Windows 2000 Server as BDC in Windows NT 4.0 Domain

Archived from groups: microsoft.public.windowsnt.domain (More info?)

I have a small Windows NT 4.0 Domain with 1 Windows NT 4.0 Server as PDC and
3 Windows 2000 Servers configured as member servers with no AD. Is it
possible to configure one of the W2K servers to act as a BDC for the NT
domain? If so, could you direct me to the appropriate infomation source for
accomplishing this task. If not, could you recommend a path of least
resistance to allow us to have some redundancy for network authentication in
the domain. Thanks in advance for any help you can offer!
10 answers Last reply
More about windows 2000 server windows domain
  1. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    You have no AD therefore W2k or higher cannot be
    a DC. The AD is required. How about upgrading to
    W2k or higher?

    "jpatepm" <jpatepm@discussions.microsoft.com> wrote in message news:
    > I have a small Windows NT 4.0 Domain with 1 Windows NT 4.0 Server as PDC
    and
    > 3 Windows 2000 Servers configured as member servers with no AD. Is it
    > possible to configure one of the W2K servers to act as a BDC for the NT
    > domain? If so, could you direct me to the appropriate infomation source
    for
    > accomplishing this task. If not, could you recommend a path of least
    > resistance to allow us to have some redundancy for network authentication
    in
    > the domain. Thanks in advance for any help you can offer!
  2. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    Thanks for the quick response...sadly, financial restraints at the current
    time keep us from being able to purchase a new server capable of handling
    W2K+ and I forgot to mention that we have 1 Linux server on the network which
    I believe keeps us from going to native mode and using AD..correct?? Even if
    we had all W2K servers and just the one Linux server, we still can't go
    native mode..is there any other way to get redundancy in authentication?

    "Michael Giorgio - MS MVP" wrote:

    > You have no AD therefore W2k or higher cannot be
    > a DC. The AD is required. How about upgrading to
    > W2k or higher?
    >
    > "jpatepm" <jpatepm@discussions.microsoft.com> wrote in message news:
    > > I have a small Windows NT 4.0 Domain with 1 Windows NT 4.0 Server as PDC
    > and
    > > 3 Windows 2000 Servers configured as member servers with no AD. Is it
    > > possible to configure one of the W2K servers to act as a BDC for the NT
    > > domain? If so, could you direct me to the appropriate infomation source
    > for
    > > accomplishing this task. If not, could you recommend a path of least
    > > resistance to allow us to have some redundancy for network authentication
    > in
    > > the domain. Thanks in advance for any help you can offer!
    >
    >
    >
  3. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    ERD using the /s extension?
    How many users / computers are we talking?

    "jpatepm" <jpatepm@discussions.microsoft.com> wrote in message news:
    > Thanks for the quick response...sadly, financial restraints at the current
    > time keep us from being able to purchase a new server capable of handling
    > W2K+ and I forgot to mention that we have 1 Linux server on the network
    which
    > I believe keeps us from going to native mode and using AD..correct?? Even
    if
    > we had all W2K servers and just the one Linux server, we still can't go
    > native mode..is there any other way to get redundancy in authentication?
    >
    > "Michael Giorgio - MS MVP" wrote:
    >
    > > You have no AD therefore W2k or higher cannot be
    > > a DC. The AD is required. How about upgrading to
    > > W2k or higher?
    > >
    > > "jpatepm" <jpatepm@discussions.microsoft.com> wrote in message news:
    > > > I have a small Windows NT 4.0 Domain with 1 Windows NT 4.0 Server as
    PDC
    > > and
    > > > 3 Windows 2000 Servers configured as member servers with no AD. Is it
    > > > possible to configure one of the W2K servers to act as a BDC for the
    NT
    > > > domain? If so, could you direct me to the appropriate infomation
    source
    > > for
    > > > accomplishing this task. If not, could you recommend a path of least
    > > > resistance to allow us to have some redundancy for network
    authentication
    > > in
    > > > the domain. Thanks in advance for any help you can offer!
    > >
    > >
    > >
  4. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    Michael, I'm not sure I understood your response below..we have <20 users/ <
    50 PCs / 5 servers: 1 NT(PDC),1 Linux(member), 3 W2K(member) Jim

    "Michael Giorgio - MS MVP" wrote:

