Rollback to NT4 Domain from 2000

Archived from groups: microsoft.public.win2000.setup_deployment (More info?)

Have corrupt 2000 AD no backups mixed mode with NT4 bdc's. Have 2K & XP
clients.

Anyone have a way to rollback to NT4 without having to re-add these clients
to the domain.

Help...

Thanks,

Todd Bergman
System Engineer ISG
mailto:tbergman@goisg.com

Archived from groups: microsoft.public.win2000.setup_deployment (More info?)

Once a windows 2000 AD controller is added to your network. 2000 and XP
clients switch default authentication to Kerberos. Once the AD controller
goes offline these client will not authenticate. I have looked at the
articles for AD overload unfortunately these reg hacks needed to be done
prior to AD upgrade. How can I redirect XP and 2000 clients to authenticate
to an NT4 pdc after AD. No kerberos.


"Dusko Savatovic" <savatovic.removespam@hotmail.com> wrote in message
news:uBNyz9S2EHA.2804@TK2MSFTNGP15.phx.gbl...
> If your domain is 2000 mixed mode, then it is NT4 domain (sort of).
> Just, remove any Win2000 DC's, and promote one NT4 BDC to become PDC.
>
> Dusko Savatovic
>
>
> "Todd B" <tbergman@goisg.com> wrote in message
> news:ePpT4zO2EHA.2112@TK2MSFTNGP15.phx.gbl...
>> Have corrupt 2000 AD no backups mixed mode with NT4 bdc's. Have 2K & XP
>> clients.
>>
>> Anyone have a way to rollback to NT4 without having to re-add these
>> clients to the domain.
>>
>> Help...
>>
>> Thanks,
>>
>> Todd Bergman
>> System Engineer ISG
>> mailto:tbergman@goisg.com
>>
>>
>
>

Archived from groups: microsoft.public.win2000.setup_deployment (More info?)

Yes I am using VPC...save hours and hours to run scenarios. I am actually
working with Microsoft on this issue and they aren't gettin much further.
Bottom Line is I am either using Netdom or just rejoining each workstation
back to the Domain.
WINS and DNS aren't the issues in this case I have them set correctly.
The issue is the secure channel. With an AD DC. Once you introduce the new
one its reset and the workstations need to be reset for the new DC. Even if
I would promote the designated rollback PDC to 2000 the secure channel would
be reset.

"Dusko Savatovic" <savatovic.removespam@hotmail.com> wrote in message
newsTC$qS62EHA.1524@TK2MSFTNGP09.phx.gbl...
> As I remember, it was recommended in Microsoft's papers that when you do
> in-place upgrade, you should switch off your NT4 BDC and lock it in a
> cupboard for safe keeping. That's your returning point.
>
> Also, AIUI, Win2k and above indeed use Kerberos as default authentication
> protocol, but if Kerberos is unavailable, they will automatically fall
> back to NTLM.
>
> As I remember, authentication in WinNT networks relied on NetBIOS name
> resolution service (unlike DNS service in Win2k and above). Therefore, you
> should arrange for a good NetBIOS name resolution on your network (WINS
> service).
>
> What would happen if you try the complete exercise again?
> 1. get rid of present Win2k DC's
> 2. Promote your old NT4 BDC to PDC
> 3. Do in-place upgrade to Win2k.
>
> I understand that it can be pain, but tools like Ghost and Virtual PC (or
> VMWare) should make it easier.
>
> Dusko Savatovic
>
>
> "Todd B" <tbergman@goisg.com> wrote in message
> newsaQQa5T2EHA.1392@tk2msftngp13.phx.gbl...
>> Once a windows 2000 AD controller is added to your network. 2000 and XP
>> clients switch default authentication to Kerberos. Once the AD controller
>> goes offline these client will not authenticate. I have looked at the
>> articles for AD overload unfortunately these reg hacks needed to be done
>> prior to AD upgrade. How can I redirect XP and 2000 clients to
>> authenticate to an NT4 pdc after AD. No kerberos.
>>
>
>