Grrr. See I swear I remember reading that. I was hesitant to write it which is why I said "I believe" as I hadn't ever seen it (never upgraded a 2K to K3, I just don't do that) but I swear I saw it documented somewhere... Now I have to go find it.
I absolutely agree on your reasoning. I think any automatic moves are a bad idea. Even the one done during the dcpromo down of a DC, it should stop and say, yo dude, do you know what you are doing? And then you have to answer a question like how many F's in ~Eric's last name to get it to go on. Time to google... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: Friday, July 09, 2004 10:32 AM To: Send - AD mailing list Subject: RE: [ActiveDir] 2003 DC Promo Question.... Hmmm ... re: "If you do an OS Upgrade from 2K to K3 on a Domain Controller I believe it will pull the PDC functionality to it"; nothing I've witnessed would seem to back that up. In the event I'm just a bad witness or someone with the retention of a Gold Fish and they do indeed do that, it's just plain wrong, wrong, wrong. PDC physical placement is important in certain scenarios, to arbitrarily move the role during an upgrade process could have significant security implications. -- Dean Wells MSEtechnology * Tel: +1 (954) 501-4307 * Email: [EMAIL PROTECTED] http://msetechnology.com -----Original Message----- From: joe [mailto:[EMAIL PROTECTED] Sent: Thursday, July 08, 2004 9:49 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] 2003 DC Promo Question.... Hey Todd. If you do an OS Upgrade from 2K to K3 on a Domain Controller I believe it will pull the PDC functionality to it. If you DCPROMO in a fresh K3 it will not pull the role from what I have seen with the domains I have been involved with. Personally though, I am not into upgrades of OSes, much rather wipe and reload. A brilliant friend of mine once came up with a method for us to do that remotely that we used for NT4 to 2K. We would shoot the load down to the machine, then fire up a script that would look at some config info and store it, then boot into Win98 and slam the load down on the machine and reconfigure it when it finished rebuilding. While you should move those roles I don't believe there is an absolute requirement EXCEPT for the Domain Naming role which may be needed for setting up DNS App partitions. The PDC role should be moved just so that it can create the new security principals that K3 has that are already ACLed on your directory (look at the dsacls output of your domain after the domain prep and you will see unresolved SIDS), however I do not believe there is a requirement to keep it there or in fact do it at all. I am sure if I am wrong ~Eric will chime in or someone else will say something though I am surprised I see no responses to this post and it was sent a couple of weeks ago... joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CIT) Sent: Thursday, June 24, 2004 9:58 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] 2003 DC Promo Question.... Greetings, I have a Windows 2000 forest that has been Forest Prepped and had the root domain of the forest domain prepped as well as another domain tree root domain prepped. I plan to follow the recommendations outlined in the article below in order to upgrade to 2003. My plan is to transfer FSMO roles to 2000 machines, and DCPROMO down existing DC's. Rebuild them as 2003 Servers then DCPROMO the box. According to my experience and what is outlined below in the article. The first DC's that are joined to the domain need to be servers that hold PDC and DNC FSMO roles. My experience was that when I tried the method outlined above, the first New 2003 DC joined to the root forest took on the PDC emulator role automatically. (I did this back in November 2003) http://support.microsoft.com/default.aspx?scid=kb;EN-US;325379 I want to verify this behavior because there is a movement in my group to want to deploy new 2003 DC's before upgrading the FSMO role holders. One person on my team says that the wording in the Q article isn't clear enough, that you must upgrade the FSMO role holders. So I bring this to the AD guru list to help me verify my perceptions, and to help answer any remaining questions. Thanks in advance, Todd List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
