Upgrade Domain from NT4 to Win2K Questions...

[rick]

We currently have a single NT4 server (old1) in
domain "one". Only a few workstations are actually members
of the domain, with most of remaining 50 or so in
workgroups.

I have a new server arriving soon (file1), and it will run
Win2K and I want to make it the PDC. Existing NT server
will continue (it runs our IIS and Exchange5.5)to exist
for about 6 months, then will be replaced by another new
Win2K server (service1) for IIS and Exchange2000. At that
time, a third win2K server will be added (file2), and once
exchange transferred, existing server (old1) will be
retired.

Current plan is to build server file1 with Active
Directory and DNS, make PDC and move nt4 to BDC if
possible. As the name suggests, it will primarily be used
as a file server. When the other two servers arrive six
months down the road, make them both BDC, then promote
Service1 to PDC, and demote file1 to a BDC.

Am I going to be able to add File1 to domain one, with AD
and DNS without major problems, or is it cleaner to create
domain "two" and establish a trust relationship between
them? (Files that will be on file1 are all being moved
from a Novell 5 server, so workstations will all need to
be added to a domain anyway, because they are nearly all
in workgroups.) If I do have two domains, will there be
issues with exchange in a different domain than the login
domain?

Is there a "best way" to accomplish this? We are not a
large organization, and don't have a lot of resources.

Thanks
--Rick

 

[Herb Martin]

We currently have a single NT4 server (old1) in
domain "one". Only a few workstations are actually members
of the domain, with most of remaining 50 or so in
workgroups.

You may find this is one of the exceptions where it is
easier NOT to upgrade but to start over -- since most
machines are not in the domain, one presumes most
people either don't have or don't use their domain
accounts.

I have a new server arriving soon (file1), and it will run
Win2K and I want to make it the PDC. Existing NT server
will continue (it runs our IIS and Exchange5.5)to exist
for about 6 months, then will be replaced by another new
Win2K server (service1) for IIS and Exchange2000. At that
time, a third win2K server will be added (file2), and once
exchange transferred, existing server (old1) will be
retired.

There is precisely ONE way to do this because there is
precisely ONE way to upgrade a domain in general:

You must upgrade the PDC so...
you must install the new machine as an NT4 BDC,
then promote to PDC and do the upgrade to Win2000+

Current plan is to build server file1 with Active
Directory and DNS, make PDC and move nt4 to BDC if
possible.

Doesn't work that way.

As the name suggests, it will primarily be used
as a file server. When the other two servers arrive six
months down the road, make them both BDC, then promote
Service1 to PDC, and demote file1 to a BDC.

And with small domains, there is nothing particularly wrong
with having two DCs when you later add the second modern
machine.

Am I going to be able to add File1 to domain one, with AD
and DNS without major problems,

No. If you start File1 (the new Win2000+ server) with Win2000,
it will NEVER be a BDC in the old domain and there is NO
way to do a direct upgrade of the old domain.

or is it cleaner to create
domain "two" and establish a trust relationship between
them?

Generally a upgrade is preferable but in this case where
you were not really making full use of the old domain it
isn't really as clean a decision.

Also, you don't "need" the trust to move the files, but
you will need it if you wish to move the USER accounts.

(Files that will be on file1 are all being moved
from a Novell 5 server, so workstations will all need to
be added to a domain anyway, because they are nearly all
in workgroups.) If I do have two domains, will there be
issues with exchange in a different domain than the login
domain?

Probably, but they are not techical ones.

Is there a "best way" to accomplish this? We are not a
large organization, and don't have a lot of resources.

Yes, if you wish the simplest continuing upgrade path.
Put a copy of NT4 on the "new" server as a BDC, then
make it PDC, then upgrade it to Win2000+ (by the way,
at this point you really should just use Win2003).

You keep your old domain, and accomplish what you
really intend.

Join all the workstations to the domain, give ever user
an account in the domain -- you will likely need to move
their user accounts.

By the way, you have a bit of a mess and this is caused
when people with small networks figure there is no point
in actually using the domain or configuring things according
to best practices -- it grows and eventually the mess has
to be cleaned up.

 

[Rick]

Herb:

You hit it right on the head. Things are a bit of a mess,
because existing domain was not used either due to
inattention to future needs, or just inexperience. There
are only about 50 users total to have to move, so even if
I had to enter them manually on the new domain, it
wouldn't be that bad. I suppose the biggest question is
whether we will experience difficulties in accessing
accounts on the Exchange server in the old domain. I
expect there would be a need to change passwords on the
old domain manually (password policy will be enforced on
the new domain) until exchange is moved to a second new
server. Beyond that, are there any 'gotchas' that I
should be aware of if we proceed with a new domain?

Thanks
--Rick


I'm of the thought that I would be in for less trouble if
I just created a new domain on Win2k and moved the user
information, even if I had to do so manually (there's only
about

 

[Herb Martin]

wouldn't be that bad. I suppose the biggest question is

whether we will experience difficulties in accessing
accounts on the Exchange server in the old domain. I

Probably -- and that probably also means that the users
are actually USING their domain account for at least
that purpose.

expect there would be a need to change passwords on the
old domain manually (password policy will be enforced on
the new domain) until exchange is moved to a second new
server. Beyond that, are there any 'gotchas' that I
should be aware of if we proceed with a new domain?

If you could upgrade the NT4 PDC it would be even cleaner:
Needs Pentium (some ram) and a bit of disk space,
maybe 1-2 Gig.

After you finished you could even DCPromo it back to
a Server and be rid of the NT-BDC without removing the
machine.