Win NT coexisting with Win2000 Server?

[ClareSnyder]

I am in the process of replacing an NT4 server with a Win2K server. Currently everyone logs onto the network through "Server_NT" on the L&M_INS domain. This server will remain online after the Win2k server "Server-2000" is deployed, but will no longer handle the database etc - and will no longer be the primary server. I want the user systems to be authenticated by the 2000 server - but do not necessarily want to convert to "active directory" with all that incurrs. Is there a way to have the Win2K server authenticate users without active directory?

Active directory does not like the server name "Server_NT" (or Server_2000 either - so I had to call the new server "Server-2000&quot and it does not like the domain name "L&M_INS"
I want to log onto L&M_INS on Server-2000 and have the login.bat file on Server-2000 assign all the drive mappings.

Can this be done? How?
If I MUST use Active Directory, what is the minimum involved? We still have Win98SE workstations online - so I know I need to install the Active Directory Client to eack of these machines. I suspect I must also install the client on the NT Server? I have found reference to a client for NT Workstation - but not server.

 

[ahalecitrix]

You basically have two options If you want the Windows 2000 server to authenticate the users.

Option 1: Upgrade the NT 4 server to Windows 2000. In order to introduce a Windows 2000 server as a domain controller in an NT 4.0 domain the PDC must be upgraded to Windows 2000 which will of course introduce Actice directory.

Does anyone know how Win2k will handle the L&M_INS domain name if the PDC is promoted? I've never had to deal with that situation.

Option 2: Remove the Win2k server from the L&M_INS domain and run dcpromo creating a new Windows 2000 Active directory domain. You will want to use an AD friendly domain name such as L&M-INS however. Then you can use the migration tool to migrate your account and domain information from the old NT 4.0 server. Then to have the NT 4.0 server as a member server in the Active Directory you will need to reinstall the OS either as NT 4.0 member server or as a Windows 2000 member server. Unfortunately you don't have the ability to demote an NT 4.0 server from being a domain controller.

As far as the Active Directory client, it will depend on what functionalilty you need the client's to have in the AD. You can still give them access to network resources with mapped drives and stuff without the AD client.

I hope that helps in planning the change.

 

[ClareSnyder]

Assuming I go with Option #2 - I use LMI instead of L&M_INS or L&M-INS (both of which are "illegal&quot
I then "migrate" my accounts from the NT server. I assume the migration tool becomes available as part of the AD install?
At this point my workstations are still logging onto the NT server and nothing has functionally changed? When I shut off the NT server and change the login domain on all the workstations, I am switched over to the Win2000 system?

What happens if I restart the Win NT server without getting rid of the PDC functionallity? It is the PDC for L&M_INS and the workstations are logged into LMI. Can the NT server still be reached, being in another domain? What happens if I change the domain name on the NT server to LMI? (I assume the workstations would authenticate through the NT server again?)

The workstations are currently hard coded to their specific IP addresses, and do not use WINS. TCP/IP is the only protocol in use.

 

[ahalecitrix]

Clare,

First here are a few links that have some good information in helping you plan the migration. Read through these and make sure you plan the steps carefully. You have a pretty simple environment with two servers, but planning is very critical and taking the time to plan well before starting the process will be a huge pay off and mean less headaches later.

http://www.microsoft.com/technet/tr.../prodtechnol/ad/windows2000/plan/migntw2k.asp

http://www.microsoft.com/technet/tr...technol/windows2000serv/downloads/w2kadmt.asp

Download for the Domain Migration Tool (also available on the above link)

http://download.microsoft.com/download/win2000srv/Install/1.0/NT5/EN-US/ADMT.exe

You will need to remove the existing workstations from the NT 4.0 domain and rejoin them to the AD domain. You will also want to make changes to the IP scheme. Since you have 98 clients I would suggest installing WINS on your network. Also I would suggest installing DHCP on the network. This will make it easier to manage the IP's for the client machines. You will also want to enable DNS forwarding to your ISP DNS servers on the AD domain controller and point all the clients to the AD server for DNS resolution.

