Windows 2000 Server as BDC in Windows NT 4.0 Domain

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

I have a small Windows NT 4.0 Domain with 1 Windows NT 4.0 Server as PDC and
3 Windows 2000 Servers configured as member servers with no AD. Is it
possible to configure one of the W2K servers to act as a BDC for the NT
domain? If so, could you direct me to the appropriate infomation source for
accomplishing this task. If not, could you recommend a path of least
resistance to allow us to have some redundancy for network authentication in
the domain. Thanks in advance for any help you can offer!

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

You have no AD therefore W2k or higher cannot be
a DC. The AD is required. How about upgrading to
W2k or higher?

"jpatepm" <jpatepm@discussions.microsoft.com> wrote in message news:
> I have a small Windows NT 4.0 Domain with 1 Windows NT 4.0 Server as PDC
and
> 3 Windows 2000 Servers configured as member servers with no AD. Is it
> possible to configure one of the W2K servers to act as a BDC for the NT
> domain? If so, could you direct me to the appropriate infomation source
for
> accomplishing this task. If not, could you recommend a path of least
> resistance to allow us to have some redundancy for network authentication
in
> the domain. Thanks in advance for any help you can offer!

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Thanks for the quick response...sadly, financial restraints at the current
time keep us from being able to purchase a new server capable of handling
W2K+ and I forgot to mention that we have 1 Linux server on the network which
I believe keeps us from going to native mode and using AD..correct?? Even if
we had all W2K servers and just the one Linux server, we still can't go
native mode..is there any other way to get redundancy in authentication?

"Michael Giorgio - MS MVP" wrote:

> You have no AD therefore W2k or higher cannot be
> a DC. The AD is required. How about upgrading to
> W2k or higher?
>
> "jpatepm" <jpatepm@discussions.microsoft.com> wrote in message news:
> > I have a small Windows NT 4.0 Domain with 1 Windows NT 4.0 Server as PDC
> and
> > 3 Windows 2000 Servers configured as member servers with no AD. Is it
> > possible to configure one of the W2K servers to act as a BDC for the NT
> > domain? If so, could you direct me to the appropriate infomation source
> for
> > accomplishing this task. If not, could you recommend a path of least
> > resistance to allow us to have some redundancy for network authentication
> in
> > the domain. Thanks in advance for any help you can offer!
>
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

ERD using the /s extension?
How many users / computers are we talking?

"jpatepm" <jpatepm@discussions.microsoft.com> wrote in message news:
> Thanks for the quick response...sadly, financial restraints at the current
> time keep us from being able to purchase a new server capable of handling
> W2K+ and I forgot to mention that we have 1 Linux server on the network
which
> I believe keeps us from going to native mode and using AD..correct?? Even
if
> we had all W2K servers and just the one Linux server, we still can't go
> native mode..is there any other way to get redundancy in authentication?
>
> "Michael Giorgio - MS MVP" wrote:
>
> > You have no AD therefore W2k or higher cannot be
> > a DC. The AD is required. How about upgrading to
> > W2k or higher?
> >
> > "jpatepm" <jpatepm@discussions.microsoft.com> wrote in message news:
> > > I have a small Windows NT 4.0 Domain with 1 Windows NT 4.0 Server as
PDC
> > and
> > > 3 Windows 2000 Servers configured as member servers with no AD. Is it
> > > possible to configure one of the W2K servers to act as a BDC for the
NT
> > > domain? If so, could you direct me to the appropriate infomation
source
> > for
> > > accomplishing this task. If not, could you recommend a path of least
> > > resistance to allow us to have some redundancy for network
authentication
> > in
> > > the domain. Thanks in advance for any help you can offer!
> >
> >
> >

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Michael, I'm not sure I understood your response below..we have <20 users/ <
50 PCs / 5 servers: 1 NT(PDC),1 Linux(member), 3 W2K(member) Jim

"Michael Giorgio - MS MVP" wrote:

