Migration for NT 4.0 to Windows Server 2008 Domain Controller

Discussion in 'Server Migration' started by Ray Chiang, Jun 5, 2008.

  1. Ray Chiang

    Ray Chiang Guest

    Hi,

    Is possible to upgrade NT 4.0 to Active Directory 2008?

    Thank you,

    Ray
     
    Ray Chiang, Jun 5, 2008
    #1
    1. Advertisements

  2. Hello Ray,

    Not supported if i understand this correct:

    Install a new Windows Server 2008 forest
    When you install AD DS to create the first domain controller in a new Windows
    Server 2008 forest, keep the following considerations in mind:

    . You must make forest and domain functional level decisions that determine
    whether your forest and domain can contain domain controllers that run Microsoft
    Windows® 2000 Server, Windows Server 2003, or both.

    . Domain controllers running the Microsoft Windows NT® Server 4.0 operating
    system are not supported with Windows Server 2008.

    . Servers running Windows NT Server 4.0 are not supported by domain controllers
    that are running Windows Server 2008.

    . The first Windows Server 2008 domain controller in a forest must be a global
    catalog server and it cannot be an RODC.



    Best regards

    Meinolf Weber
     
    Meinolf Weber, Jun 5, 2008
    #2
    1. Advertisements

  3. Hello Ray,

    Just to make it more understandable, you can ofcourse upgrade to server 2003
    SP1(minimum OS needed) domain and then to 2008.

    Best regards

    Meinolf Weber
     
    Meinolf Weber, Jun 5, 2008
    #3
  4. Hello Ray,

    Thanks for using newsgroup.

    What Meinolf said is correct. We cannot directly upgrade Windows NT4.0
    domain to Windows Server 2008 domain.

    In order to smoothly upgrade the domain, here are two recommended upgrade
    routes for your reference.

    Route 1.

    A. Upgrade Windows NT 4.0-Based PDC to Windows Server 2003-Based domain
    controller.

    For more detail steps, please refer to:

    How To Upgrade a Windows NT 4.0-Based PDC to a Windows Server 2003-Based
    Domain Controller
    http://support.microsoft.com/kb/326209

    Moving from Windows NT 4.0 Server to Windows Server 2003
    http://download.microsoft.com/download/2/c/3/2c3cc747-a843-4a23-b665-8bd62fa
    bbc1e/How-to-Migrate-from-NT-to-WS2003.pdf

    B. Then upgrade Windows Server 2003 based domain to Windows Server 2008
    domain.

    For more detail steps, please refer to:

    Upgrading Active Directory Domains to Windows Server 2008 AD DS Domains
    http://technet2.microsoft.com/windowsserver2008/en/library/9c91be5f-df14-40b
    2-b176-2b1852a51e611033.mspx?mfr=true

    Route 2.

    We may also use ADMT 3.1 to migrate from Windows NT 4.0 source domain to
    Windows Server 2008 domain.

    Since ADMT 3.1 Beta has been available for public evaluation. If you are
    interested, please refer to the steps provided in the following below link
    to apply for ADMT 3.1 Beta.

    ADMT 3.1 Beta
    http://blogs.technet.com/ad/archive/2008/04/22/admt-3-1-beta.aspx

    Hope it helps.

    David Shen
    Microsoft Online Partner Support
     
    David Shen [MSFT], Jun 6, 2008
    #4
  5. Ray Chiang

    Ray Chiang Guest

    Hi David,

    Thank you for your information.
    Do you mean that I cannot use in-place upgrade method for doing a migration,
    but I can build a new forest and use ADMT to migrate the user's accounts?

    If route 2 is ok, this is a great news for me. It is because my company
    would like to change a domain name, so I plan to use ADMT for doing a
    migration also.

    BR
    Ray
     
    Ray Chiang, Jun 6, 2008
    #5
  6. Hello Ray,

    Yes, that's right. With ADMT you can completely move the old domain content
    to a new named one.

    Best regards

    Meinolf Weber
     
    Meinolf Weber, Jun 6, 2008
    #6
  7. Ray Chiang

    Ray Chiang Guest

    thank you. ^^

     
    Ray Chiang, Jun 7, 2008
    #7
  8. Hello Ray,

    What Meinolf said is right. You can migrate domain resource with ADMT from
    the old domain to the new domain.

    For you convenience, I have list a ADMT migration guide just for your
    reference.

