Hi Guido I fully agree that this would be the safest method, especially when considering preservation of ACLs, etc. It does however involve a lot of legwork. :-)
I was interested by your suggestion to use separate forests. What issues have you come across with collapsing domains within a forest? Tony ---------- Original Message ---------------------------------- From: "Grillenmeier, Guido" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Fri, 22 Oct 2004 16:29:36 +0200 you say you'd want to "upgrade this BDC to a 2003 member server", so I assume you don't have an issue with running W2k3 on the box itself - correct? If that's the case, I'd go down the path you've mentioned, instead of using tools like upromote or alike - this will ensure that you keep the security of the ACLs on your files intact so that users from Domain B will still be able to access their resources on this box after you've migrated the users to Domain A, which you'll likley do anyways. The key is that after you've udated Domain B to AD and switched to "native" mode (i.e. both DCs are now 2003), you can demote your FileServer to a normal member server and both domain local and global groups will still apply to the box. You can then change the scope of the groups (e.g. all to global) prior to migrating the server to Domain A => the groups will then still apply on the ACLs of the server when your users from Domain B try to access the FileServer resources. After you've migrated all uses, groups and computer to Domain A (with SIDhistory using ADMT or some other tool) and have re-acled the server, you can then change the scope of the groups again to meet your needs. BTW, you do have the choice to join your existing AD forest (from Domain A) during the upgrade of Domain B to 2003. I'd think twice if you want to do this or if you wouldn't want to keep it a separate forest during as you want to migrate it into Domain A anyways. Domain Collaps in the same forest has it's own set of issues. /Guido -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Janson Anderson Sent: Thursday, October 21, 2004 12:29 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] BDC upgrade Hi all, I'm merging/upgrading some NT 4 domains together. Domain A and Domain B are both account and resource domains. I've upgraded Domain A to 2003, and am planning to migrate users and computers from Domain B into Domain A using ADMT v2. Domain B is small. In fact when I took over it consisted of a single PDC that had all files on it. I've since added a second DC and transfered the PDC role to it. So, to get to my question: The BDC in Domain B has all the files of the Users I am going to be transfering. Is there any way to upgrade this BDC to a 2003 member server without upgrading the domain to 2k3 AD first? I would then just move it to domain A as a member server using ADMT. From what I've read it seems the only way would be to upgrade the PDC to 2k3, then upgrade this bdc to 2k3 then dcpromo it down to a member server. Is this the route I have to take, or is there an easier way? Thanks in advance for the help. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ________________________________________________________________ Sent via the WebMail system at mail.activedir.org List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