    > ERD using the /s extension?
    > How many users / computers are we talking?
    >
    > "jpatepm" <jpatepm@discussions.microsoft.com> wrote in message news:
    > > Thanks for the quick response...sadly, financial restraints at the current
    > > time keep us from being able to purchase a new server capable of handling
    > > W2K+ and I forgot to mention that we have 1 Linux server on the network
    > which
    > > I believe keeps us from going to native mode and using AD..correct?? Even
    > if
    > > we had all W2K servers and just the one Linux server, we still can't go
    > > native mode..is there any other way to get redundancy in authentication?
    > >
    > > "Michael Giorgio - MS MVP" wrote:
    > >
    > > > You have no AD therefore W2k or higher cannot be
    > > > a DC. The AD is required. How about upgrading to
    > > > W2k or higher?
    > > >
    > > > "jpatepm" <jpatepm@discussions.microsoft.com> wrote in message news:
    > > > > I have a small Windows NT 4.0 Domain with 1 Windows NT 4.0 Server as
    > PDC
    > > > and
    > > > > 3 Windows 2000 Servers configured as member servers with no AD. Is it
    > > > > possible to configure one of the W2K servers to act as a BDC for the
    > NT
    > > > > domain? If so, could you direct me to the appropriate infomation
    > source
    > > > for
    > > > > accomplishing this task. If not, could you recommend a path of least
    > > > > resistance to allow us to have some redundancy for network
    > authentication
    > > > in
    > > > > the domain. Thanks in advance for any help you can offer!
    > > >
    > > >
    > > >
    >
    >
    >
  5. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    Emergency Repair Disk = ERD. Use the /s extension to
    save the SAM and Security files.


    "jpatepm" <jpatepm@discussions.microsoft.com> wrote in message news:
    > Michael, I'm not sure I understood your response below..we have <20 users/
    <
    > 50 PCs / 5 servers: 1 NT(PDC),1 Linux(member), 3 W2K(member) Jim
    >
  6. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    Michael,

    We are in a similar situation to Jamie, but have a backup drive in the
    system. Could you please advise what files we can add to the backup to save
    the SAM and Security Files?

    Thanks very much,



    "Michael Giorgio - MS MVP" wrote:

    > Emergency Repair Disk = ERD. Use the /s extension to
    > save the SAM and Security files.
    >
    >
    > "jpatepm" <jpatepm@discussions.microsoft.com> wrote in message news:
    > > Michael, I'm not sure I understood your response below..we have <20 users/
    > <
    > > 50 PCs / 5 servers: 1 NT(PDC),1 Linux(member), 3 W2K(member) Jim
    > >
    >
    >
    >
  7. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    Run rdisk /s then copy the following
    directory: c:\winnt\repair
    The sam._ security._ file in the folder
    is what you are looking for but get the
    entire directory.
    "Diane" <Diane@discussions.microsoft.com> wrote in message news:...
    > Michael,
    >
    > We are in a similar situation to Jamie, but have a backup drive in the
    > system. Could you please advise what files we can add to the backup to
    save
    > the SAM and Security Files?
    >
    > Thanks very much,
  8. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    Michael,

    Thank you for replying so quickly. Would you have any idea how we can
    project how large the repair folder will be after running rdisk? To add to
    the matter, we have limited disk space on this system. The domain only has
    about 60 users.

    I would also appreciate the benefit of your NT knowledge with respect to
    migrating users to a seperate win2k domain we currently have in place for
    email. The NT 4 box/domain is used for network logons and a few older apps.
    The win2k (mixed mode) domain already has the same users in AD. We have kept
    the user information and passwords the same in both domains. Currently,
    trusts are set up between the 2 domains. We want to phase out the NT4
    domain. The issue has been lack of understanding of a few areas:
    1. How to migrate the user accounts such that desktop profiles are retained
    and, what system accounts, if any, we need to worry about migrating. I have
    looked at ADMT which requires native mode so we would have to take the win2k
    domain to native. However, se're not sure how to get the user accounts to
    the AD (since they already exist) and effectively "add" the NT
    profile/security info. to their win2k information without causing issues with
    their current win2k security profiles.
    2. Users will still need access to the NT4 box for some of the older apps.
    The firm has been reluctant to upgrade to newer versions for cost reasons.
    Will going to native mode in the win2k domain have any impact on the NT to
    win2k domains trusts currently in place (i.e. they won't work)?

    Your guidance and suggestions would be much appreciated.

    Diane

    "Michael Giorgio - MS MVP" wrote:

    > Run rdisk /s then copy the following
    > directory: c:\winnt\repair
    > The sam._ security._ file in the folder
    > is what you are looking for but get the
    > entire directory.
    > "Diane" <Diane@discussions.microsoft.com> wrote in message news:...
    > > Michael,
    > >
    > > We are in a similar situation to Jamie, but have a backup drive in the
    > > system. Could you please advise what files we can add to the backup to
    > save
    > > the SAM and Security Files?
    > >
    > > Thanks very much,
    >
    >
    >
  9. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    "Diane" <Diane@discussions.microsoft.com> wrote in message news:
    > Michael,
    >
    > Thank you for replying so quickly. Would you have any idea how we can
    > project how large the repair folder will be after running rdisk? To add
    to
    > the matter, we have limited disk space on this system. The domain only
    has
    > about 60 users.