> ERD using the /s extension?
> How many users / computers are we talking?
>
> "jpatepm" <jpatepm@discussions.microsoft.com> wrote in message news:
> > Thanks for the quick response...sadly, financial restraints at the current
> > time keep us from being able to purchase a new server capable of handling
> > W2K+ and I forgot to mention that we have 1 Linux server on the network
> which
> > I believe keeps us from going to native mode and using AD..correct?? Even
> if
> > we had all W2K servers and just the one Linux server, we still can't go
> > native mode..is there any other way to get redundancy in authentication?
> >
> > "Michael Giorgio - MS MVP" wrote:
> >
> > > You have no AD therefore W2k or higher cannot be
> > > a DC. The AD is required. How about upgrading to
> > > W2k or higher?
> > >
> > > "jpatepm" <jpatepm@discussions.microsoft.com> wrote in message news:
> > > > I have a small Windows NT 4.0 Domain with 1 Windows NT 4.0 Server as
> PDC
> > > and
> > > > 3 Windows 2000 Servers configured as member servers with no AD. Is it
> > > > possible to configure one of the W2K servers to act as a BDC for the
> NT
> > > > domain? If so, could you direct me to the appropriate infomation
> source
> > > for
> > > > accomplishing this task. If not, could you recommend a path of least
> > > > resistance to allow us to have some redundancy for network
> authentication
> > > in
> > > > the domain. Thanks in advance for any help you can offer!
> > >
> > >
> > >
>
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Emergency Repair Disk = ERD. Use the /s extension to
save the SAM and Security files.


"jpatepm" <jpatepm@discussions.microsoft.com> wrote in message news:
> Michael, I'm not sure I understood your response below..we have <20 users/
<
> 50 PCs / 5 servers: 1 NT(PDC),1 Linux(member), 3 W2K(member) Jim
>

 

[Diane]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Michael,

We are in a similar situation to Jamie, but have a backup drive in the
system. Could you please advise what files we can add to the backup to save
the SAM and Security Files?

Thanks very much,



"Michael Giorgio - MS MVP" wrote:

> Emergency Repair Disk = ERD. Use the /s extension to
> save the SAM and Security files.
>
>
> "jpatepm" <jpatepm@discussions.microsoft.com> wrote in message news:
> > Michael, I'm not sure I understood your response below..we have <20 users/
> <
> > 50 PCs / 5 servers: 1 NT(PDC),1 Linux(member), 3 W2K(member) Jim
> >
>
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Run rdisk /s then copy the following
directory: c:\winnt\repair
The sam._ security._ file in the folder
is what you are looking for but get the
entire directory.
"Diane" <Diane@discussions.microsoft.com> wrote in message news:...
> Michael,
>
> We are in a similar situation to Jamie, but have a backup drive in the
> system. Could you please advise what files we can add to the backup to
save
> the SAM and Security Files?
>
> Thanks very much,

 

[Diane]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Michael,

Thank you for replying so quickly. Would you have any idea how we can
project how large the repair folder will be after running rdisk? To add to
the matter, we have limited disk space on this system. The domain only has
about 60 users.

I would also appreciate the benefit of your NT knowledge with respect to
migrating users to a seperate win2k domain we currently have in place for
email. The NT 4 box/domain is used for network logons and a few older apps.
The win2k (mixed mode) domain already has the same users in AD. We have kept
the user information and passwords the same in both domains. Currently,
trusts are set up between the 2 domains. We want to phase out the NT4
domain. The issue has been lack of understanding of a few areas:
1. How to migrate the user accounts such that desktop profiles are retained
and, what system accounts, if any, we need to worry about migrating. I have
looked at ADMT which requires native mode so we would have to take the win2k
domain to native. However, se're not sure how to get the user accounts to
the AD (since they already exist) and effectively "add" the NT
profile/security info. to their win2k information without causing issues with
their current win2k security profiles.
2. Users will still need access to the NT4 box for some of the older apps.
The firm has been reluctant to upgrade to newer versions for cost reasons.
Will going to native mode in the win2k domain have any impact on the NT to
win2k domains trusts currently in place (i.e. they won't work)?

Your guidance and suggestions would be much appreciated.

Diane

"Michael Giorgio - MS MVP" wrote:

> Run rdisk /s then copy the following
> directory: c:\winnt\repair
> The sam._ security._ file in the folder
> is what you are looking for but get the
> entire directory.
> "Diane" <Diane@discussions.microsoft.com> wrote in message news:...
> > Michael,
> >
> > We are in a similar situation to Jamie, but have a backup drive in the
> > system. Could you please advise what files we can add to the backup to
> save
> > the SAM and Security Files?
> >
> > Thanks very much,
>
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

"Diane" <Diane@discussions.microsoft.com> wrote in message news:
> Michael,
>
> Thank you for replying so quickly. Would you have any idea how we can
> project how large the repair folder will be after running rdisk? To add
to
> the matter, we have limited disk space on this system. The domain only
has
> about 60 users.

