Rollback to NT4 domain from 2000 mixed mode

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Have corrupt 2000 AD no backups mixed mode with NT4 bdc's. Have 2K & XP
clients.
AD is still online might be able to push policy to turn off Kerberos or
something.

Anyone have a way to rollback to NT4 without having to re-add these clients
to the domain.

Help...

Thanks,

Todd Bergman
System Engineer ISG
mailto:tbergman@goisg.com
5 answers Last reply
More about rollback domain 2000 mixed mode
  1. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    Take the W2k machine offline and promote one
    of your existing NT 4 BDCs to primary. Make
    sure the BDC is replicating successfully with the
    W2k server. You can open a dos prompt and run
    net users to verify the user list is current. Now
    you have two choices. You can upgrade the new
    PDC to W2k then bring the previous machine back
    online as a W2k machine and promote or you can
    bring the previous W2k server back as an NT 4.0
    BDC and promote to primary then upgrade to W2k.

    "Todd B" <tbergman@goisg.com> wrote in message news:
    > Have corrupt 2000 AD no backups mixed mode with NT4 bdc's. Have 2K &
    XP
    > clients.
    > AD is still online might be able to push policy to turn off Kerberos
    or
    > something.
    >
    > Anyone have a way to rollback to NT4 without having to re-add these
    clients
    > to the domain.
  2. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    I tested the process on virtual pc. The clients will not authenticate to NT
    after they have been introduced to AD. In fact one process that did work
    for 2000 clients was:
    remove 2000 ad from net
    promote one of the nt bdc's to pdc
    upgrade that pdc to 2000 ad
    all DNS and WINS properly configured
    2000 machines seemed to work XP machines needed to rejoin domain

    I guess my question to everyone is after a rollback to NT4 PDC. 2K&XP
    clients will not authenticate to NT domain controllers. If I promote the
    rollback server to 2000 I do not believe there is anyway to get around
    rejoining the clients to the domain. The only way to have these clients
    authenticate to NT4 bdc's when the domain is upgraded is Q298713 "How to
    prevent overloading on the first domain controller during domain upgrade"
    however this MS trick does not apply.
    "Michael Giorgio - MS MVP" <Michael.Giorgio@NoSpam.mayerson.com> wrote in
    message news:%239uHjJU2EHA.304@TK2MSFTNGP11.phx.gbl...
    > Take the W2k machine offline and promote one
    > of your existing NT 4 BDCs to primary. Make
    > sure the BDC is replicating successfully with the
    > W2k server. You can open a dos prompt and run
    > net users to verify the user list is current. Now
    > you have two choices. You can upgrade the new
    > PDC to W2k then bring the previous machine back
    > online as a W2k machine and promote or you can
    > bring the previous W2k server back as an NT 4.0
    > BDC and promote to primary then upgrade to W2k.
    >
    > "Todd B" <tbergman@goisg.com> wrote in message news:
    >> Have corrupt 2000 AD no backups mixed mode with NT4 bdc's. Have 2K &
    > XP
    >> clients.
    >> AD is still online might be able to push policy to turn off Kerberos
    > or
    >> something.
    >>
    >> Anyone have a way to rollback to NT4 without having to re-add these
    > clients
    >> to the domain.
    >
    >
  3. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    You say the NT clientswill not authenticate to NT after
    joining the AD domain but this doesn't make sense. Can
    you describe the errors you are receiving or what exactly
    leads you to believe they will not authenticate to NT?

    "Todd B" <tbergman@goisg.com> wrote in message news:
    > I tested the process on virtual pc. The clients will not authenticate
    to NT
    > after they have been introduced to AD. In fact one process that did
    work
    > for 2000 clients was:
    > remove 2000 ad from net
    > promote one of the nt bdc's to pdc
    > upgrade that pdc to 2000 ad
    > all DNS and WINS properly configured
    > 2000 machines seemed to work XP machines needed to rejoin domain
    >
    > I guess my question to everyone is after a rollback to NT4 PDC. 2K&XP
    > clients will not authenticate to NT domain controllers. If I promote
    the
    > rollback server to 2000 I do not believe there is anyway to get around
    > rejoining the clients to the domain. The only way to have these
    clients
    > authenticate to NT4 bdc's when the domain is upgraded is Q298713 "How
    to
    > prevent overloading on the first domain controller during domain
    upgrade"
    > however this MS trick does not apply.
  4. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    Sure does make sense. Try it in a virtual PC lab experiment.

    Error "domain is unavailable" something to that extent. MS has serveral
    articles on the issue. I currently am working with MS on the issue and I do
    not believe there is any other way to get these clients to authenticate with
    Netdom or rejoin operations.
    The secure channel gets reset when you rollback and upgrade again to 2000.

    "Michael Giorgio - MS MVP" <Michael.Giorgio@NoSpam.mayerson.com> wrote in
    message news:OgkheC62EHA.3244@TK2MSFTNGP11.phx.gbl...
    > You say the NT clientswill not authenticate to NT after
    > joining the AD domain but this doesn't make sense. Can
    > you describe the errors you are receiving or what exactly
    > leads you to believe they will not authenticate to NT?
    >
    > "Todd B" <tbergman@goisg.com> wrote in message news:
    >> I tested the process on virtual pc. The clients will not authenticate
    > to NT
    >> after they have been introduced to AD. In fact one process that did
    > work
    >> for 2000 clients was:
    >> remove 2000 ad from net
    >> promote one of the nt bdc's to pdc
    >> upgrade that pdc to 2000 ad
    >> all DNS and WINS properly configured
    >> 2000 machines seemed to work XP machines needed to rejoin domain
    >>
    >> I guess my question to everyone is after a rollback to NT4 PDC. 2K&XP
    >> clients will not authenticate to NT domain controllers. If I promote
    > the
    >> rollback server to 2000 I do not believe there is anyway to get around
    >> rejoining the clients to the domain. The only way to have these
    > clients
    >> authenticate to NT4 bdc's when the domain is upgraded is Q298713 "How
    > to
    >> prevent overloading on the first domain controller during domain
    > upgrade"
    >> however this MS trick does not apply.
    >
    >
  5. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    I've done this successfully in a real environment not a virtual
    environment. In any case if you want help from this forum
    you'll need to provide more details. A secure channel reset
    is rarely a problem in NT or W2k. An error would be nice.. <g>

    "Todd B" <tbergman@goisg.com> wrote in message news:
    > Sure does make sense. Try it in a virtual PC lab experiment.
    >
    > Error "domain is unavailable" something to that extent. MS has
    serveral
    > articles on the issue. I currently am working with MS on the issue and
    I do
    > not believe there is any other way to get these clients to
    authenticate with
    > Netdom or rejoin operations.
    > The secure channel gets reset when you rollback and upgrade again to
    2000.
Ask a new question

Read More

Domain Microsoft Windows XP Windows