Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

NT4 to 2K Server Migration Help

NT4 to 2K Server Migration Help

NT4 to 2K Server Migration Help

Hello all,

    I work for a small company that currently has the following network setup:

NT4_PDC / File server
NT4_BDC / Email server
NT4_BDC / Database server
2K client PCs

Simple enough....my task is to upgrade all three machines to Windows 2000 server.

Ignoring all the machines except the PDC...what should be the first step?

We have already purchased a new machine to act as our new PDC, so the old machine will not be used.

Any thoughts on what direction I should take this?

I have taken a dummy machine, and setup Win2k Server on it as a test.  But how should I actually configure the server itself, since it will eventually be the new PDC?  In other words...should I create a new domain?  Add it to the domain?  A new sub domain?  

So confused...any guidance will be very appreciated.

Many thanks in advance!


RE: NT4 to 2K Server Migration Help

Since your environment is so small, the generally recommended path is this:

  • Install your new server as an NT 4 BDC

  • Promote the new machine to be PDC

  • Temporarily take the old PDC (which is now a BDC) offline, just in case there are problems with the upgrade

  • Upgrade the new machine to Windows 2000

  • Test that everything (logons, e-mail, apps, etc.) works

Assuming everything works, you can then upgrade the other servers.

You may also want to look at this MS KB article, http://support.microsoft.com/default.aspx?scid=kb;en-us...
MS has a lot of good information on upgrading, search for more articles in the KB.

RE: NT4 to 2K Server Migration Help

Awesome, thank you so much for your response.

I will most likely take that path, BUT:

Assuming I didnt want to change the domain name, machine name etc.  Is there anyway I can do a fresh install of 2K and get the same results, versus building the machine as an NT4 box, then upgrading?

Many thanks again!!


RE: NT4 to 2K Server Migration Help

I'd recommend that you install Win2k from scratch, then recreate the users in the "new" domain (always use a .local domain) and then move each client to the "new" domain. Uppgrading is asking for troubles later because NT did not use FQDN or DNS and these are integral to Win2k AD...plus you can install 2k in "native mode" and not have any legacy info in your AD.

Exmerge the Exchange mailboxes to tape/CDR or such, wipe and install Win2k/Exchange2k, then exmerge mailboxes to the new exchange after setting the users mailboxes...definately don't upgrade Exchange!

Just what I learned from my own experiences...


RE: NT4 to 2K Server Migration Help


    Thanks for the response.  So what you recommend is basically starting from scratch, and creating a new domain,
and adding all the users into this domain?

Is there a tool to export everything (Users) from NT4 to the 2K box?

Also,what do you mean by a .local domain?

Thanks so much for your responses!!


RE: NT4 to 2K Server Migration Help

The Active Directory Migration Tool (ADMT) can be used to copy all of the user accounts from the NT 4 domain to the new 2000 domain.

For the .local, Active Directory requires DNS to function.  This means that the domain name is now in the format foo.com instead of just foo like it was in NT 4.  (Note though that the domain name will also be advertised as foo for compatibility with Win 9x/NT4 clients).  Since this will be an interal DNS, not advertised to the outside world, and to prevent possible confusion with any actual Internet-accessible domain name that you have, the recommendation is to make your domain name something like foo.local.  Clear as mud?

You can't do a fresh install of 2K and keep the same domain name (due to the note mentioned above).

I followed the upgrade path and my domain controllers didn't have any problems (a couple of member servers did, but that's another story).

RE: NT4 to 2K Server Migration Help

Ok, so it seems like the general consenses is to get the new machine, set it up with NT4, promote it to PDC, then setup Win2k on top of it (following the .local domain naming).

I suppose thats what ill do then!  Hopefully things will work out smoothly...

by the way, do you guys know if the full version of 2k server will *upgrade* an NT4 machine?...or do I have to get the upgrade version?



RE: NT4 to 2K Server Migration Help

Any media version will upgrade an existing server version.


RE: NT4 to 2K Server Migration Help

If the database server is SQL, and you used integrated security, you'll want to go the upgrade route.  Otherwise you'll end up reacling your database or buying a tool like Aelita DMW that can do that for you.

RE: NT4 to 2K Server Migration Help

Thanks for the DB tip xmsre!  Ill certinaley take that into consideration when we get to that system.


RE: NT4 to 2K Server Migration Help

My suggestion, start from scratch.  Why? fallback, fallback, fallback. If something goes wrong you simply reconnect your old Servers.  We did our Migration to 2000 nine months ago and the most important thing you need to do is test as many times as possible before going live.

