Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Nt 4.0 domain migration to AD

Status
Not open for further replies.

KingE

MIS
Joined
Nov 4, 2002
Messages
39
Location
US
I am working out on upgrading our NT4.0 domain to win2k AD and have come accross a couple of problems.

Our NT domain has a _ 'underscore' in it (ie abc_def)and as AD is DNS resolved I have been unable to run any migration tool to move everything into a new empty AD. The migration tool throws up an invalid adsi pathname and refers to the domain with the underscore.

To get around this I thought I'd make a second bdc take it offline and promote to pdc. This worked fine. Then upgrade to win2k server and give it a new domain name during upgrade. This worked in that I managed to add a dns domain for AD to work but it still has the netbios domain name for logon etc. Moved into native mode and I still get the same error. I can logon either netbios or dns domain. It see's the netbios domain name in the migration tool and not the dns domain name.


I need to migrate as I have a large exchange 5.5 database that needs to be carried over with the migration/upgrade and I want to get rid of this underscore.

Does anyone have any suggestions or tryouts as I have a few spare machines to work this one out with.

 
You're trying to move users from an NT4 domain to a pristine 2K/AD domain, rather than upgrading an existing NT4 directly to 2K/AD, yes?

Can you establish a trust relationship between the new 2K/AD domain and the old NT4? If you do that, you can use 'addusers' to dump the user list from NT4 and rebuild it in 2K/AD. Use a 2-way trust to assign permissions to folders to both of the users accounts. Once the users are told to log in to 2K/AD, get rid of or disable the old NT4 account.

As far as mail goes, it is possible to bring up 2 Exchange servers that are in different domains in the same Exchange site. I don't know if the underscore will give you problems, but you could move mailboxes that way. Just pick the new account as the primary account for the mailbox when you switch accounts. You could also use the directory import/export tools in conjuction with Exmerge, which works very well.

hope this helps,
-gbiello
 
Yikes! You just made me realize a few of our departments are going to cause us problems when we upgrade their servers to AD.

This probably won't work, because it sounds like your migration tool is complaning, not the AD DC... But using bind9 for your DDNS might help. Here's some background and facts I found:

The DNS specs don't allow an underscore, but MS-DNS uses underscores in all it's AD names. For example, a server called dc.microsoft.com will register dc._msdcs.microsoft.com with the DNS. I use Berkeley DNS, and I had to upgrade to get support for underscores. Shortly after the release of Win2000, the bind maintainers decided to add an option to support underscores, even though it's not spec. (Otherwise, everyone who sets up AD would need to switch to MS-DNS!)

I always assumed that MS just ignored the specs, and allowed underscore in their DNS server because they didn't know any better. Maybe it's more complicated... Maybe they looked at the spec, saw underscore was illegal, and decided to use underscore in MS-DNS to keep track of AD specific name stuff.
 
Thanks for the quick response.

Yes I do want to migrate from an NT4.0 to a new AD. If the domain had no underscore it wouldn't have been a problem.

I don't think addusers maintains sid history which I will need to keep. Is there something for groups and computers lists too?

What about if I redo the bdc, take offline and promote to pdc, run w2k upgrade but add it as a child domain of a running AD and then move all across to the root or another child. Would this work?, is this possible? I'm going to play with the trusts thing but its users/groups/computers that need to be moved, file/print resources are on netware servers.

I have the exchange covered as I will run the 5.5 with an AD connector and then bring up a new exch2000 server and you can drag and drop mailboxes across.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top