Less than the size of a 3.5 inch diskette.

>
> I would also appreciate the benefit of your NT knowledge with respect to
> migrating users to a seperate win2k domain we currently have in place for
> email. The NT 4 box/domain is used for network logons and a few older
apps.
> The win2k (mixed mode) domain already has the same users in AD. We have
kept
> the user information and passwords the same in both domains. Currently,
> trusts are set up between the 2 domains. We want to phase out the NT4
> domain. The issue has been lack of understanding of a few areas:
> 1. How to migrate the user accounts such that desktop profiles are
retained
> and, what system accounts, if any, we need to worry about migrating. I
have
> looked at ADMT which requires native mode so we would have to take the
win2k
> domain to native. However, se're not sure how to get the user accounts to
> the AD (since they already exist) and effectively "add" the NT
> profile/security info. to their win2k information without causing issues
with
> their current win2k security profiles.

I wasn't aware of that fact. Do you have a reference?
I don't see that step in migration setup KB article:

http://support.microsoft.com/default.aspx?scid=kb;en-us;260871

> 2. Users will still need access to the NT4 box for some of the older
apps.
> The firm has been reluctant to upgrade to newer versions for cost reasons.
> Will going to native mode in the win2k domain have any impact on the NT to
> win2k domains trusts currently in place (i.e. they won't work)?
>

Changing from mixed mode to native mode will only affect
downlevel domain controllers e.g., NT BDCs in your W2k
domain will not be able to replicate with the W2k3 PDC
emulator. If you have no downlevel DCs (NT 4.0 DCs) in
your W2k3 domain and you never plan to have one setup
you can switch to native mode.

 

[Diane]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Yes, it surprised me as well since none of the documentation mentioned it.
When I tried to run a trial migration on an account, shortly into the process
I got a message that the domain had to be native mode and could go no
further. Many of the ADMT references do not mention this. I found a
reference in the following migration cookbook chapter:

http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/cookbook/cookchp9.mspx

Domain Migration Cookbook
Chapter 9: Migration of a Windows NT 4.0 Account Domain to Active Directory

"Target domain - the Windows 2000 native mode domain in which the migrated
principal account is created."

So, we'll go to native mode. Any help on prior questions related to the
user and system accounts would be greatly appreciated.

Thanks again,

"Michael Giorgio - MS MVP" wrote:

>
> "Diane" <Diane@discussions.microsoft.com> wrote in message news:
> > Michael,
> >
> > Thank you for replying so quickly. Would you have any idea how we can
> > project how large the repair folder will be after running rdisk? To add
> to
> > the matter, we have limited disk space on this system. The domain only
> has
> > about 60 users.
>
> Less than the size of a 3.5 inch diskette.
>
> >
> > I would also appreciate the benefit of your NT knowledge with respect to
> > migrating users to a seperate win2k domain we currently have in place for
> > email. The NT 4 box/domain is used for network logons and a few older
> apps.
> > The win2k (mixed mode) domain already has the same users in AD. We have
> kept
> > the user information and passwords the same in both domains. Currently,
> > trusts are set up between the 2 domains. We want to phase out the NT4
> > domain. The issue has been lack of understanding of a few areas:
> > 1. How to migrate the user accounts such that desktop profiles are
> retained
> > and, what system accounts, if any, we need to worry about migrating. I
> have
> > looked at ADMT which requires native mode so we would have to take the
> win2k
> > domain to native. However, se're not sure how to get the user accounts to
> > the AD (since they already exist) and effectively "add" the NT
> > profile/security info. to their win2k information without causing issues
> with
> > their current win2k security profiles.
>
> I wasn't aware of that fact. Do you have a reference?
> I don't see that step in migration setup KB article:
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;260871
>
> > 2. Users will still need access to the NT4 box for some of the older
> apps.
> > The firm has been reluctant to upgrade to newer versions for cost reasons.
> > Will going to native mode in the win2k domain have any impact on the NT to
> > win2k domains trusts currently in place (i.e. they won't work)?
> >
>
> Changing from mixed mode to native mode will only affect
> downlevel domain controllers e.g., NT BDCs in your W2k
> domain will not be able to replicate with the W2k3 PDC
> emulator. If you have no downlevel DCs (NT 4.0 DCs) in
> your W2k3 domain and you never plan to have one setup
> you can switch to native mode.
>
>
>