If you have the opertunit to get a new server to install 2000 Server, take it!  All you need is a switch, one client and the server, install 2000 Server and mock your domain.  Keep them totally seperate.  

In the evening whe users are gone home, take the old server offling and connect the new one.  This will give you an opertunity to install and test any software you need to.  You will be able to test in a live environment and still have your original Server available in the event that you get yourself in a snag.

Trust me, there are a lot of problems associated with the upgrade.  It is best to setup a small domain with your new 2000 Server and test until you can't test anymore.  As you encounter problems, correct them, test again and try again in the night when users are off the system.

Also, importing the user accounts is fine, but any directory security will still have to be setup again.  Recreate the accounts, install your AD, create and apply security and test several times before going live.  Even if you go live and there are problems you can always plug the network cable out of the 2000 Server into your old Servers.

This scenario gives you the most functionality, ability to test in a live environment, a fresh 2000 installation and most of all, a fallback plan.

RE: NT4 to 2K Server Migration Help

Pure genius 2cornot2c!  That is precisely what I am going to do.  Start fresh, test, and slowly migrate users over to the new domain!!

I love this stuff! :)


RE: NT4 to 2K Server Migration Help

Some more tips for you.

When you are finished with the installation, remove the Everyone [Full Access] from your Server root and propagate it down.  By default, when you install 2000 the Everyone group has Full Control.  Leaving your system open for hackers. Replace the Everyone account with Authenticated Users.

Learn a a lot about DNS, a functioning 2000 Domain is built on DNS.  

You might need to do some minor network changes on your 2K Clients to get the full benifit of the security features using AD and Group Policy.  There are two ways to add a 2000 Client PC to a domain, the best way is to use the Network ID button in the Network Identification tab in the Properties of My Computer.  Simply clicking on the properties button and changing it to Domain instead of Workgroup isn't enough and sometimes your Group Policy settings will not affect those clients that were setup that way.  This is not something that you need to address right away, concentrate on the Migration first then work on creating OU's and applying GP's.

Make sure that all of the programs, drivers and any other software that will be installed on the W2K Server is compatible, an incompatible piece of software will have severe affects.  I remember that we had to wait for IBM to release an upgrade to our Database before we could Migrate.

RE: NT4 to 2K Server Migration Help

I just recently took the path of setting up a fresh BDC and then promoting it to a PDC.  I then performed an inline upgrade of the newly promoted PDC to Win2K AC/DC (Active Directory/Domain Controller).  I then confirmed that all the user/computer account had transfered (around 700 user accounts/500 Computer Accounts).  I've transfered the the "operation masters" role to a server that was not upgraded from NT4, a fresh Win2K install.  I can then pull the pc I used as the in-line off the network.  Using this path of upgrade, I didn't have any issues.  I did however put this through a test network until I was confident about the migration.  

RE: NT4 to 2K Server Migration Help

Hi Sam!

I'm in exactly the same position as you and have the same questions/concerns. I have a very similar setup of servers and have just been on a three day Win 2000 Server Admin course. Now all I need to do is upgrade...

My tutor recommended that a clean install rather than an upgrade as being the way forward (even if more time consuming). This seems to be the majority opinion all round although I can see that this is likely to always be a debatable subject.

Having read your posts so far, I think I'm going to follow the route of building a new Win2000 Server separate from our network and creating similar user and computer accounts, etc. Then, as 2cornot2c said, I will switch it over when my users are offline in the evening and see how things go.

I did read about the ADMT (Active Directory Migration tool) providing a useful method but I'm wondering if it's still easier to create everything manually if you haven't got too many users/computers, etc.

Have you started/finished your upgrade yet? Please do let me know how it goes. Your experiences will be very valuable to me!

Best wishes,

RE: NT4 to 2K Server Migration Help

Hey Josh,

    Great, its good to know im not the only one getting into this.  Well, funny that you ask because we just finished purchasing two new Dell servers.  As soon as they come in, we are going to start building them up and migrating over.

I am going to stick to the fresh start approach.  Its nice and clean, and I build up the server completely from scratch exactly the way we want it.  Plus, we only about about 70 users and about 10 groups.  Nothing to major...

That is what I call "Phase I" of the migration.  The next phase will involve rebuilding our mail server on a new 2K machine and migrating everyones mail from a 5.5 to a 2K AD instalation.  Also, this will involve moving our Blackberry server, and including an AntiSpam/AntiVirus MTA (TrendMicro software).  Migrating of the emails is very easy, and much cleaner than migration of the NT accounts.  Plus the migration tool will match the mail box to the user automatically for you.

