Upgrading to windows 2000 without active directory

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have an NT4 domain and I wan't to upgrade all servers to
windows 2000 due to Microsoft stopping security patch
support. Is it possible to upgrade without getting into
active directory and changes to users accounts i.e just a
simple upgrade of the OS.

I read something about FSMO and PDC Emulation does this
make a windows 2000 controller act like a NT4 controller
to possibly be a resolution to my problem?
 
The installation of AD is what changes a Win 2k server into a Domain
controller. You can not have a domain in Win 2k without AD.

Upgrading to Win 2k and AD will solve your concerns about support.


hth
DDS W 2k MVP MCSE
 
Thanks for your reply.

If I upgrade to win2k and AD will all my users be able to
log on to their domain NTT after the upgrade just as they
did before i.e. same username password and domain?

If this is the case will I have to complete all
workstation migrations to 2000 before I upgrade the server
or does it not matter?
 
I have an NT4 domain and I wan't to upgrade all servers to
windows 2000 due to Microsoft stopping security patch
support. Is it possible to upgrade without getting into
active directory and changes to users accounts i.e just a
simple upgrade of the OS.
Upgrading OS on the Windows NT 4 domain DC is in fact upgrading this
domain to AD - this process will not change Your accounts - it will
incorporate this accounts into AD
I read something about FSMO and PDC Emulation does this
make a windows 2000 controller act like a NT4 controller
to possibly be a resolution to my problem?
You will have to upgrade to AD If You want to upgrade Your DC's to
Windows 2000 - You won't regret this move :)).

I'm suggesting You to move to Windows 2003 in fact
 
If I upgrade to win2k and AD will all my users be able to
log on to their domain NTT after the upgrade just as they
did before i.e. same username password and domain?

If you upgrade properly, yes.


If this is the case will I have to complete all
workstation migrations to 2000 before I upgrade the server
or does it not matter?


No. You Must upgrade the PDC first. Then you can take your time upgrading
the clients.

hth
DDS W 2k MVP MCSE
 
Thanks for your reply.

If I upgrade to win2k and AD will all my users be able to
log on to their domain NTT after the upgrade just as they
did before i.e. same username password and domain?
Yes, all user settings will be preserved - as I mentioned in my previous
post in this thread - consider moving to Windows 2003, it will bring You
some benefits from improvments made in AD in Windows 2003
If this is the case will I have to complete all
workstation migrations to 2000 before I upgrade the server
or does it not matter?
It does not matter - but You have to remember that legacy clients like
NT/Win 9x will not use all of AD functionality - for example will not be
affected by GPO's and some other options. If You will mantain legacy
clients You will also have to maintain naming resolution service for
them (WINS) becouse they can't get full advetntage of native DNS name
resoultion.

For older clients use Active Directory Client to take soome adventages
of AD environment on this systems
 
Ok but when the server is first installed active directory
is not present until the configuration wizzard is run, so
is all the account information lost if an active directory
is not already present on upgrading the PDC?
 
Ok but when the server is first installed active directory
is not present until the configuration wizzard is run, so
is all the account information lost if an active directory
is not already present on upgrading the PDC?

No it isn't lost - the conversion of domain will start imidietly after
the OS upgrade - If You want to be sure that You will be able to roll
back the upgrade od domain (of course the first step is correct backup)
before You will perform this upgrade promote additional BDC in Your
network and after replication take it offline - if somthing will go
wrong with upgrading Your PDC You will be able to roll out with bringing
this bdc online and force it to be PDC.

The correct order of promotion of Your systems is:
- PDC first
- BDC's
- client systems (if You plan to promote them or install AD client)
 
Ok but when the server is first installed active directory
is not present until the configuration wizzard is run, so
is all the account information lost if an active directory
is not already present on upgrading the PDC?

In fact it is just the opposite. Upgrade the PDC first and all user accounts
get brought into AD since the NT 4.0 PDC is the ONLY DC on the NT 4.0 domain
that holds a writeable copy of the SAM.
If you upgrade *any* *other* server/BDC first you will loose all NT 4.0
domain info and you will be creating a new domain. NONE of the user account
info will get carried to the new domain.

That is the basic difference between "upgrading" and "migrating". Upgrading
you MUST upgrade the PDC first, migrating you would set up a new Win 2k
domain "side by side" on the same wire and use ADMT to move users from one
domain to the other.

hth
DDS W 2k MVP MCSE
 
I am starting to understand is the PDC emulator I talked
about earlier just to provide replication to the BDC as an
interim stage or does it actually provide authentication
to NT4 workstation users who don't have active directory
services installed?
 
I am starting to understand is the PDC emulator I talked
about earlier just to provide replication to the BDC as an
interim stage or does it actually provide authentication
to NT4 workstation users who don't have active directory
services installed?

PDC emulator servs as PDC for BDC's before upgrade (BDC still on WIndows
NT 4 OS) and for legacy client stations for authentication and password
management purposes (in generla of course).
Read on the web about FSMO Roles

According to this article
http://support.microsoft.com/default.aspx?kbid=197132

<cite>
In a Windows 2000 domain, the PDC emulator role holder retains the
following functions:

* Password changes performed by other DCs in the domain are
replicated preferentially to the PDC emulator.
* Authentication failures that occur at a given DC in a domain
because of an incorrect password are forwarded to the PDC emulator
before a bad password failure message is reported to the user.
* Account lockout is processed on the PDC emulator.
* The PDC emulator performs all of the functionality that a
Microsoft Windows NT 4.0 Server-based PDC or earlier PDC performs for
Windows NT 4.0-based or earlier clients.
</cite>
 
Back
Top