Upgrading to Windows 2000 AD

G

Guest

Guest
Archived from groups: microsoft.public.windowsnt.domain (More info?)

I'm currently intending to upgrade several NT4 domains to a single Windows
2000 AD domain.
There are several PDCs across several sites. Each PDC holds 50-200 users
with many groups. Each PDC is also a file server (with many shares and
permissions assigned to them). Some sites do have BDCs in place.
I'd really appreciate any advice on the best approach to doing this, without
having to format the PDCs (due to all of the shares and group permissions).
I do have 1 or 2 spare servers I can use to build as BDCs if necessary.

Many thanks
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsnt.domain (More info?)

In news:0C18A652-290C-461A-AFA3-C037257BE42E@microsoft.com,
gmickelsen <gmickelsen@discussions.microsoft.com> wrote their comments
Then Kevin replied below:
> I'm currently intending to upgrade several NT4 domains to
> a single Windows 2000 AD domain.
> There are several PDCs across several sites. Each PDC
> holds 50-200 users with many groups. Each PDC is also a
> file server (with many shares and permissions assigned to
> them). Some sites do have BDCs in place.
> I'd really appreciate any advice on the best approach to
> doing this, without having to format the PDCs (due to all
> of the shares and group permissions). I do have 1 or 2
> spare servers I can use to build as BDCs if necessary.
>
> Many thanks

Probably your best bet would be to upgrade the PDCs to Win2k, the most
important thing to remember is after you upgrade to Win2k, during the
DCPROMO process make sure the DNS name of the AD domain is a multi-label
name like domain.local. This name must also be put in the NT4 domain suffix
field in TCP/IP properties before you begin the upgrade, it will be made the
primary DNS suffix on the Win2k after upgrade, the Primary DNS suffix must
match the AD domain name and the forward lookup zone in DNS.
Some people use the same name as their public domain name, this will cause
one huge headache, especially if you have VPN users and when you try to
access the public websites by using only the domain name http://example.com
you can use a sub domain like corp.example.com but even this causes issues
with VPN users because the public DNS for example.com will usually answer
not found before the internal DNS has time to respond. In this last case you
can delegate the name corp in the public zone to the internal DNS server.
The easiest name to configure for AD is domain.local.
Probably one of the biggest mistakes you can make is giving the AD a
single-label DNS name.
Each site will need an NT4 BDC in place before you begin the upgrade
process. This NT4 BDC will perform two roles, one during the time of the
upgrade and before the DCPROMO process is complete, it will be performing
user authentication; and if something goes wrong in the DCPROMO process it
can be promoted to a PDC and upgraded. Usually this is not an issue if you
choose a proper DNS name for the AD Domain.

237675 - Setting Up the Domain Name System for Active Directory:
http://support.microsoft.com/default.aspx?scid=kb;en-us;237675

300202 - HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/?id=300202

825036 - Best practices for DNS client settings in Windows 2000 Server and
in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;825036

300684 - Information About Configuring Windows 2000 for Domains with
Single-Label DNS Names
http://support.microsoft.com/default.aspx?scid=kb;en-us;300684

826743 - Clients cannot dynamically register DNS records in a single-label
forward lookup zone:
http://support.microsoft.com/?id=826743

257623 Domain Controller's Domain Name System Suffix Does Not Match Domain
Name
http://support.microsoft.com/?id=257623

238369 - How To Promote and Demote Domain Controllers in Windows 2000:
http://support.microsoft.com/default.aspx?scid=kb;en-us;238369

244368 - How to Optimize Active Directory Replication in a Large Network:
http://support.microsoft.com/default.aspx?scid=kb;en-us;244368

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
================================================
--
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
================================================
http://www.lonestaramerica.com/
================================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
================================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
================================================