Hello JSmith,
See inline.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!
http://www.blakjak.demon.co.uk/mul_crss.htm
> We currently have an NT4 domain but are looking at making the jump to
> Server 2008 R2, A/D, etc. but we have some limitations on what can be
> upgraded so I need some advice. Here is our current configuration:
>
> * NT4 PDC and BDC
> * All user workstations are Win XP SP3
> * All file servers except for the PDC and BDC are Server 2003 Std
> * There are about 10 process control workstations running Windows
> 2000. These can _NEVER_ change.
> * There are a hundred or so NT4 workstations. These can _NEVER_
> change.
> * A few Linux systems that are running SAMBA and use the NT4 domain
> for authentication.
> From what I've read it looks like I have two options:
>
> 1. Get rid of the NT4 domain altogether and join the old NT4
> workstations to the 2008R2 domain.
One option, where you will use everything of the existing domain, user/group
accounts, preconfigured permissions on data etc. Think you will not really
want this? Upgrade the NT4 domain to Windows server 2003 Active directory
domain and then go on with migration to Windows server 2008 R2. This way
you can keep the domain configuration, except the system policies from NT4.
One option to keep in mind is the domain name, in NT4 very often is used
a single label domain name like DOMAIN, hopefully your is in the FQDN format
like DOMAIN.COM, if not you can use either domai rename(requires functional
level Windows server 2003) or ADMT to change the name and keep all preconfigured
settings.
> 2. Create a new 2008R2 domain, add all the computers except the NT4
> systems to it. Create a trust between the new A/D domain and the NT4
> domain.
Maybe in your case an option but still requires creating of all user/group
accounts new, users will use there profile settings, passwords etc.
> I would prefer the first option but am unsure of all the possible
> problems. I have read about possible problems with NT4 authentication
> in a 2008R2 domain even when the "allow NT4 encryption" is selected.
To use NT4 in a 2008 domain and higher see here:
http://support.microsoft.com/?kbid=942564
http://support.microsoft.com/kb/288358
http://support.microsoft.com/kb/555038
http://support.microsoft.com/?kbid=946405
http://technet.microsoft.com/en-us/l...54(WS.10).aspx
http://social.technet.microsoft.com/...-5738b3a5d5d1/
> Also, I am unsure whether or not I can enable all A/D features to
> manage the 2000/XP/2003/2008 computers when there are any NT4
> computers present in the domain. Also, I plan on migrating all the
> 2003 servers to 2008R2.
Strong advise, even you don't like it, get rid of the NT4 machines, you will
run into trouble, also there is no support since some years.
NT4 of course is not capable of AD or GPOs coming with Windows server 2000.
This will not have any influence of managaing the higher OS version with
GPOs from GPMC.
System policies as used in NT4 where not that user friendly as they do a
tattooing of the registry. So each setting has to be removed manual instead
of using GPOs, where most of the settigns change if you move the machine
to another OU.
New features coming with Windows 2008 R2 belong on the functional levels
of Active directory, which rely on the OS of the DCs. See here for more details:
http://technet.microsoft.com/en-us/l...32(WS.10).aspx
Do you have any additional applications running like Exchange, SQL etc.?
Also for this you have to plan migration.
> Any advice would be appreciated.
>
Similar Threads
Linear Mode
