W2K In Place Upgrade steps 2

[Redfox1]

I'd like to know if the following steps are ok as far as performing an in place upgrade.

Also,
Is it OK if I were to remove a BDC, and replace it with a new server with a DIFFERENT name but use the SAME IP? Would that cause any problems/confusions in WINS?

General idea:

Current configuration:
MachineA: NT 4.0 PDC, Primary DNS, 1st WINS, DHCP server
MachineB: NT 4.0 BDC, 2nd WINS
MachineC: W2K DC (upgraded from MachineB)
MachineE: NT 4.0 Member: Secondary DNS

1. Shutdown all PCs and NT Servers except for MachineA & B
2. Force a domain syncronization from the PDC (Machine A)
3. Stop DHCP, Anti-Virus, Backup Exec agent, Directory Replicator & IIS 4.0 on MachineA
4. Promote MachineB to PDC then power it off (This is done for backup purposes)
5. Promote MachineA back to a PDC; (MachineB is not on the network at this time.)
6. Replace MachineB physically with MachineC (Upgrade server to a faster box.)
7. Machine C: Install NT 4.0 as a BDC (Should I use the same IP as MachineB used to have or a new one?)
8. Install RAS, DNS, DHCP, WINS during this setup on MachineC
9. Switch Primary and Secondary DNS servers (The new Primary DNS would be upgraded to W2K)
10. Test RAS, WINS, DNS & DHCP on MachineC
11. Promote MachineC to be the PDC
12. Create a recovery disk & backup server for all servers.
13. Upgrade MachineC to W2K as the FIRST DC - Forest Root for "domain.com"
14. Automatically run DCPromo on MachineC: Pre-2000 compatible security settings (for RAS & TSE)
15. MachineC & A: Verify Trust with MachineD's domain; Verify AD and PDC functions; Verify Client logins are OK
16. MachineC: Install utilities: W2K System tools, Adminpack, Resource kits, Latest service pack, printer drivers
17. MachineC: Install IIS 5.0 & Cummulative service packs; need to run IISLockdown tool on it…
18. Upgrade MachineB To W2K as the SECOND DC - may involve a HW upgrade
19. Remove all DNS zones on MachineE and forward it to MachineC/MachineA; leave MachineE as a caching only/slave DNS server
20. Change all Servers DNS & WINS settings: 1st DNS,WINS=MachineB, 2nd DNS,WINS=MachineA
21. PC upgrades & TCP/IP changes: same as above.

 

[hewissa]

Is it OK if I were to remove a BDC, and replace it with a new server with a DIFFERENT name but use the SAME IP? Would that cause any problems/confusions in WINS? Yes. Either change the address in WINS or assign a different IP. If you remove it and place a new server with different name, the change is to "sudden" and will cause conflicts.

General idea:

Current configuration:
MachineA: NT 4.0 PDC, Primary DNS, 1st WINS, DHCP server
MachineB: NT 4.0 BDC, 2nd WINS
MachineC: W2K DC (upgraded from MachineB
MachineE: NT 4.0 Member: Secondary DNS

1. Shutdown all PCs and NT Servers except for MachineA & B
2. Force a domain syncronization from the PDC (Machine A)
3. Stop DHCP, Anti-Virus, Backup Exec agent, Directory Replicator & IIS 4.0 on MachineA
4. Promote MachineB to PDC then power it off (This is done for backup purposes)
5. Promote MachineA back to a PDC; (MachineB is not on the network at this time.)This will cause conflicts as a backup. I would leave machineB as a BDC and take it offline.If there are problems, it will be easier to bring a BDC back online then a PDC.
6. Replace MachineB physically with MachineC (Upgrade server to a faster box.)
7. Machine C: Install NT 4.0 as a BDC (Should I use the same IP as MachineB used to have or a new one?) A new one.
8. Install RAS, DNS, DHCP, WINS during this setup on MachineC
9. Switch Primary and Secondary DNS servers (The new Primary DNS would be upgraded to W2K)
10. Test RAS, WINS, DNS & DHCP on MachineC
11. Promote MachineC to be the PDC Demoting the current NT PDC to BDC status
12. Create a recovery disk & backup server for all servers.
13. Upgrade MachineC to W2K as the FIRST DC - Forest Root for "domain.com"
14. Automatically run DCPromo on MachineC: Pre-2000 compatible security settings (for RAS & TSE)
15. MachineC & A: Verify Trust with MachineD's domain; Where is machineD and is it a seperate Domain?Verify AD and PDC functions; Verify Client logins are OK
16. MachineC: Install utilities: W2K System tools, Adminpack, Resource kits, Latest service pack, printer drivers
17. MachineC: Install IIS 5.0 & Cummulative service packs; need to run IISLockdown tool on it…
18. Upgrade MachineB Can't be done if machineB is a PDC. Another reason to leave it as a BDC. If you were to bring it online at this point in the procedure, the server will not function properly since it believes there is still and NT domain. It will clash with the 2K PDC.To W2K as the SECOND DC - may involve a HW upgrade
19. Remove all DNS zones on MachineE and forward it to MachineC/MachineA; leave MachineE as a caching only/slave DNS server
20. Change all Servers DNS & WINS settings: 1st DNS,WINS=MachineB, 2nd DNS,WINS=MachineA You also have 2 DHCP servers, MachineA and C. Machine B has WINS installed also, 3rd one.
21. PC upgrades & TCP/IP changes: same as above.

