All,
I'm not convinced, after reading the Microsoft documentation, that we've
all got our answers nailed down on an in-place upgrade. So, I'd like to
submit these questions to you to get the "real world" answer.
Since we lack sufficient budget to perform a proper migration we'll need to
do in-place upgrades to our domains and then consolidate some of the rogue
domains into our structure (as well as cleaning things up after upgrade).
All domains will remain mixed mode until we're able to complete application
testing. One of our main drivers is the need to consolidate domains as
well as eventually eliminate our dependence on the SAM.
1. One of my concerns is following the upgrade of the PDC it will be
the only AD domain controller in the domain. Our current DNS settings for
servers and workstations are to our enterprise DNS servers, which are not
AD-compatible. We anticipate creating a new DNS structure for AD and then
using forwarders to the other DNS servers for non-AD-related address
resolution. It's my expectation that NT4.0 clients w/o the AD client will
not be impacted by this in any way. Is this correct?
2. It's also my expectation that the Win2k clients will be impacted
depending on their configuration. For example, Win2k client that does not
have the DNS domain for AD listed in the suffix for the client nor in the
DNS search order would not realize that there was an AD domain controller
in their midst and would continue to authenticate to the domain as they had
prior to the upgrade. And Win2k clients that have the DNS domain for AD in
their suffix or search order would prefferentially authenticate against the
new AD DC to the extent that they would begin to ignore their local BDC.
This is one area of significant concern as we don't want to overload any of
the domain controllers. I thought there was a client reg entry that would
eliminate this.
3. Should we, once we complete the upgrade of the PDC, build a new DC,
move all Operations Masters roles to the new DC and rebuild the old from
scratch as Win2k, so as to avoid any legacy issues? We'll also be bring up
other AD DC's to split the roles up between boxes.
4. If something goes wrong and after an hour or two, or sooner, find
that we need to turn off the AD DC and fire back up the offline BDC and
promote it to PDC, are the Win2k clients going to be OK? I thought I
remembered that if a box authenticated against the domain using Kerberos it
never would go back to NTLM.
Thanks,
Mike
******************* PLEASE NOTE *******************
This E-Mail/telefax message and any documents accompanying this
transmission may contain privileged and/or confidential information and is
intended solely for the addressee(s) named above. If you are not the
intended addressee/recipient, you are hereby notified that any use of,
disclosure, copying, distribution, or reliance on the contents of this
E-Mail/telefax information is strictly prohibited and may result in legal
action against you. Please reply to the sender advising of the error in
transmission and immediately delete/destroy the message and any
accompanying documents. Thank you.
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
