It's a concern that needs to be taken into account. However, the reason that I stand up a Windows NT BDC is to synch with the AD and be sure that I've collected all of the domain security principals. [1]
Mixed-mode is the trick, as it insures that we are still in a mode in which a NT 4.0 BDC will communicate with our Win2k DCs. It'll get most things - not absolutely everything, but it's better than having to recreate all of the security principals. Rick [1] In fact - one step that I missed was to actually stand up BDC's, taking number two offline and locking it away in a safe - just in case something goes horribly wrong - then I have a backout.... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Thursday, June 16, 2005 8:40 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Migration between domains with same NetBios name Hi Rick, The only problem I can see with using your method is if he has new accounts and groups that have been created in his existing AD domain, if that is the case then the method that your proposing will not work as it will delete those AD objects. What Guido fails to mention so that we can best determine which migration path he should take is how many users, groups and machine accounts is he migrating from the NT4 Domain to the AD domain and how large is the AD domain. If the NT4 domain has only several member servers then I concur with Jorge's number 2 suggestion as it sounds like the best choice. Either way this migration is going to have to be done after business hours. I would start the migration on a Friday late afternoon and plan on being up all night. If all goes well you'll have Saturday and Sunday to relax. If not I hope his manager will give him time off to recuperate ( I rather have the time off then a small bonus any day ). Peace, Jose :-) -------------------------------------------------------- -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Rick Kingslan Sent: Thursday, June 16, 2005 5:07 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Migration between domains with same NetBios name Guy, Though it might seem trivial, it's not really easy in any way. If you're not in mixed-mode, or have child domains - forget it (IIRC). You've passed the last bastion of 'easy' in a hard process. The way to do this, and not have tons of lingering issues is to demote all other DCs back to members, stand up a NT 4.0 machine as a BDC in your domain. Demote the last Win2k DC. Change the Win NT 4.0 to be the PDC. Rename the domain. Now you can upgrade the NT 4.0 PDC to the first DC in your new Win2k forest - but it now has the right NetBios domain name. DCPromo all of the other DC 'members' in the domain. It's a royal PITA. I've had to do this a few times in the early days of Win2k as some of my rollouts had last minute (or better - last minute +5 minutes) changes from upper Management in naming. Rick _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guy Teverovsky Sent: Thursday, June 16, 2005 6:14 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Migration between domains with same NetBios name Guido, How about: 1) rename the NetBios name of the target AD 2) perform the migration 3) rename the NetBios name of the AD back to the original Because you are changing only NetBios name and not the DNS name, the fixups at the AD side are rather minor... Or are we talking about target AD being already production and/or W2K ? Guy _____ From: [EMAIL PROTECTED] on behalf of Grillenmeier, Guido Sent: Thu 6/16/2005 8:43 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Migration between domains with same NetBios name Here is a nice one - I've done quite a few migration with all kinds of scenarios, so I hardly ask questions around this topic. But when migrating from one NT4 domain to an AD domain which both have the same NetBios names, various issues and potential conflicts come to mind and I wonder if others had to do this in the past, who could share their experience. Think about an existing NT4 domain called CORP and another existing AD domain called CORP (with DNS=copr.company.com). And now you need to migrate all users and resources from the NT4 CORP to the AD CORP and place AD DCs into the same sites as the exising NT4 DCs... I can imagine various challenges, besides not being able to setup a trust and thus loosing various options for doing a "normal" migration. At least I have no need to register the AD domain in WINS; all clients are XP, but I know for sure that I'm going to run into various other issues (the worst one being that the account activation and the resource migration has to happend instantaneously, since resource access won't be possible accross the domains). But I'm also thinking of networking issues with and NT4 DC of the one and an AD DC of the other domain in the same ip-subnet... I wonder how others have tackled this challenge and what issues you ran into. /Guido List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