    ADMT v3 Migration Guide
    http://www.microsoft.com/downloads/details.aspx?FamilyID=d99ef770-3bbb-4b9e-
    a8bc-01e9f7ef7342&DisplayLang=en

    Hope it helps.

    David Shen
    Microsoft Online Partner Support
     
    David Shen [MSFT], Jun 9, 2008
    #8
  9. Ray Chiang

    Ray Chiang Guest

    Hi David,

    Does only ADMT v3.1 is able to support a migration from NT4.0 to 2008 DC?

    BR
    Ray
     
    Ray Chiang, Jun 10, 2008
    #9
  10. David Shen [MSFT], Jun 10, 2008
    #10
  11. Hello Ray,

    I am just writing to see how everything is going. If you have any updates
    or need any further assistance on this issue, please feel free to let me
    know. I am glad to be of assistance.

    David Shen
    Microsoft Online Partner Support
     
    David Shen [MSFT], Jun 13, 2008
    #11
  12. Ray Chiang

    Ray Chiang Guest

    Hello David,

    I may use route 1 for doing a migration. I will upgrade NT domain to 2003DC
    in first phase and upgrade to 2008DC once 2003DC was working properly

    I would like to ask for more information for this migration.
    My company was running “PDC + Exchange 5.5†in same server. The hardware of
    PDC is not support for doing in-place upgrade. I cannot install the other BDC
    for doing in-place upgrade because Exchange 5.5 was installed on PDC.
    Therefore, I plan to use ADMT for doing a migration. However, I am not sure a
    sequence for upgrading a NT 4.0 and exchange 5.5 to AD 2003 and exchange 2003.
    Could you please give me some advice?

    Thank you.
    Ray
     
    Ray Chiang, Jun 15, 2008
    #12
  13. Hello Ray,

    According to the description, this migration issue seems to be related to
    Exchange

    Here is Windows Server Migration newsgroup and we mainly focus Windows
    Server side migration issues here.

    However, you are welcome to post Exchange related questions to our Exchange
    queues:

    Public.microsoft.exchange.admin

    The engineers and newsgroup members there are more experienced on
    Exchange-related issues, and should be able to provide you with suggestion
    on the Exchange related issue.

    Having said the above, I would like to share some knowledge with you.

    Common Mistakes When Upgrading Exchange 5.5/2000 To a Exchange 2003
    http://support.microsoft.com/kb/555262

    Considerations When You Upgrade to Exchange Server 2003
    http://support.microsoft.com/kb/822942

    Hope all the information will be helpful for you.

    Thanks for your understanding.

    David Shen
    Microsoft Online Partner Support
     
    David Shen [MSFT], Jun 16, 2008
    #13
  14. Ray Chiang

    Ray Chiang Guest

    Hi David,

    Thank you.

    BR
    Ray
     
    Ray Chiang, Jun 16, 2008
    #14
  15. Hi Customer,

    It seems there are multiple issues posted in this thread. Generally, we
    request one question per post in the newsgroups. In order to concentrate
    fully on each of these issues and provide clarity for others that may be
    following here, we ask that you post them as separate threads.

    In that way each issue can receive full attention from the Support
    Professional to whom it is assigned. This will also make the thread more
    clear and consistent for your reference. Please feel free to open different
    posts for these questions. We will be very glad to work with you.

    Thank you for your patience and understanding.

    David Shen
    Microsoft Online Partner Support
     
    David Shen [MSFT], Sep 9, 2008
    #15
  16. Hi saji,

    According to the description, you have migrated Windows NT 4.0 domain to
    Windows Server 2003 domain, which is a single label domain. And you want to
    migrate the single label domain to Windows Server 2008 domain, meanwhile
    you wish to preserve the file service on Windows NT 4.0. If I have some
    misunderstanding, please feel free to let me know.

    Analysis and Suggestion
    =====================

    As you descript, you are using Windows NT 4.0 file server and Windows
    Server 2003 after migration domain to Windows Server 2003 system. For the
    Windows NT 4.0 file server, I would like to suggest that you first migrate
    the file server to the Windows Server 2003 computer, and then perform the
    domain migration from the single label Windows 2003 domain to Windows
    Server 2008 domain. Afterwards, you may preserve the file service on the
    Window Server 2003 computer.

