Proper steps to move to AD 2000 Native Mode

G

Guest

Hello all.

I have read my AD book and all i have so far is the quick steps to change
from mixed to native mode in AD via Active Directory Domains and Trust.

However i found no info on pre and post steps on making this change.

such as

can i impliment this during work hours???

do i have to reboot after making the change in the console right away? If so
how long will it take for the DC to be back up... ? just asking cause AD has
to make some serious changes before reloading.

Do i need to reboot all DC in our domain or just wait for full replication
or can i jus force a replication.

I plan to make this change on the Dc that has all 5 FSMO roles..


We have 6 offices each 20 blocks away from each other.

out of the 6 offices 5 of them each has on DC which has the following roles:

DHCP, AD-DNS, File Sharing, Global Catalog

the last office is where i am located which is head Quarters..

we have 2 DCs...

One is just a simple DC with file sharing

the other is:

the Root DC with all 5 FSMO roles, win 2000 Exchange, Global Catalog, DNS.

We are currently upgrading to ex 2003 and we ran the adprep / forest and
domain prep al ready...

any help would be greatly welcomed...
 
M

Martin Therkelsen

I haven't done it myself yet, but from what I have found you don't need to
reboot any servers. But I would do this outside work hours, as I would with
most changes to AD and exchange.

Regards
Martin
 
J

Joe Richards [MVP]

Inline

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


Goku said:
Hello all.

I have read my AD book and all i have so far is the quick steps to change
from mixed to native mode in AD via Active Directory Domains and Trust.

However i found no info on pre and post steps on making this change.

There are none other than make sure there are no NT4 BDCs in the domain.

such as

can i impliment this during work hours???

Yes, though some companies change control requires after hours work.
Since this only impacts replication and you can't reasonably back out of
it once done it really doesn't matter.

do i have to reboot after making the change in the console right away? If so
how long will it take for the DC to be back up... ? just asking cause AD has
to make some serious changes before reloading.

No reboot necessary, and no serious changes are being made. It is a
simple bit on a single attribute and then the DCs run in the new manner,
this means they don't replicate with NT4 and the tokens for users are
built slightly differently to allow for group nesting and to allow
domain local groups in tokens so they can be used on members.

Do i need to reboot all DC in our domain or just wait for full replication
or can i jus force a replication.

You don't need to reboot.

I plan to make this change on the Dc that has all 5 FSMO roles..

That is fine.

We have 6 offices each 20 blocks away from each other.

out of the 6 offices 5 of them each has on DC which has the following roles:

DHCP, AD-DNS, File Sharing, Global Catalog

the last office is where i am located which is head Quarters..

we have 2 DCs...

One is just a simple DC with file sharing

the other is:

the Root DC with all 5 FSMO roles, win 2000 Exchange, Global Catalog, DNS.

We are currently upgrading to ex 2003 and we ran the adprep / forest and
domain prep al ready...

any help would be greatly welcomed...

Everything sounds fine overall though I wouldn't run file sharing and
Exchange on DCs. I would also not be thrilled to run DHCP on DCs. These
items open up additional possible attack vectors on the macines
responsible for the core of your security.

However, nothing here has given any concern for a native mode switch.
Just make sure everything is working up front so if after you switch and
then notice something broken, you don't incorrectly assume it was the
native mode switch.

joe
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top