Windows domain upgrade question..

Discussion in 'OT Technology' started by crotchfruit, Feb 17, 2004.

  1. crotchfruit

    crotchfruit Guest

    Here's the situation: my company has been running off of a NT 4.0 domain for as long as I've been with the company. It's been around for years and years (before win2k) and no one has ever gotten around to upgrading the actual software, because we're a small company and it has never really mattered that much.

    The current setup is this: 1 primary domain controller running NT4 server, 2 backup domain controllers running NT4 server.

    The computers are getting ancient, and we want to upgrade. We got a super spiffy fast computer and a copy of Win2K server.

    What we're looking to do is mothball the three old computers and just use the single good computer as the new domain controller.

    We have no problems moving the data on the drives to the new computer. The issue is that we want to make the transition as seemless as possible, for both the server side and the client side.

    For the server, we need to transfer all of the user info from the existing domain to the new win2k server, but we don't know how to do this.. is there a url that will explain how to do this? are there any gotchas we should know before transferring?

    For the clients, we want to do as little configuration as possible. can we just make the new server use the same domain name as the old one, and all the clients will magically connect to it?
     
  2. Scoob_13

    Scoob_13 Anything is possible, but the odds are astronomica

    Joined:
    Oct 5, 2001
    Messages:
    73,781
    Likes Received:
    38
    Location:
    Fort Worth. Hooray cowgirls.
    http://support.microsoft.com/default.aspx?scid=kb;en-us;296480&Product=win2000
    http://support.microsoft.com/default.aspx?scid=kb;en-us;260871


    Basically what you'll do is you'll build the Win2k server, use DCPromo to make it a DC, and then use DCPromo to demote the PDC's and the BDC's - thus your Win2k Server is the DC. Since you'll be moving to a single DC it's pretty easy.

    The links I listed above should allow you to easily move policies and users from the NT4 to the Win2k domain.

    I would suggest picking up a book from your local book megastore on how to do all of this if you've never done it, though.
     
  3. crotchfruit

    crotchfruit Guest

    Fast forward a few weeks:

    We decided to just start over w/ a new domain since we only have about 10-15 users. I installed Win2k server on one machine, let's call it A. I was a little new to the idea of domains having a real DNS name (instead of a netbios name..).. so I called the new domain "internal.mydomain.com" (mydomain -> our real domain name). I gave it the netbios name "mydomain"

    So i go through the whole install using pretty much the defaults. I didn't run into anything weird. After finishing up, I set up some user/pass accounts and went to a few workstations to make sure that they could access the shares on the new server. They could. Everything was going great.

    So then I go to make the second computer "B" an additional domain controller. I had already installed win2k server on it. Plus, when I went to the security tab on a B share, I could see "internal.mydomain.com" in the dropdown and put users from the new domain into the security box. Cool.

    So to make it an additional domain controller, it asks me for the user/pass of an admin account, plus the domain name. I enter the user/pass for admin, and put in "internal.mydomain.com". It says something like, "Cannot find internal.mydomain.com blah blah". So I put in, "mydomain" (the netbios name) and it worked, it could see "mydomain" but not "internal.mydomain.com"..

    At another prompt it again it asked for the DNS name of the domain, and again it could not find "internal.mydomain.com". When I put in "mydomain" it actually popped up a box that said, "mydomain refers to internal.mydomain.com, is this correct?" I hit yes. Then it goes through some directory prompts and finally starts the installation process. Immediately it breaks out with, "cannot find the internal.mydomain.com domain." !!KJ#!R)*(J)JF/

    What am I doing wrong? At some level, B must know about internal.mydomain.com, because I can add users from the domain to the security boxes of the shares on B. Plus, it knew that "mydomain" -> "internal.mydomain.com". How can I force B to recognize the domain?
     
  4. crotchfruit

    crotchfruit Guest

    To add another thing:

    To test if B could see the domain, I actually made it a part of the domain using these steps:

    right click on My computer, go to properties, network identification, properties..

    Then I had it become a member of the internal.mydomain.com domain. It worked! On A I can see B as a member of the domain too.. so B can see the domain.. why can't it see it when it's becoming an additional domain controller?
     
  5. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    Are you using Computer A as the DNS server for all computers?
     
  6. crotchfruit

    crotchfruit Guest

    Ok, I solved the problem. 5Gen, you were on the right track toward what the main problem was.

    First off, yes, B had A configured as the primary DNS server. It turned out that wasn't the problem after all.

    The problem was that I had configured A with the external default DNS servers, instead of making itself the main DNS server.

    This made the netlogon service fail to add all of the important DNS entries into A's DNS table. It looks like netlogon was trying to modify the DNS tables of the external DNS server instead of itself.

    Once I changed A's DNS server to itself, netlogon updated the tables correctly, and all of a sudden B could see the domain during the DC setup process. Now everything is working great.

    Gah. Where does it tell you to make the domain controller use itself as the primary DNS server? :o
     
  7. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    I know - NT4 was so much simpler I thought. I can't even get rid of BDC's that have long since retired :ugh:
     

Share This Page