Re: Migrating NT domain to AD

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 03/07/04 

Date: Sat, 06 Mar 2004 23:03:56 GMT

I think you would be better off posting this over in the win2000.active_directory
newsgroup where there are a lot of people very knowledgeable in the area you seek
expertise but here are my comments .

1. The W98 machines do not have to have AD client to be in the new domain, though
there are some advantages such as site awareness, ability to search AD and the
ability to use ntlmv2. I understand there is a newer version of the AD client to iron
out some problems, but I think you have to contact MS for it. Just make sure that you
have wins in your new domain and that the AD domain controllers are also clients as
downlevel clients need wins still.

2. The domain name should not be a problem. In NT host name resolution is an
afterthought. It does not matter what mode you go to and you should not have to visit
each machine, unless you have manually configured tcp/ip, as the DHCP scope will take
care of this, just be sure to use scope option 15 for domain name. Make sure that
ONLY AD domain controllers are listed as preferred dns servers for your computers via
scope or static. Keep in mind that your computers will not be able to find internet
resources with your domain name unless you configure static records in your dns zone
as in a "split brains" dns configuration because as far as they are concerned your
internal dns zone is authoritative for them and any records not found for the domain
will result in failed dns lookup. You will also want to configure your DHCP server to
be a proxies for registering dynamic dns host records for the W98 clients since they
can not do that on their own.

3. The main advantages to mixed mode are the ability to use NT4.0 BDC's which could
lead to a quicker rollback/disaster recovery by being able to go back a NT4.0 PDC if
all goes bad. The downside is that I believe some of the better migration tools
require that the migration be to a native mode domain.

4. Be careful implementing any changes to Security Policy in your new domain since
you still have "downlevel" W98 computers, particularly in regards to ipsec polices
lan manager authentication level, digitally sign communications, and additional
restrictions for anonymous connections. There are a lot of security templates
available and the urge to upgrade security can disrupt your network. If you want to
make changes, document them well and consider not modifying the default domain GPO,
but creating a new one at the top of the list where changes will be made which will
make it easy to rollback to default if problems occur. See the KB link below about
how security setting incompatibilities can disrupt your network. Nediag and Dcdiag
are two indispensable tools for W2K and are located in the support/tools folder on
the install disk. Good luck. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;823659

"Seeker" <newsgroups@minusthespam.pcuptime.com> wrote in message
news:PRr2c.123739$%72.65287@twister.nyroc.rr.com...
> Hello,
>
> I'm beginning to plan the migration of an exiting NT domain to AD. This
> isn't a "how do I do it" post, as I realize there are way too many
> variables, rather I have a few high-level points/questions.
>
> 1. There are a mix of about 550 98/2k and XP workstations. We're working on
> migrating to all XP but it likely won't be done before the domain migration.
> Do the 98 machines need the AD client if we choose mixed-mode?
> 2. As part of the migration, I'd like to take the existing domain name and
> change it to our fully qualified Internet domain name, such as company.com,
> or maybe ad.company.com. This way it can share the same namespace. Can
> this happen as part of the upgrade to either mixed or native mode, and will
> the workstations have to be visited to be made aware of the new domain?
> 3. Are there any drawbacks to installing initially in native mode vs.
> running in mixed mode first and then migrating to native mode once all the
> BDCs are upgraded?
>
> I've been combing through the Microsoft resources already. If there are
> some good tips and tricks sites or other major gotchas to look out for, I'd
> be appreciative. Thanks.
>
>

Relevant Pages

  • Re: Group Permissions not working on client computers
    ... The domain is in 2000 native mode, and the scope of the group is global. ... >> DNS, Wins and AD ... >> permissions straight on the client computers. ...
    (microsoft.public.win2000.active_directory)
  • Re: Migration NT4 --> Windows 2003 AD
    ... Bei der Migration der Computer erscheint folgende Fehlermeldung im Migrationslog für den Client: ... Trage mal auf einem Client, den Du migrieren willst, den Ziel DC als primären DNS Server ein. ... MVP Windows Server System - Directory Services ...
    (microsoft.public.de.german.windows.server.active_directory)
  • Re: Installing SBS2008
    ... I'm going to address the DNS and DHCP cleanup first, ... then later installing the server at the production location (your ... enough disk space to do preparation of the server for the migration. ...
    (microsoft.public.windows.server.sbs)
  • RE: ADMT Help
    ... We can use ADMT to migrate the client computers. ... The following are some requirements or tips for ADMT - Computer Migration. ... The account that runs ADMT must have local administrator permissions on ...
    (microsoft.public.windows.server.migration)
  • Re: Exchange 2003 SP2 / mode issues (on SBS 2003 detected during attempt to migrate to 2008 SBS)
    ... Switched exchange to native mode and 5 minutes later upgraded the forest ... "Migration Preparation Tool" process and not the actual Migration Wizard ... original post you mentioned "The error on Exchange is what stuns us though. ... The 2008 installer claims that Exchange 2003 SP2 is not installed. ...
    (microsoft.public.exchange.admin)