New Windows 2000 AD Server to replace existing Windows NT Server PDC

New Windows 2000 AD Server to replace existing Windows NT Server PDC

Post by Julian Are » Fri, 06 Dec 2002 07:47:53



We are trying to replace a Windows NT Server PDC with a
Windows 2000 Server.  The PDC is the only NT Server in the
existing domain.

We want to migrate the SAM information from the PDC into
Active Directory in the new server.  The old server will
then be discarded.

We do not want to go through the trouble to upgrade the
old server to Windows 2000 Server first.  For the
migration, both the Windows NT and Windows 2000 servers
would be active.

I guess the basic question is, is there a way to migrate
SAM (accounts, groups) data from a Windows NT 4 PDC over a
network to a Windows 2000 AD controller?

 
 
 

New Windows 2000 AD Server to replace existing Windows NT Server PDC

Post by Danny Sander » Fri, 06 Dec 2002 07:54:25


You can remove Win 2k from the new server and install NT 4.0 on it as a BDC
while connected to your existing network, promote to PDC then upgrade to Win
2k and AD.

hth
DDS W 2k MVP MCSE


Quote:> We are trying to replace a Windows NT Server PDC with a
> Windows 2000 Server.  The PDC is the only NT Server in the
> existing domain.

> We want to migrate the SAM information from the PDC into
> Active Directory in the new server.  The old server will
> then be discarded.

> We do not want to go through the trouble to upgrade the
> old server to Windows 2000 Server first.  For the
> migration, both the Windows NT and Windows 2000 servers
> would be active.

> I guess the basic question is, is there a way to migrate
> SAM (accounts, groups) data from a Windows NT 4 PDC over a
> network to a Windows 2000 AD controller?


 
 
 

New Windows 2000 AD Server to replace existing Windows NT Server PDC

Post by Lukas » Fri, 06 Dec 2002 09:11:06


It may be possible, though I do not know how to do it
having never used NT4 Server. However, even if you could,  
it is infinite times better to just type the users and
groups in again. NT4 Server stores users and groups in a
completely different way than Windows 2000 Server. More
importantly, the permissions used by NTFS (NT File System)
Version 5.0 (which comes with Windows 2000) are very
different than previous versions of NTFS used by previous
versions of Windows and if you import your users and
groups, the permissions will be all screwed up.

If you do not have permissions set on domain objetcs
(shared folders, printers, etc.) used by your domain users
now, and restricting the access of your domain users to
domain objetcs is not very important to you (as in very
small compainies with non-sensitive information shared on
the domain), depending on how many users and groups you
have, if its possible, of course, it may be easier for you
to just import the users.

If it were me, though, becuase the security of my shared
files is VERY IMPORTANT, unless I had in excess of 2,000
users, I would not even think of importing.

I hope that helped.

 
 
 

New Windows 2000 AD Server to replace existing Windows NT Server PDC

Post by RoGu » Fri, 06 Dec 2002 13:20:01


It can be done fairly easy.  We did it with our company.  Moved
accounts/groups from 28 NT domains into 1 AD.  Use a tool called Active
Directory Migration Tool.  Here is a link to a microsoft webcast on using
the tool.  basically it migrates the account/groups and creates what is
called a SID history.
http://support.microsoft.com/servicedesks/Webcasts/WC082301/wcblurb08...
p


Quote:> It may be possible, though I do not know how to do it
> having never used NT4 Server. However, even if you could,
> it is infinite times better to just type the users and
> groups in again. NT4 Server stores users and groups in a
> completely different way than Windows 2000 Server. More
> importantly, the permissions used by NTFS (NT File System)
> Version 5.0 (which comes with Windows 2000) are very
> different than previous versions of NTFS used by previous
> versions of Windows and if you import your users and
> groups, the permissions will be all screwed up.

> If you do not have permissions set on domain objetcs
> (shared folders, printers, etc.) used by your domain users
> now, and restricting the access of your domain users to
> domain objetcs is not very important to you (as in very
> small compainies with non-sensitive information shared on
> the domain), depending on how many users and groups you
> have, if its possible, of course, it may be easier for you
> to just import the users.

> If it were me, though, becuase the security of my shared
> files is VERY IMPORTANT, unless I had in excess of 2,000
> users, I would not even think of importing.

> I hope that helped.

 
 
 

New Windows 2000 AD Server to replace existing Windows NT Server PDC

Post by RoGu » Fri, 06 Dec 2002 13:44:16


link to ADMT.
http://www.microsoft.com/windows2000/downloads/tools/ADMT/default.asp


Quote:> It can be done fairly easy.  We did it with our company.  Moved
> accounts/groups from 28 NT domains into 1 AD.  Use a tool called Active
> Directory Migration Tool.  Here is a link to a microsoft webcast on using
> the tool.  basically it migrates the account/groups and creates what is
> called a SID history.

http://support.microsoft.com/servicedesks/Webcasts/WC082301/wcblurb08...
> p



> > It may be possible, though I do not know how to do it
> > having never used NT4 Server. However, even if you could,
> > it is infinite times better to just type the users and
> > groups in again. NT4 Server stores users and groups in a
> > completely different way than Windows 2000 Server. More
> > importantly, the permissions used by NTFS (NT File System)
> > Version 5.0 (which comes with Windows 2000) are very
> > different than previous versions of NTFS used by previous
> > versions of Windows and if you import your users and
> > groups, the permissions will be all screwed up.

> > If you do not have permissions set on domain objetcs
> > (shared folders, printers, etc.) used by your domain users
> > now, and restricting the access of your domain users to
> > domain objetcs is not very important to you (as in very
> > small compainies with non-sensitive information shared on
> > the domain), depending on how many users and groups you
> > have, if its possible, of course, it may be easier for you
> > to just import the users.

> > If it were me, though, becuase the security of my shared
> > files is VERY IMPORTANT, unless I had in excess of 2,000
> > users, I would not even think of importing.

> > I hope that helped.