Yep...if you have the hardware, excellent idea. We plan to do that here. We
have a couple of spare servers that will take on DC roles. Before the
upgrade, I will bring up one of the servers as NT BDC. Promote that to PDC.
Bring up another server as BDC, sync, take offline. Take new PDC offline,
upgrade, readd. Continue with the rest of the upgrade process.
GREAT thing about this is that if you can use a brand new server for this,
who cares if it bakes? Only connect it to the network if you're sure it's
running properly. Since the PDC is offline according to the other BDCs, no
changes are missed so you can do this over a weekend, upgrade on Friday
night, test the system thru Saturday morning, put on the network when sure.
-----Original Message-----
From: Minero Hector B DLVA [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 30, 2001 5:53 AM
To: NT 2000 Discussions
Subject: RE: Need Advice - Merging 2 NT domains into 1 Win2k Domain
Since we were getting new hardware for our Domain Controllers, we built a
new backup Domain Controller. Then we promoted it to PDC and then upgraded
to Windows 2000. After being up for a week and tested that everything was
still okay, we built a brand new Windows 2000 server (no upgrade crap) and
then transfer the primary roles from the first DC. Yes, it might take
longer, but we did not want to keep an upgraded server. Everything went
fine. The main thing is to make sure you know how to tranfer the Primary
Roles. ________________________________________
Hector Minero
Systems Engineer
NSWCDD Code K55
Ph: (540)653-8859
Fax: (540)653-8575
Email: [EMAIL PROTECTED]
-----Original Message-----
From: Ed Esgro [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 30, 2001 8:25 AM
To: NT 2000 Discussions
Subject: RE: Need Advice - Merging 2 NT domains into 1 Win2k Domain
I have a question on this issue as well. Or I guess I should say a request
for opinion. If I want to keep my existing domain, but just upgrade it to
2000. Is it better to build the new BDC, promote to PDC and then upgrade to
2000? Or is it better to build an entirely new 2000 DC and use AD Migration
tool? I know Microsoft recommends doing the upgrade if you want to retain
permissions and passwords, but what do you most feel is the safest and
easiest way to do it right? Some tell me good luck with doing the upgrade on
the PDC, because it is not simple. Others say no problem doing the upgraded
on the PDC pretty straight forward. I just would like the input of people
that have done this migration and the results. TIA everybody.
-----Original Message-----
From: David Strome [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 30, 2001 3:00 AM
To: NT 2000 Discussions
Subject: RE: Need Advice - Merging 2 NT domains into 1 Win2k Domain
This kind of operation can be relatively simple, IF YOU DO YOUR HOMEWORK :)
just thought I'd make that pop out.
Read up on the Active Directory Migration Tool (ADMT) available from
www.microsoft.com. m Setting up one AD domain is pretty simple...just bring
up a couple new servers as DCs, trust up the NT domains to the new forest.
Then, using your extensive reading material and hours and hours AND HOURS of
testing, use ADMT to clone the accounts, groups, etc into the new forest.
Nice thing is you can clone a few people over, test it out, if no worky,
they just use the old domain. And, since ADMT configures something called
Sid History, you don't have to worry about permissions with the old
resources until you're ready to decommission the old domains..at that point,
you use tools to scour the resources and set all the proper SIDs and clear
the Sid History of the user objects...but you don't do this until you're
totally absolutely sure you don't want to go back. Of course, you will have
to move the servers over. I belive you can use ADMT for this too, although
you can use netdom as well.
Basically, migrating NT domains to AD is somewhat painless, but I cannot
express enough the need to know what you're doing with the tools and how
they're making all this happen. You *_WILL_* totally fsck yourself up if you
try this on the fly or with only a little bit of reading. You must test test
test your implementation and know exactly how 2K, DDNS, AD, etc all work
together before you do this.
As for DNS, I see no reason why you couldn't just use xyz.com for the whole
thing...forget the blah.foo.bar stuff. The sites are subnet specific, so
they don't give a hoot about DNS really. Blah.foo.bar =! Site
boundaries...blah.foo.bar (multiple domains) == security boundaries. Site
boundries == replication management.
For example, I will have several sites, all under argusad.net (don't bother
hacking it, it's not there, and won't be accessible when it is there :).
Argusad.net is the forest root, tree and domain. It will contain all of my
sites. Each site will be defined within argusad.net via subnets (keep in
mind that you can have multiple sites in a domain and multiple domains in a
site...really funky). There's no reason you should have multiple domains,
except in rare cases where extreme security and/or political concerns are
present.
And to make things easier for my users, I will be making their logon names
equal their email addresses. This done using UPNs. So while the background
admin tasks will be done via argusad.net, we will create some continuity for
the users so all they have to remember is their email address. They'll love
that because no matter where they go, even if we do introduce additional
domains in the future, they will always log in using the email address...no
more figuring out what domain they're in, etc.
As for Exchange...both companies are in one organisation? If so, you're
golden. If not, get out exmerge, call MCS or find a 3rd party migration
tool.
-----Original Message-----
From: Terry Lee [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 29, 2001 2:01 PM
To: NT 2000 Discussions
Subject: Need Advice - Merging 2 NT domains into 1 Win2k Domain
Hello all,
I'm in the process of doing a major overhaul of a network. I want to ensure
that I haven't missed any major steps that will come back & haunt/kill me
later.
Current Config:
(1) 2 NT 4.x Domains connected via a trust. Used to be 2 companies that
merged into 1.
(2) Both domains connected via WAN using DNS, WINS & DHCP. Clients include
NT4 WS, Win9x & Win ME.
(3) Two Exchange 5.5 servers. 2 sites into 1 Organization. Connected usina
Site connected.
(4) Total of 6 sites connected via T1's & fiber.
My plans:
(1) Create an entirely new Win2k domain (say 'XYZ') & setup a trusts to
both NT 4 domains, say 'ABC' & 'DEF' domains. RE: The PDCs in each site
are not stable & there's just too much junk that doesn't need to be migrated
(2) Export/Import NT 4 users into Win2k domain (Slowly)
(3) Setup the Exchange 2k server. This is where I'm kinda lost...I was
going to setup a 3rd site in the same organization. Export mailboxes using
exmerge to .pst files & import them into the E2k server.
The Win2k domain will be using DNS only. The "harder" part is that we are
no longer using the domain names 'abc' & 'def' but our newly merged name
'xyz' so we can be ONE organization. Some legwork but workable.
My only other concern is the tree & forest structure. I was thinking
something like hq.xyz.com for the main site, siteN.xyz.com where each site
has it's own site name that is connected via a router. Not sure if that is
better or just have mycompany.xyz.com for everything.
Any advice is welcome. NOTE: Unfortunatly, I haven't attended any Win2k/E2k
classes...it's been all OJT. I have setup a Win2k & E2k domain before but
not for a WAN environment.
TIA
Terry
------
You are subscribed as [EMAIL PROTECTED]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]
------
You are subscribed as [EMAIL PROTECTED]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]
------
You are subscribed as [EMAIL PROTECTED]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]
------
You are subscribed as [EMAIL PROTECTED]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]
------
You are subscribed as [email protected]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]