    For more detailed steps about migration file server, please refer to
    (05_Chapter_4_NT4FilePrint.doc) in the following link

    Migrating from Windows NT Server 4.0 to Windows Server 2003
    http://www.microsoft.com/downloads/details.aspx?FamilyID=e92cf6a0-76f0-4e25-
    8de0-19544062a6e6&DisplayLang=en

    Please perform a domain migration via ADMT v3.1 from the source Windows
    2003 domain to the target Windows 2008 domain.

    You can download this ADMT toolkit from the following link:

    Active Directory Migration Tool version 3.1
    http://www.microsoft.com/downloads/details.aspx?FamilyID=ae279d01-7dca-413c-
    a9d2-b42dfb746059&displaylang=en

    Migrating and Restructuring Active Directory Domains Using ADMT v3.1
    http://www.microsoft.com/downloads/details.aspx?familyid=6D710919-1BA5-41CA-
    B2F3-C11BCB4857AF&displaylang=en

    The Password Export Server version 3.1 (PES v3.1) enables password
    migrations during account migrations in an Active Directory Domain Services
    infrastructure. It can be downloaded from the following links:

    Password Export Server version 3.1 (x32)
    http://www.microsoft.com/downloads/details.aspx?familyid=F0D03C3C-4757-40FD-
    8306-68079BA9C773&displaylang=en

    Password Export Server version 3.1 (x64)
    http://www.microsoft.com/downloads/details.aspx?familyid=5B4E5C61-1C00-4DA7-
    9C0D-130200AED21A&displaylang=en

    Hope it helps.

    David Shen
    Microsoft Online Partner Support
     
    David Shen [MSFT], Sep 10, 2008
    #16
  17. Hi Saji,

    Sorry for my late reply.

    According to my research, we can establish the trust relationship between
    Windows NT4 to Windows 2008. Before we establish the trust, we need to
    changes the security setting in one GPO that is shown below:

    Make sure that the following settings are configured:

    RestrictAnonymous and RestrictAnonymousSam:Network access: Allow anonymous
    SID/Name
    translation ENABLED
    Network access: Do not allow anonymous enumeration of SAM accounts
    DISABLED
    Network access: Do not allow anonymous enumeration of SAM accounts and
    shares
    DISABLED
    Network access: Let Everyone permissions apply to anonymous users
    ENABLED
    Network access: Named pipes can be accessed anonymously ENABLED
    Network access: Restrict anonymous access to Named Pipes and shares
    DISABLED
    LM Compatibility:Network security: LAN Manager authentication level "LM &
    NTLM
    responses" or "Send LM & NTLM - use NTLMV2 session security if negotiated"
    SMB Signing, SMB Encrypting, or both:Microsoft network client: Digitally
    sign
    communications (always) DISABLED
    Microsoft network client: Digitally sign communications (if server agrees)
    ENABLED
    Microsoft network server: Digitally sign communications (always) DISABLED
    Microsoft network server: Digitally sign communications (if client agrees)
    ENABLED
    Domain member: Digitally encrypt or sign secure channel data (always)
    DISABLED
    Domain member: Digitally encrypt secure channel data (when it is possible)
    ENABLED
    Domain member: Digitally sign secure channel data (when it is possible)
    ENABLED
    Domain member: Require strong (Windows 2000 or later) session key
    DISABLED

    For more reference, please refer to:

    Trust between a Windows NT domain and an Active Directory domain cannot be
    established or it does not work as expected
    http://support.microsoft.com/?id=889030

    Hope it helps.

    David Shen
    Microsoft Online Partner Support
     
    David Shen [MSFT], Sep 16, 2008
    #17
  18. Hi saji,

    Yes. This Microsoft KB artical should aslo applied to Windows Server 2008

    Trust between a Windows NT domain and an Active Directory domain cannot be
    established or it does not work as expected
    http://support.microsoft.com/?id=889030

    Hope it helps.

    David Shen
    Microsoft Online Partner Support
     
    David Shen [MSFT], Sep 17, 2008
    #18
  19. why not start the migration from the beginning? Or are users and computers
    already in W2K3 AD?

    If it is just ONE W2K3 DC you have you might as well RENAME the AD domain
    AFTER having creating a FULL backup of the W2K3 DC


    --

    Cheers,
    (HOPEFULLY THIS INFORMATION HELPS YOU!)

    # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

    BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
     
    Jorge de Almeida Pinto [MVP - DS], Sep 27, 2008
    #19
  20. Hello Jorge,

    Thanks for the knowledge sharing.

    David Shen
    Microsoft Online Partner Support
     
    David Shen [MSFT], Sep 29, 2008
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.