have done that (as described.) Win2003 (or 2000)
cannot be a "PDC for a domain" -- only NT can do that. You can only
have Win2000+ DCs in a Win2000+ domain.
Then I used robocopy to the move the files and dirs to the new machine.
Click to expand...

I will presume you installed Win2003 as a new DC and copied the files.
However, I used the /SEC switch and the files now have the old domain
name on them along with the appropriate perms.
Click to expand...

Why didn't you (still can probably) just upgrade the Domain? Add the
new DC etc?
Is there a simple way to switch the domain part of the DACL?
Click to expand...

SubInAcl.exe from the ResKit but don't complain that it is not simple.

I really suggest you look at taking a step back, upgrading the EXISTING
DOMAIN.
I have been reading and I think I should have made the new machine a BDC
on the old domain and then promoted it to PDC then renamed the domain.
Click to expand...

That would have worked -- but the "new machine" would have needed
NT (4) to do that, make it BDC, promote to PDC, upgrade machine
(and thereby domain) to Win2003.

Was your OLD PDC unable to run Win2003 (or even Win2000?) just
a little bit? (Doesn't have to be perfect, just enough to get this all
done.)
I can do that but I would rather not rebuild the machine. However in
retrospect it might have been quicker.
Click to expand...

It would have been quickest to upgrade the EXISTING PDC.

(Backup, upgrade, add new DC, done.)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Mixed Mode Catch 2
Migration Approach in NT4 to Win2K3 AD 1
Dual Domain Controllers 10
Global Catlog Issue 2
AD: How can i promote a "BDC" to become a "PDC" in Windows 2000 server AD domain? 2
help requried to restore Forest 1
need to rebuild trust relationship b/w domain controllers 5
Unable to join 2003 AD 2

Top