Sign in with
Sign up | Sign in
Your question

Rollback to NT4 domain from 2000 mixed mode

Last response: in Windows 2000/NT
Share
Anonymous
December 3, 2004 2:22:59 AM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Have corrupt 2000 AD no backups mixed mode with NT4 bdc's. Have 2K & XP
clients.
AD is still online might be able to push policy to turn off Kerberos or
something.

Anyone have a way to rollback to NT4 without having to re-add these clients
to the domain.

Help...

Thanks,

Todd Bergman
System Engineer ISG
mailto:tbergman@goisg.com
Anonymous
December 3, 2004 12:07:38 PM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Take the W2k machine offline and promote one
of your existing NT 4 BDCs to primary. Make
sure the BDC is replicating successfully with the
W2k server. You can open a dos prompt and run
net users to verify the user list is current. Now
you have two choices. You can upgrade the new
PDC to W2k then bring the previous machine back
online as a W2k machine and promote or you can
bring the previous W2k server back as an NT 4.0
BDC and promote to primary then upgrade to W2k.

"Todd B" <tbergman@goisg.com> wrote in message news:
> Have corrupt 2000 AD no backups mixed mode with NT4 bdc's. Have 2K &
XP
> clients.
> AD is still online might be able to push policy to turn off Kerberos
or
> something.
>
> Anyone have a way to rollback to NT4 without having to re-add these
clients
> to the domain.
Anonymous
December 4, 2004 5:44:49 PM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

I tested the process on virtual pc. The clients will not authenticate to NT
after they have been introduced to AD. In fact one process that did work
for 2000 clients was:
remove 2000 ad from net
promote one of the nt bdc's to pdc
upgrade that pdc to 2000 ad
all DNS and WINS properly configured
2000 machines seemed to work XP machines needed to rejoin domain

I guess my question to everyone is after a rollback to NT4 PDC. 2K&XP
clients will not authenticate to NT domain controllers. If I promote the
rollback server to 2000 I do not believe there is anyway to get around
rejoining the clients to the domain. The only way to have these clients
authenticate to NT4 bdc's when the domain is upgraded is Q298713 "How to
prevent overloading on the first domain controller during domain upgrade"
however this MS trick does not apply.
"Michael Giorgio - MS MVP" <Michael.Giorgio@NoSpam.mayerson.com> wrote in
message news:%239uHjJU2EHA.304@TK2MSFTNGP11.phx.gbl...
> Take the W2k machine offline and promote one
> of your existing NT 4 BDCs to primary. Make
> sure the BDC is replicating successfully with the
> W2k server. You can open a dos prompt and run
> net users to verify the user list is current. Now
> you have two choices. You can upgrade the new
> PDC to W2k then bring the previous machine back
> online as a W2k machine and promote or you can
> bring the previous W2k server back as an NT 4.0
> BDC and promote to primary then upgrade to W2k.
>
> "Todd B" <tbergman@goisg.com> wrote in message news:
>> Have corrupt 2000 AD no backups mixed mode with NT4 bdc's. Have 2K &
> XP
>> clients.
>> AD is still online might be able to push policy to turn off Kerberos
> or
>> something.
>>
>> Anyone have a way to rollback to NT4 without having to re-add these
> clients
>> to the domain.
>
>
Related resources
Anonymous
December 6, 2004 12:27:19 PM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

You say the NT clientswill not authenticate to NT after
joining the AD domain but this doesn't make sense. Can
you describe the errors you are receiving or what exactly
leads you to believe they will not authenticate to NT?

"Todd B" <tbergman@goisg.com> wrote in message news:
> I tested the process on virtual pc. The clients will not authenticate
to NT
> after they have been introduced to AD. In fact one process that did
work
> for 2000 clients was:
> remove 2000 ad from net
> promote one of the nt bdc's to pdc
> upgrade that pdc to 2000 ad
> all DNS and WINS properly configured
> 2000 machines seemed to work XP machines needed to rejoin domain
>
> I guess my question to everyone is after a rollback to NT4 PDC. 2K&XP
> clients will not authenticate to NT domain controllers. If I promote
the
> rollback server to 2000 I do not believe there is anyway to get around
> rejoining the clients to the domain. The only way to have these
clients
> authenticate to NT4 bdc's when the domain is upgraded is Q298713 "How
to
> prevent overloading on the first domain controller during domain
upgrade"
> however this MS trick does not apply.
Anonymous
December 7, 2004 2:05:49 AM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Sure does make sense. Try it in a virtual PC lab experiment.

Error "domain is unavailable" something to that extent. MS has serveral
articles on the issue. I currently am working with MS on the issue and I do
not believe there is any other way to get these clients to authenticate with
Netdom or rejoin operations.
The secure channel gets reset when you rollback and upgrade again to 2000.

"Michael Giorgio - MS MVP" <Michael.Giorgio@NoSpam.mayerson.com> wrote in
message news:o gkheC62EHA.3244@TK2MSFTNGP11.phx.gbl...
> You say the NT clientswill not authenticate to NT after
> joining the AD domain but this doesn't make sense. Can
> you describe the errors you are receiving or what exactly
> leads you to believe they will not authenticate to NT?
>
> "Todd B" <tbergman@goisg.com> wrote in message news:
>> I tested the process on virtual pc. The clients will not authenticate
> to NT
>> after they have been introduced to AD. In fact one process that did
> work
>> for 2000 clients was:
>> remove 2000 ad from net
>> promote one of the nt bdc's to pdc
>> upgrade that pdc to 2000 ad
>> all DNS and WINS properly configured
>> 2000 machines seemed to work XP machines needed to rejoin domain
>>
>> I guess my question to everyone is after a rollback to NT4 PDC. 2K&XP
>> clients will not authenticate to NT domain controllers. If I promote
> the
>> rollback server to 2000 I do not believe there is anyway to get around
>> rejoining the clients to the domain. The only way to have these
> clients
>> authenticate to NT4 bdc's when the domain is upgraded is Q298713 "How
> to
>> prevent overloading on the first domain controller during domain
> upgrade"
>> however this MS trick does not apply.
>
>
Anonymous
December 7, 2004 5:34:00 PM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

I've done this successfully in a real environment not a virtual
environment. In any case if you want help from this forum
you'll need to provide more details. A secure channel reset
is rarely a problem in NT or W2k. An error would be nice.. <g>

"Todd B" <tbergman@goisg.com> wrote in message news:
> Sure does make sense. Try it in a virtual PC lab experiment.
>
> Error "domain is unavailable" something to that extent. MS has
serveral
> articles on the issue. I currently am working with MS on the issue and
I do
> not believe there is any other way to get these clients to
authenticate with
> Netdom or rejoin operations.
> The secure channel gets reset when you rollback and upgrade again to
2000.
!