I have done dozens of 'upgrades' and had very few issues. This is really the
best method to upgrade as it keeps everything in tact and ADMT is a little
tougher, and longer to deal with to get everything the way you want it. What
I typically do is to introduce a new BDC onto the NT domain, this can be any
machine that runs NT but consider something with a little horsepower(RAM)
because this will ultimately be your 1st Win2k machine. Then promote it to
PDC and demote your current PDC. Once this is complete and replication looks
good then upgrade this new PDC to WIndowds 2000 and Active Directory. This
new machine will now have the AD and the old NT4 Domain Controllers will be
none the wiser that anything has changed. This way is for some reason the
'upgrade' fails and the machine Blue Screens you can just promote your
original NT4 PDC back to a PDC and everything is back to NT and no machines
even know that there was a failed upgrade. This is much faster and easier
than the ADMT. I only use the ADMT when there are issues with domain names
that need to be changed or we are using a test domain first or will be
consolidating domains. What you are describing sounds like a whole lot of
extra work that I don't feel needs to be done. You don't want to deal with
Trusts and managing them and SID's etc. I know what you mean about the
'nobody wanting to do upgrades' but this really does work quite well.
--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server
scrockel@***No_SPAM***hotmail.com
"Rich Roller" <rich_roller@*REMOVE-THIS*whitney.org> wrote in message
news:OSp%23UU$oDHA.372@TK2MSFTNGP11.phx.gbl...
> (Sorry to cross-post this... I wasn't sure which was the best
> place)
>
> I'm doing a migration from *single* NT domain to WS2003 AD with a
> customer of 250 seats. Nobody wants to do an in-place upgrade of
> PDC, etc. We are heading for doing a migration using ADMT from NT
> to a new, separate AD just being setup.
>
> My big question is: Is this a good plan? A few people (e.g. Mark
> Minasi) recommend this way but most of the docs I find are on
> in-place upgrades.
>
> My current dilemma/question is: Can I put the new AD into
> functional mode "Windows Server 2003" (domain and forest) and not
> lose anything significant with NT-side compatibility?
>
> For example, I read that ADMT will only migrate NT SID histories
> if AD is in 2000Native or WS2003 mode, and it seems like having
> SID histories might be helpful. And from what I can tell my
> two-way trusts between NT & AD will work regardless of whether AD
> is mixed or native/2003, right?
>
> The only thing I've seen that's negative is that if AD is in
> native/2003 then the old clients (Win9x/NT) will have to run the
> AD Client software in order see (and auth with) AD properly. I
> have no experience w/ the AD Client... is it seamless/painless?
>
> Is there anything else that I might lose if I have AD in 2003
> mode? (We're thinking of raising the functional level TOMORROW!)
>
> Note that for fallback reasons they want to to keep their NT
> domain just as is: BDC's & PDC in place, and rely on trusts
> between NT & AD to intercommunicate. But they won't want to keep
> two parallel SAM's in synch (manually?) for too long once they've
> migrated using ADMT so they would start phasing out NT stuff (e.g.
> unjoining member server from NT and joining to AD)
>
> Thanks in advance for any advice.
>
> Rich Roller
>
>
> >> Stay informed about: Mixed vs. Native/2003 for trusts w/ legacy NT 
FAQ
Profile
Private Messages
Log in
