Archived from groups: microsoft.public.windowsnt.domain (
More info?)
Kevin,
Would you mind explaining a little more on how VPN clients will have issues
with name resolution? I am looking at a similar issue with my one of our new
AD domains and I'm not sure I understand all of the details.
Thanks!
"Kevin D. Goodknecht Sr. [MVP]" wrote:
> In news:2c35801c469c7$49c67dd0$a601280a@phx.gbl,
> aleamont <anonymous@discussions.microsoft.com> posted a question
> Then Kevin replied below:
> > I am upgrading my network from NT4 to W2K. I have
> > installed NT4 on my new server as a BDC. I now want to
> > promote it to be the only PDC. Do I need to take the
> > current PDC offline to do this or when I promote the new
> > BDC to a PDC will the original PDC be automatically
> > demoted?
> >
> > Any help would be appreciated.
> >
> > Thanks
>
> Promote the BDC to the PDC, this will demote the current PDC to a BDC.
> Upgrade the PDC to Win2k, this will make it a member of the NT4 domain. Then
> run DCPROMO on the newly upgraded machine, this will create your new AD
> domain with an NT4 BDC, take note, there is no such thing as a Win2k BDC,
> there are only DCs in Win2k. If everything goes OK you can do what ever you
> want with the old BDC, if it doesn't you can disconnect it from the network
> and promote it to a PDC to be upgraded. You CANNOT not have an NT4 PDC and a
> Win2k DC in the same domain so you may want to keep it around for a while
> just in case something doesn't happen right.
>
> The most important thing to keep in mind when upgrading an NT4 domain the AD
> is, choose a Multi-label DNS name for the AD domain like domain.anything
> single-label names are fine for NT4 because they use NetBIOS broadcasts for
> Domain controller location, AD uses DNS and single-label names do not work
> in the DNS hierarchy.
> Also, to prevent a disjointed namespace, in TCP/IP properties of the NT4 PDC
> you upgrade make the domain suffix the name you are going to give the AD
> domain (domain.anything)
> I would also NOT recommend you use the same domain name as your public
> domain name, use domain.local or local.domain.com (you can substitute local
> for the name of your choice like lan, corp or whatever) Personally I
> recommend using local.domain.com because IMO it makes it easier if you have
> VPN clients. If you do have VPN clients, it is especially critical for you
> to not use your Public domain name as your AD domain because VPN clients can
> see both the public namespace and the AD namespace. If you use the same name
> for both, your VPN clients will have connection issues due to incorrect
> resolution.
>
>
>
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ============================
> --
> When responding to posts, please "Reply to Group" via your
> newsreader so that others may learn and benefit from your
> issue. To respond directly to me remove the nospam. from my
> email. ==========================================
> http://www.lonestaramerica.com/
> ==========================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ==========================================
> Keep a back up of your OE settings and folders with
> OEBackup:
>
http://www.oehelp.com/OEBackup/Default.aspx
> ==========================================
>
>
>