AW: Coexistance of Windows 2000 and Windows 2003

From: Jens Mickerts (j.mickerts_at_bmp-si.de)
Date: 10/28/03

  • Next message: Jonel Rienton: "RE: Win Server 2k3 Hardening"
    Date: Tue, 28 Oct 2003 09:31:36 +0100
    To: <fh@rcs.urz.tu-dresden.de>, <focus-ms@securityfocus.com>
    
    

    Hi,

    Upgrading a domain in a tree should not be an issue, as long as the forest schema is prepped with adprep, this should be done by admins of the forest root domain. Futhermore at least one domain controller in the forest root domain should be upgraded, this server should hold the domain naming master role and the PDC emulator role, this is a recommendation only, but I would follow if possible.
    You will have to wait a while until the changes have been replicated and then the domain in question needs to be prepped as well. After that it should be possible to upgrade regardless of all other domains, bit it is recommended that every domain starts with the DCs running the domain naming master and PDC Emulator FSMOs.
    But it is crucial that the schema has been updated and replicated upfront.

    You can find detailed information here:
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/deployguide/dssbf_upwn_kzil.asp

    Regards,

    Jens Mickerts
    Bolesch, Mickerts & Partner
    Gesellschaft für Systemintegration
    Vor dem Lauch 6
    D-70567 Stuttgart
    Fon: +49(0)711-7207 0942
    Fax: +49(0)711-6339 887
    Mobil: +49(0)178-7575 801
    mailto: j.mickerts@bmp-si.de
      
    -----Ursprüngliche Nachricht-----
    Von: Frank Heyne [mailto:fh@rcs.urz.tu-dresden.de]
    Gesendet: Montag, 27. Oktober 2003 15:54
    An: focus-ms@securityfocus.com
    Betreff: Coexistance of Windows 2000 and Windows 2003

    Hello,

    this is Security related as far as crashing an AD is a security problem,
    therefore I hope the moderator will let it slip through.
    Answers sent to me personally are welcome, I can post a summary to the
    list.

    Question:
    There is a Windows 2000 AD tree.
    One domain down the tree wants to upgrade the DCs to Windows 2003.
    A consultant claims this would cause havoc,because there would be no way
    to forbid the new 2003 DCs to become the master for the entire AD,
    because they have a newer version of Windows.

    I dont believe this to be true, and wonder whether someone has already
    managed it to put a Windows 2003 DC somewhere in a AD tree, without
    changing anything in the tree hierarchy?

    Frank Heyne

    ---------------------------------------------------------------------------
    Network with over 10,000 of the brightest minds in information security
    at the largest, most highly-anticipated industry event of the year.
    Don't miss RSA Conference 2004! Choose from over 200 class sessions and
    see demos from more than 250 industry vendors. If your job touches
    security, you need to be here. Learn more or register at
    http://www.securityfocus.com/sponsor/RSA_focus-ms_031027
    and use priority code SF4.
    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Network with over 10,000 of the brightest minds in information security
    at the largest, most highly-anticipated industry event of the year.
    Don't miss RSA Conference 2004! Choose from over 200 class sessions and
    see demos from more than 250 industry vendors. If your job touches
    security, you need to be here. Learn more or register at
    http://www.securityfocus.com/sponsor/RSA_focus-ms_031027
    and use priority code SF4.
    ---------------------------------------------------------------------------


  • Next message: Jonel Rienton: "RE: Win Server 2k3 Hardening"

    Relevant Pages

    • RE: Coexistance of Windows 2000 and Windows 2003
      ... I'm not sure what your consultant means when he says "master." ... Coexistance of Windows 2000 and Windows 2003 ... this is Security related as far as crashing an AD is a security problem, ... most highly-anticipated industry event of the year. ...
      (Focus-Microsoft)
    • Re: Probable Trojan.
      ... > Have a buddy complaining about his AOL account password being stolen every time he logs onto AOL from his PC at work. ... Based on your FPort results, I assume it's Windows 2000, which doesn't ... OIT Security and Assurance ... most highly-anticipated industry event of the year. ...
      (Incidents)
    • RE: Coexistance of Windows 2000 and Windows 2003
      ... > security problem, ... > One domain down the tree wants to upgrade the DCs to Windows ... most highly-anticipated industry event of the year. ...
      (Focus-Microsoft)
    • Coexistance of Windows 2000 and Windows 2003
      ... this is Security related as far as crashing an AD is a security problem, ... One domain down the tree wants to upgrade the DCs to Windows 2003. ... most highly-anticipated industry event of the year. ...
      (Focus-Microsoft)
    • [NT] Cumulative Security Update for Internet Explorer (MS04-025)
      ... Get your security news from a reliable source. ... * Microsoft Windows NT Workstation 4.0 Service Pack 6a ... Navigation Method Cross-Domain Vulnerability ...
      (Securiteam)