In order to use the NT 4.0 server you will need to reinstall the OS unfortunately. In NT 4.0 when the OS is installed you must select whether it is going to be a domain controller or a member server. The only way to change that role is to reinstall the OS.

Just FYI, if this seems like an unnecessary undertaking you can make the new Windows 2000 server a member of the NT 4.0 domain and avoid making these changes to your network at this time. But if you want the Windows 2000 server to authenticate users and all that you will have to migrate to AD.

 

[ClareSnyder]

OK, to install WINS, I set up the W2K server as a WINS server? Under advanced TCP/IP settings, add, and the IP address of the server? Then on each workstation I enable WINS and point to the W2K server? That's all that's to it?

Then for the DNS ---- How do I "enable DNS forwarding to the ISP DNS servers"? We are using a NAT router. Is it as simple as pointing the server to the router DNS (set DNS server on the server to the router address) and then point workstations to the W2K server for DNS? Somehow that sounds too simple.

 

[ClareSnyder]

DHCP is enabled on the router, so we COULD use DHCP on the workstations, but I like to know the IP address of every machine so it is easier to troubleshoot if we have network problems. I know what number to ping to see if a connection is up or down. If, for instance, I can ping 192.168.123.99, but cannot ping server_nt, I know I have a DNS problem. If I can ping server_nt, and 216.239.33.100,but cannot ping Google.com, I have an external DNS problem and need to contact my ISP.

What advantage, other than greatly reducing the possibility of assigning the same IP to multiple machines, does DHCP give me?

 

[bobmothers]

DHCP is a single point of administration for all TCP/IP information required by clients. If for instance you wish to change or add any WINS, DNS, Gateway Addresses etc then to have those changes propagated to all clients without visiting each one in turn requires DHCP.

However, you will have to disable DHCP Server on the router as you can't have two DHCP servers on one network.

You can still determine the IP address of every machine from the DHCP management console on Win2k Server under active leases.

I am not promoting one way or its alternative merely hoping to shed some light.

 

[ClareSnyder]

So if I use DHCP on the server (disabled on router) all DNS and WINS settings established on the server are automatically found by the workstation? I just tell the TCP/IP to obtain address automatically, and everything sets itself up. All I need to do is tell the system what domain it is joining in the client properties tab.
If I point the server DNS to the router, all workstations will automatically see the internet through the router, and local computers through the server DNS?
Do I understand this correctly?

 

[ahalecitrix]

When you setup the DHCP server you will be able to specify what IP address is supplied to the client to resolve WINS, DNS and its default gateway along with automatically assigning an IP address from the address pool.

As bobmothers said, you can do it manually and statically assign on the IP addresses. In general though on most networks the standard practice is to assign DHCP IP addressing to clients and only statically assign IP information on servers and network devices such as routers, etc...

You can do it either way, DHCP just centralizes the management point from the server. It elimates the possiblity of human error and having incorrect IP setups on each workstation. It guarantees that every system will be assigned the same IP configuration.

In an Active Directory network you will want clients to resolve DNS at the AD server. DNS is crucial for AD and is how naming is resovled on the network. Once you have AD installed you can go into the DNS MMC under Admin Tools. Right click on the server and go to properties. There is a tab called Forwarders. Check "Enable Forwarding" and add in the external DNS server IP addresses provided to you by your ISP. When the client request a connection whithin the AD network the DNS server will provide the IP address to the client. When the client request to go to

http://www.tek-tips.com

the AD / DNS server will not know the IP address for the web site and will "forward" the request to you ISP DNS servers in its forwarding list. Then the name will be resolved to the client.

 

[ClareSnyder]

Thanks guys - I've got everything working now with one exception - How do I get the users migrated from the old server to the new one (NT4 to W2K AD)? When I try the migration wizard in test mode, I get an error message saying "You are not an administrator on the source domain (Domain=L&M_INS)"
The administrator account on both servers is set up the same, with the same password.
How do I get recognized as an administrator on the old server, from the new one?
Please don't say remove the Active Directory and migrate first, because when I installed active directory I lost all the user information I had so painstakingly entered before!