PDC BDC

[people2]

hi

I'm about to add a new nt4 pdc to the domain. I am going to build the new server as a bdc and then promote it to the PDC.

However i would like the old PDC to stay up and running ready to copy data across.

Which server will users validate off and if i remover the roming profiles of the old PDC will users automatically validate of the new PDC as the logon scripts state %Logonserver% . So i must get users to validate of the new server as soon as it is up

cheers

 

[ShackDaddy]

If you don't turn the old server off after you do the promotion, it will continue to authenticate logons. The location of roaming profiles won't change where the clients do authentication. It will just determine whether the users are able to get their profiles. You have to configure the proper roaming profile location in UserManager for each user if you are going to move them. Treat profile loading and authentication as two completely different operations that are configured separately. To designate a specific server for logon and policies, you may need to create a system policy using Poledit that sends the clients to a specific server. Without such a policy, authentication will be more or less random, if both servers are local to the clients. Profile loading is not random, it loads it from the profile path.

%Logonserver% is not a good variable to use if you have more than one domain controller, unless you are somehow managing to keep a copy of the profile current on each of the domain controllers. Rather than trying to come up with some funky way of replicating that data, I recommend that you change the variable to reflect the servername you are going to use for profile storage.

ShackDaddy

 

[rjbj]

Also Don't forget to enable Replication on the new server just in case you make a logon script to map a drive to that server, or take down the old server and keep the new one. Directory replication will make it easier for you to do that.

 

[Guest_imported]

I would like to transfer several user accounts (including their properties for their groups and permissions on their shared folders) from one domain to another.

Is there a simple/quick/error-free/etc process that can be used or do I have to individually create all the accounts and properties again on the new PDC? (Both PDC's run NT Server 4).

Thanks

 

[rjbj]

Try copying the SAM file from the PDC where the User Accounts reside to the PDC of the other Domain. The SAM is located in %SYSTEMROOT%\SYSTEM32\CONFIG\SAM. Now, I would only do this if there are no user accounts on the other domain.

 

[ShackDaddy]

I highly doubt that rjbj's method would work. The SAM is stamped with the domain's SID, which is unique, even if the domain names are the same. The SID is recorded in other places besides the SAM and it would be very difficult to find all the locations and change the SID strings.

You want to use the "ADDUSER.EXE" app that comes with the NT Resource Kit. Read the documentation on it, and you will see that it's fairly simple to use. The basic process is as follows: suck the list of users and their settings from the SAM to a text file, then upload from the text file to the new domain. Command-line switches used with the ADDUSER.EXE app control which direction the migration is going and what options are being used. Note that passwords are not migrated, so all the passwords would initially be the same on the new domain after the migration. Just set the accounts to change password on first logon, and you are set.

ShackDaddy

 

[rjbj]

I learned something too. Thanks.