legacy OS or applications 2008 DC

Discussion in 'Active Directory' started by sawyer, Jan 7, 2010.

  1. sawyer

    sawyer Guest

    Hello

    Does anyone know of any legacy OS (unix,linux) or applications (TFS) that
    might now be able to authenticate to a windows 2008 DC. The reason I ask is
    because we are in the proccess of upgrading our last 2003 DC to 2008, and we
    had to hold off on upgrading this particular DC, because of an issue with an
    appliance called "datadomain" We recently upgraded the OS of the datadomain
    appliance so it will now work with a 2008 DC, but we are taking the prudent
    step because of this and want to know if there are any known issues or if
    someone reading this post has run into issues with an appliance, legacy OS
    or application after upgrading a DC to 2008?

    Many thanks
     
    sawyer, Jan 7, 2010
    #1
    1. Advertisements

  2. I'm sure there are plenty. That is why you have to test and verify. Check
    with your vendors for any issues.

    In your situation if you feel you have done you due dilligence then, don't
    do anything to the dc other than shut the system down for a week and see if
    anything breaks. Since you have already extended the schema you don't have
    to worry about that and raising the doamin and/or forest level shouldn't be
    an issue since there isn't much that is happening, so I think shutting the
    system down would be a good last step prior to upgrading. Hopefully this
    isn't the fsmo master for any of the roles. If so transfer these prior to
    the shutdown to be safe.

    --
    Paul Bergson
    MVP - Directory Services
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, 2003, 2000 (Early Achiever), NT4
    Microsoft's Thrive IT Pro of the Month - June 2009

    http://www.pbbergs.com

    Please no e-mails, any questions should be posted in the NewsGroup This
    posting is provided "AS IS" with no warranties, and confers no rights.
     
    Paul Bergson [MVP-DS], Jan 8, 2010
    #2
    1. Advertisements

  3. sawyer

    sawyer Guest

    yes this DC if the main FSMO role holder, so cant shut it down, but thanks
    for the suggestion
     
    sawyer, Jan 8, 2010
    #3
  4. It can be shutdown for a couple of days. it shouldn't be the FSMO PDCe if
    you are running 2008 dc's anyways. As a matter of fact they should all be
    moved to 2008.

    --
    Paul Bergson
    MVP - Directory Services
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, 2003, 2000 (Early Achiever), NT4
    Microsoft's Thrive IT Pro of the Month - June 2009

    http://www.pbbergs.com

    Please no e-mails, any questions should be posted in the NewsGroup This
    posting is provided "AS IS" with no warranties, and confers no rights.
     
    Paul Bergson [MVP-DS], Jan 8, 2010
    #4
  5. sawyer

    Revenger Guest

    Hi sawyer!

    Well, a fellow admin of mine had a nasty time when he upgraded all the DCs
    to 2008 with a NAS storage device (SMB storage device) which works with AD
    to authenticate the users.

    After upgrading all the DCs to 2008 the NAS device couldn't authenticate
    with AD anymore, and he couldn't get to the data on the NAS.

    NAS device used older cryptography algorithms to authenticate, and the new
    2008 DC's have a policy Allow cryptography algorithms compatible with
    Windows NT 4.0 set to Not Configured, and they won't allow authentication.
    Anyhow, the link is here:

    http://support.microsoft.com/default.aspx?scid=KB;EN-US;942564

    All in all, he had to promote the old W2k3 server back, make a backup of
    the data on the NAS device (which could now authenticate with the 2003 DC),
    and then demote the DC again.

    Hope this helps someone ...
     
    Revenger, Jan 9, 2010
    #5
  6. sawyer

    sawyer Guest

    this is the kind of stuff that worries me, thanks for the info!
     
    sawyer, Jan 11, 2010
    #6
  7. We haven't upgraded our AD due to diligence required to test the SAN and AD
    2008. There is a matrix for the firmware that must be followed. If you
    don't properly test, you can't hold anyone else accountable.

    Test, Test, Test...

    --
    Paul Bergson
    MVP - Directory Services
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, 2003, 2000 (Early Achiever), NT4
    Microsoft's Thrive IT Pro of the Month - June 2009

    http://www.pbbergs.com

    Please no e-mails, any questions should be posted in the NewsGroup This
    posting is provided "AS IS" with no warranties, and confers no rights.
     
    Paul Bergson [MVP-DS], Jan 11, 2010
    #7
  8. sawyer

    Jorge Silva Guest

    Hi
    I not follow Paul's suggestion and create a lab for that, take note of the
    most common issues an their resolutions.

    --

    I hope that the information above helps you.
    Have a Nice day.

    Jorge Silva
    MVP Directory Services

    Please no e-mails, any questions should be posted in the NewsGroup
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Jorge Silva, Jan 11, 2010
    #8
  9. sawyer

    Revenger Guest

    I couldn't agree with you more ... The lack of testing led to the problem,
    but still, that was a lesson. All lessons come at a price, this one only
    costed some time and some nerves :)
     
    Revenger, Jan 12, 2010
    #9
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.