The ADMT will "move" the Machines and the Users/Groups/Permissions to the
new domain and disable the old accounts on the NT domain as it does it so
that users won't log into the wrong one and screw up the user profile after
the move. It is VERY important that the user log into the new Domain
correctly the FIRST time. If they don't I have seen the user profiles get
screwed up and the machine creates a new one instead of using their original
one.
The SID History is copied to the new domain so that user's SIDs (both old
and new) are recognized by the new domain. This is how the Profile and File
share permissions are maintained.
Leave the old domain running for a few days.
Wait a day or so, run the ADMT to remove the SID History.
Wait another day or so to see if everything is still workng Ok,...then
remove the Domain Trust.
Wait another day (just to be safe) and assure all replication is completed
after the Trust is gone,...then power down the old domain and consider it
"gone".
Learn/know the ADMT documentaion very very well,....because I am sure I
probably forgot something I should have told you...that I'll remember
later.. :-)
Personally, I might do it differnetly. The way I suggest below will cause
no inconvenience to the user,..there will be less cleanup,...and it will
actually still be the same Domain and not a new Domain,...which means there
is almost no chance of permissions or profile problems.
First make full backups ot the original PDC,...maybe even Ghost images or
some other Driving imaging tool. Then.....
1. Fine a simple PC powerfull enough to at least run Server 2003. It
doesn't have to run fast,...it just has to run. Borrow one,..steal
one,...whatever,...it is only temporary.
2. Load NT40 on the PC as a BDC
3. Promote the BDC to a PDC,...which should cause your oringinal existing
PDC to demote to a BDC. Then remove the BDC (original server) from the
domain the same way you would correctly remove any BDC from an NT40 domain.
You can always restore it from the "image" I mentioned above if something
goes wrong.
4. Now install Server2003 "over the top" of the NT40. Now you have a
Windows 2003 Domain,...sort of...
5. Raise the Domain Functional Level to "Native Server 2003 Mode". Now you
have a real Windows 2003 Domain.
6. Build/Load the new server with the new Server 2003 and join it to the
Domain as a Member server. Be sure that DNS is installed on it. Then run
"DCPromo" to promote it to a Domain Controller of an "existing Domain". You
may have to manually make the new DC a Catalog Server.
7. Run DCPromo on the Temp DC and demote it down to a member server. The
FSMO Roles should automatically transfer during the Demotion. Now remove it
from the Domain.
8. Basically all done,...the users never knew anything happened.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
"PM" <(E-Mail Removed)> wrote in message
news:F0E6DA93-3ECE-4821-8117-(E-Mail Removed)...
>I am having an error posting to Windows Server 2003 Setup Newsgroup for
>some
> reason..
>
> I am performing some research on this migration and am uncertain of a
> particular thing:
>
> We're moving from a Windows NT4 Domain to a new Windows Server 2003
> domain.
> The NT4 Server does not have the specs to handle server 2003, and I'd like
> to
> leave it 'as-is' in case of a problem.
>
> So, we'll be replacing this NT4 server with a new 2003 domain controller.
> I
> found that the ADMT will be needed to move the user accounts over.
>
> Here is my question: Since this will technically be a NEW domain, will
> the
> PCs need to be unjoined from the NT4 domain and joined to the new domain?
> If
> so, since we're using ADMT, will the users' current profiles be untouched
> when they log into the new domain? I'm just curious as to why the ADMT
> would
> be preferred over just building a new domain from scratch. Can someone
> please help me?
>
> PM
Similar Threads
Linear Mode