The last phase will be to upgrade (not rebuild) our DB server.  

Granted, it is a lot of work because we to run around to everyones desktops and migrate there profiles over, etc, but in the end its worth it because you have a very clean backend....and thats what you want!

Please let me know if you have any thoughts, ideas, or questions, and good luck!


RE: NT4 to 2K Server Migration Help

Once you have your server up and running, do some security lock down before proceeding with the software installations.  Install the Microsoft Baseline Security Analyzer on a workstation connected to your 2000 domain and have it do a security check of your server.  You can enter the IP address of your server and analyze it directly from the workstation.  The analyzer can be downloaded from the following link.


You can also use this to analyze your client workstations once you have deployed your servers.  Run the analyzer again once you are finished patching and installing all your software on your servers.

If you are running Exchange, run the IIS lockdown tool from microsoft after the setup.  Apply the recent service packs for Exchange, very important.

You could prepare in advance for this by downloading your service packs in advance so when you are ready to install you have all the resources on hand.

One other approach we took was creating an alias for our Administrator account.  Although it was a good security measure, it does require some due diligence(read about it before doing it) do as much security lock down before deploying, document all security changes so that you can modify them if you run into problems.

2000 has many features to help you lock down a clients ability to access, change and/or modify network and workstation settings.  End users usually get offended when they are giving something and then it is taken away.  Therefore, if you are planning to remove certain client features using GP's and Security policies, it is best to do it from the get go.  If the users didn't have it to begin with, then they won't miss it, that's my theory.

I know this is a lot to swallow, you don't have to implement all or any of my suggestions.  These are just some of the things that I know I would have liked to have had when I was doing my migration.

RE: NT4 to 2K Server Migration Help

Please advise how the upgrade went and what path you used.
Any problems and what you did to fix them.

I need to upgrade our NT 4.0 PDC, should have done it a year ago but just did not get it done. I have 25 clients (a mix of Win2k pro and XP Pro) 2 data servers ( Windows 2000 server).


RE: NT4 to 2K Server Migration Help

Yeah - I'd be interested to know how it went too.

I'm still stuck on NT for the time being until my company can afford some new hardware.


RE: NT4 to 2K Server Migration Help

After some seriuos studying and thinking, I deceided to go with the clean install route too.
So I would be interested in what problems,trouble is connceted to creating new accounts for users. Like home folder access, desktops&shortcuts, printers... What else?

RE: NT4 to 2K Server Migration Help

I have completed this procedure and have everything working! I’m going to post a step-by-step message on the do’s and don’ts. I will be posting it very soon.


RE: NT4 to 2K Server Migration Help


Nice to hear everything went well.I would be very thankfull if you post your suggestions & experience. I plan to do it this month.

RE: NT4 to 2K Server Migration Help

Hi Tekers,

I am now facing the path that you have gone before.  My situation is a little bit differ from cases mentioned and not so sure about my idea; thus, I am asking for your advice now.

Our environment is as follow:

1 W2K workgroup (configure a a member server)
very small user community (20)

What I want now is to get rid of the those NTs and make the W2K the main DC.  

Based on what I have read so far. Can I just take those NTs off line, rename the domain to the current domain that is on the NT now, recreate user account and set permission, and test out.

Would you reccommend this solution in my case???


As always, the seekers is out seeking.

RE: NT4 to 2K Server Migration Help


If you don't mind re-creating all the accouts, that is a way to perform the move towards Active Directory (AD).  You would basically be re-creating your network.  After you do that, you have to have all your pc's rejoin the Active Directory domain.

As mentioned, the process of installing 2000 Srv onto the NT PDC will establish it as a DC.  Once the upgraded NT box is upgraded to a DC, then you can promote the already 2k Srv members server as another DC.  Once everything has been syncronized and you've migrated all the roles (Schema Owner, PDC role, RID, Infrastructure) from srv to srv, you can then go back to simply 'demote' the upgrade DC back to a member server by running dcpromo.  If you to the above mentioned migration, all of your computer accounts will not have to be rejoined to the network.



RE: NT4 to 2K Server Migration Help

What Randy is saying is the best way of upgrading.
By upgrading an NT PDC to Win2K DC, you don't have to rejoin users to the domain. By demoting the upgraded PDC back to a member server, and promoting an existing or newly installed Win2K server to a DC, you get the cleaner Win2K DC just as you are creating a new domain from scratch.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close