    Less than the size of a 3.5 inch diskette.

    >
    > I would also appreciate the benefit of your NT knowledge with respect to
    > migrating users to a seperate win2k domain we currently have in place for
    > email. The NT 4 box/domain is used for network logons and a few older
    apps.
    > The win2k (mixed mode) domain already has the same users in AD. We have
    kept
    > the user information and passwords the same in both domains. Currently,
    > trusts are set up between the 2 domains. We want to phase out the NT4
    > domain. The issue has been lack of understanding of a few areas:
    > 1. How to migrate the user accounts such that desktop profiles are
    retained
    > and, what system accounts, if any, we need to worry about migrating. I
    have
    > looked at ADMT which requires native mode so we would have to take the
    win2k
    > domain to native. However, se're not sure how to get the user accounts to
    > the AD (since they already exist) and effectively "add" the NT
    > profile/security info. to their win2k information without causing issues
    with
    > their current win2k security profiles.

    I wasn't aware of that fact. Do you have a reference?
    I don't see that step in migration setup KB article:

    http://support.microsoft.com/default.aspx?scid=kb;en-us;260871

    > 2. Users will still need access to the NT4 box for some of the older
    apps.
    > The firm has been reluctant to upgrade to newer versions for cost reasons.
    > Will going to native mode in the win2k domain have any impact on the NT to
    > win2k domains trusts currently in place (i.e. they won't work)?
    >

    Changing from mixed mode to native mode will only affect
    downlevel domain controllers e.g., NT BDCs in your W2k
    domain will not be able to replicate with the W2k3 PDC
    emulator. If you have no downlevel DCs (NT 4.0 DCs) in
    your W2k3 domain and you never plan to have one setup
    you can switch to native mode.
  10. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    Yes, it surprised me as well since none of the documentation mentioned it.
    When I tried to run a trial migration on an account, shortly into the process
    I got a message that the domain had to be native mode and could go no
    further. Many of the ADMT references do not mention this. I found a
    reference in the following migration cookbook chapter:

    http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/cookbook/cookchp9.mspx

    Domain Migration Cookbook
    Chapter 9: Migration of a Windows NT 4.0 Account Domain to Active Directory

    "Target domain - the Windows 2000 native mode domain in which the migrated
    principal account is created."

    So, we'll go to native mode. Any help on prior questions related to the
    user and system accounts would be greatly appreciated.

    Thanks again,

    "Michael Giorgio - MS MVP" wrote:

    >
    > "Diane" <Diane@discussions.microsoft.com> wrote in message news:
    > > Michael,
    > >
    > > Thank you for replying so quickly. Would you have any idea how we can
    > > project how large the repair folder will be after running rdisk? To add
    > to
    > > the matter, we have limited disk space on this system. The domain only
    > has
    > > about 60 users.
    >
    > Less than the size of a 3.5 inch diskette.
    >
    > >
    > > I would also appreciate the benefit of your NT knowledge with respect to
    > > migrating users to a seperate win2k domain we currently have in place for
    > > email. The NT 4 box/domain is used for network logons and a few older
    > apps.
    > > The win2k (mixed mode) domain already has the same users in AD. We have
    > kept
    > > the user information and passwords the same in both domains. Currently,
    > > trusts are set up between the 2 domains. We want to phase out the NT4
    > > domain. The issue has been lack of understanding of a few areas:
    > > 1. How to migrate the user accounts such that desktop profiles are
    > retained
    > > and, what system accounts, if any, we need to worry about migrating. I
    > have
    > > looked at ADMT which requires native mode so we would have to take the
    > win2k
    > > domain to native. However, se're not sure how to get the user accounts to
    > > the AD (since they already exist) and effectively "add" the NT
    > > profile/security info. to their win2k information without causing issues
    > with
    > > their current win2k security profiles.
    >
    > I wasn't aware of that fact. Do you have a reference?
    > I don't see that step in migration setup KB article:
    >
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;260871
    >
    > > 2. Users will still need access to the NT4 box for some of the older
    > apps.
    > > The firm has been reluctant to upgrade to newer versions for cost reasons.
    > > Will going to native mode in the win2k domain have any impact on the NT to
    > > win2k domains trusts currently in place (i.e. they won't work)?
    > >
    >
    > Changing from mixed mode to native mode will only affect
    > downlevel domain controllers e.g., NT BDCs in your W2k
    > domain will not be able to replicate with the W2k3 PDC
    > emulator. If you have no downlevel DCs (NT 4.0 DCs) in
    > your W2k3 domain and you never plan to have one setup
    > you can switch to native mode.
    >
    >
    >
Ask a new question

Read More

Domain Windows 2000 Windows NT Servers Windows