That being said, I would do this:

Bring C online as an NT BDC.
Install RAS, DNS, DHCP, WINS on C .
Configure E as a Caching DNS server.
Remove DHCP from A.
Remove WINS from B.
Configure/Test the current setup. Switch your DNS servers accordingly.
Change all Servers DNS & WINS settings: 1st DNS,WINS=Machine C, 2nd DNS,WINS=Machine A.
Configure DHCP Scope options to reflect the changes.
Sync all servers.
Promote C to PDC - A becomes BDC.
Sync servers again.
Take B offline as BDC.
Promote C to 2K.
Machine C & A: Verify Trust with MachineD's domain; Verify AD and PDC functions; Verify Client logins are OK.
Install IIS, and patches/hotfixes/upgrades on C.
Bring B back online promote it to 2nd DC.
PC upgrades & TCP/IP changes: same as above.

Something like that....

Hewissa

MCSE, CCNA, CIW

 

[Redfox1]

Thanks for taking the time to look at it.

I was trying to document the steps to achive the all the conversions taking place as well as an in place NT Domain upgrade to AD.
My overall goal is to have 2 AD controllers MachineC and MachineA; both running on faster HW. (MachineA will be rebuilt on faster HW once MachineC is up on W2K AD for a week or two...

The following is the general order which I've described in the previous steps.
1 - Primary & Secondary DNS changes from MachineA & E to Machine C & A respectively. (E->caching slave/forwarder to C)
2 - Primary & Secondary WINS changes from MachineA & B to Machine C & A respectively.
3 - RAS, IIS, DHCP moves to MachineC
4 - PDC & BDC changes from MachineA & B to MachineC & A
5 - 1st Hardware upgrade: MachineB->retires;
MachineC->introduced.

(After a week of stabilization)
6 - W2K AD upgrade on MachineC
7 - MachineA->replaced with a faster box. (same name & IP, fresh W2K)
8 - AD Client on Win9x/NT wks?

The reasons why I wanted to keep the IP adddress of MachineB & C the same is becuase MachineB is listed as a secondary wins server in the majority of PCs (150) and Servers (17). (I have PCs on different lan segment that have to resolve the 4.0 DCs for login/authentication purposes.)

From what I know of WINS, the Secondary isn't really contacted unless the primary isn't responding...

Also, any drawbacks of having a primary DNS/WINS running on W2K with a secondary DNS/WINS running on NT 4.0?

MachineD is a NT 4.0 Terminal Server PDC SP6a (yes, I KNOW a Terminal Server 4.0 shouldn't be a PDC) for about 10 users. Not much load though so I thought its OK to do this.
The domain MachineA&B support trusts the domain on MachineD (one way). This is in no way shape or form considered a resource/account domain pair. The entire company authenticates & has resources in the domain on MachineA&B. From what I read, NT 4.0 trusts are upgraded with a PDC upgrade to W2K AD.
I'm not going to migrate the domain from MachineD; rather rebuild that server and make it a member server in the new W2K domain. (No ADMT - I don't want to deal with SidHistory.

Thanks for your thoughts!

 

[hewissa]

Hey Fox,

I would say yes to the AD clients.

"The reasons why I wanted to keep the IP adddress of MachineB & C the same is becuase MachineB is listed as a secondary wins server in the majority of PCs (150) and Servers (17)." These clients are DHCP clients so I would configure the Scope Options to point to the WINS server. Is what your saying, that the clients have static WINS addresses?

"Also, any drawbacks of having a primary DNS/WINS running on W2K with a secondary DNS/WINS running on NT 4.0?" No, only thing I can forsee as being an issue is that for DNS it will not be able to run in AD Integrated mode, and won't have the benifits that 2K security has to offer. Wins I don't think is an issue all together, since 2K machines don't rely on it, and the 9x machines point to it regardless.

Good luck!

Hewissa

MCSE, CCNA, CIW

 

[Redfox1]

Yes, you have hit on a topic that has interested me for some time...
Everything is Static for security reasons. Although we have a dhcp range.

I've created a testbed with the entire network simulated with about 8 systems... different server/clients etc. I'll run through the conversion just to see what it's like.

David

 

[Redfox1]

Thank you for your replies. We upgraded to AD on a recent late Friday night.

We basically created a new NT 4.0 BDC, promoted it to a PDC, installed RAS, WINS, DHCP and DNS on it. Set the DNS zones to be primary on this new server. Turned off DHCP on the older DC. Set WINS replications to pull/push to this new PDC. (Star like config)

We waited a week to make sure RAS, WINS & DNS had no issues. Verified a one way trust.

Converted ALL the clients & servers to use the new PDC as primary WINS & DNS server.

Waited a week.

Turned off one of the BDCs after Domain was replicated.

Upgraded the PDC to a W2K. DCPromo, configured DNS to accept dynamic updates for the forward zone... ran dcdiag/netdiag (W2K SP3 etc...)

Now we are waiting for another week or so. Checking logs, verifying our post-conversion client upgrade steps etc.

Looks like it worked better! I'm glad you mentioned that I should just keep the same IPs and do an in-place swap of DCs & servers... This way things are still reversable and no clients are down!!!

Sincerely,
David Nemeth