Adding an NT 4.0 BDC to 2003 Active Directory Network

Hi

I am trying to set up a test network to prepare for an Exchange 5.5 to Exchange 2003 migration. To get my regular domain accounts onto my test network I was going to add an NT 4.0 BDC to my 2003 AD domain, remove it, add it to my test environment, and promote it to the PDC. Then I was going to recreate my AD environment by upgrading this NT 4.0 machine. The problem I am running into is that when I go to create my BDC it cannot log onto my AD network so I cannot get it set up (the only copy of NT I have is 4.0 sp1).. Would the solution to this problem be to temporarily disable SMB signing on my 2003 AD domain? Are there any potential problems on my live network in doing this? Is the following procedure the correct one to make this change

In the Default Domain Controllers Policy
Under Computer Configuration/Windows Settings/Security Settings/Loca
Policies/Security Options
right-click "Microsoft network server: Digitally sign communication
(always)"
click Properties, and then click Disabled.

Thanks for any help in advance

P.S. Is there a better way to accomplish what I am trying to do in setting up a test environment? I thought about doing dcpromo on a 2003 server and then taking that box off the network and then deleting that box under AD Domain Controllers. Somewhere I heard or read that this might require some AD cleanup whereas the other method would not. Any truth to this

you can try disabling smb signing just to get the nt4 bdc up, and the domain
info copied, then re-enable it. there shouldnt be any problems unless you
have client machines set to require smb signing. can you do this off-hours
just in case?

Dan

"Philip Gerard" <(E-Mail Removed)> wrote in message
news:18CF0D51-4BBB-49B7-8114-(E-Mail Removed)...
> Hi,
>
> I am trying to set up a test network to prepare for an Exchange 5.5 to
Exchange 2003 migration. To get my regular domain accounts onto my test
network I was going to add an NT 4.0 BDC to my 2003 AD domain, remove it,
add it to my test environment, and promote it to the PDC. Then I was going
to recreate my AD environment by upgrading this NT 4.0 machine. The problem
I am running into is that when I go to create my BDC it cannot log onto my
AD network so I cannot get it set up (the only copy of NT I have is 4.0
sp1).. Would the solution to this problem be to temporarily disable SMB
signing on my 2003 AD domain? Are there any potential problems on my live
network in doing this? Is the following procedure the correct one to make
this change:
>
> In the Default Domain Controllers Policy,
> Under Computer Configuration/Windows Settings/Security Settings/Local
> Policies/Security Options,
> right-click "Microsoft network server: Digitally sign communications
> (always)",
> click Properties, and then click Disabled.
>
> Thanks for any help in advance?
>
> P.S. Is there a better way to accomplish what I am trying to do in setting
up a test environment? I thought about doing dcpromo on a 2003 server and
then taking that box off the network and then deleting that box under AD
Domain Controllers. Somewhere I heard or read that this might require some
AD cleanup whereas the other method would not. Any truth to this?
>

I thought the safest approach would be to try it off-hours.

Thanks for the reply

Philip Gerard
----- Dan DeStefano wrote: ----

you can try disabling smb signing just to get the nt4 bdc up, and the domai
info copied, then re-enable it. there shouldnt be any problems unless yo
have client machines set to require smb signing. can you do this off-hour
just in case

Da

"Philip Gerard" <(E-Mail Removed)> wrote in messag
news:18CF0D51-4BBB-49B7-8114-(E-Mail Removed)..
> Hi
>> I am trying to set up a test network to prepare for an Exchange 5.5 t
Exchange 2003 migration. To get my regular domain accounts onto my tes
network I was going to add an NT 4.0 BDC to my 2003 AD domain, remove it
add it to my test environment, and promote it to the PDC. Then I was goin
to recreate my AD environment by upgrading this NT 4.0 machine. The proble
I am running into is that when I go to create my BDC it cannot log onto m
AD network so I cannot get it set up (the only copy of NT I have is 4.
sp1).. Would the solution to this problem be to temporarily disable SM
signing on my 2003 AD domain? Are there any potential problems on my liv
network in doing this? Is the following procedure the correct one to mak
this change
>> In the Default Domain Controllers Policy
> Under Computer Configuration/Windows Settings/Security Settings/Loca
> Policies/Security Options
> right-click "Microsoft network server: Digitally sign communication
> (always)"
> click Properties, and then click Disabled
>> Thanks for any help in advance
>> P.S. Is there a better way to accomplish what I am trying to do in settin
up a test environment? I thought about doing dcpromo on a 2003 server an
then taking that box off the network and then deleting that box under A
Domain Controllers. Somewhere I heard or read that this might require som
AD cleanup whereas the other method would not. Any truth to this
>

Services Packs are free. Apply SP6a to the NT machines so it will work with
the existing 2003 system without having the "hack" things.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

"Philip Gerard" <(E-Mail Removed)> wrote in message
news:6A3BC759-C12F-4275-A9C1-(E-Mail Removed)...
> I thought the safest approach would be to try it off-hours.
>
> Thanks for the reply.
>
> Philip Gerard
> ----- Dan DeStefano wrote: -----
>
> you can try disabling smb signing just to get the nt4 bdc up, and the
domain
> info copied, then re-enable it. there shouldnt be any problems unless
you
> have client machines set to require smb signing. can you do this
off-hours
> just in case?
>
> Dan
>
> "Philip Gerard" <(E-Mail Removed)> wrote in
message
> news:18CF0D51-4BBB-49B7-8114-(E-Mail Removed)...
> > Hi,
> >> I am trying to set up a test network to prepare for an Exchange
5.5 to
> Exchange 2003 migration. To get my regular domain accounts onto my
test
> network I was going to add an NT 4.0 BDC to my 2003 AD domain, remove
it,
> add it to my test environment, and promote it to the PDC. Then I was
going
> to recreate my AD environment by upgrading this NT 4.0 machine. The
problem
> I am running into is that when I go to create my BDC it cannot log
onto my
> AD network so I cannot get it set up (the only copy of NT I have is
4.0
> sp1).. Would the solution to this problem be to temporarily disable
SMB
> signing on my 2003 AD domain? Are there any potential problems on my
live
> network in doing this? Is the following procedure the correct one to
make
> this change:
> >> In the Default Domain Controllers Policy,
> > Under Computer Configuration/Windows Settings/Security
Settings/Local
> > Policies/Security Options,
> > right-click "Microsoft network server: Digitally sign
communications
> > (always)",
> > click Properties, and then click Disabled.
> >> Thanks for any help in advance?
> >> P.S. Is there a better way to accomplish what I am trying to do in
setting
> up a test environment? I thought about doing dcpromo on a 2003 server
and
> then taking that box off the network and then deleting that box under
AD
> Domain Controllers. Somewhere I heard or read that this might require
some
> AD cleanup whereas the other method would not. Any truth to this?
> >