Building a Temporary NT 4.0 Domain Controller
An
NT domain controller will need to be built to allow the procedure to
work. It must be brought up as an NT Backup Domain Controller (BDC) for
the domain. Because there are no more NT domain controllers, the DC
account for the computer must be created on the first temporary domain
controller established. The DC account can be created by typing the
following at a command prompt:
netdom add SFDCTEMP02 /domain:companyxyz.com /DC
It
is important to note that even though the domain is in Mixed mode, the
account must be created in advance if the Primary Domain Controller
(PDC) function in the domain runs on a Windows 2000 domain controller;
otherwise, the BDC cannot be added to the domain. When the account is
established in advance, the second temporary domain controller must be
built with Windows NT 4.0 and configured as a BDC in the domain that
will be migrated. Because the domain is still in Windows 2000 Mixed
mode, NT BDCs are still supported.
In the
merger example, the second temporary domain controller is established
as SFDCTEMP02 after the computer account is created on SFDCTEMP01 using
the netdom procedure just described. All existing computer and user accounts are copied into the SAM database on SFDCTEMP02.
Retiring the Existing Forest
The
existing Windows 2000 forest can be safely retired by simply shutting
down the temporary Windows 2000 domain controller. Because this machine
controls the OM roles, the Active Directory is effectively shut down.
The added advantage of this approach is that you can resurrect the old
domain if there are problems with the migration by turning on the first
temporary server.
As illustrated in Figure 4, the SFDCTEMP01 server is shut off, retiring the companyxyz.com Active Directory domain. However, the COMPANYXYZ NetBIOS domain still exists in the SAM database of SFDCTEMP02, the NT BDC.
Promoting the Second Temporary Server to NT PDC
The
NT BDC that you set up then needs to take over as the PDC for the
domain, which effectively resurrects the old NetBIOS NT domain
structure. This also leaves the domain in a position to be upgraded
into an existing Active Directory structure.
In
the merger example, the NT BDC SFDCTEMP02 is promoted to the PDC for
the COMPANYXYZ NT domain, preparing it for integration with the companyabc.com Windows Server 2003 domain.
Promoting the NT PDC to Windows Server 2003 and Integrating with the Target Forest
Next,
the NT PDC can be promoted to Windows Server 2003 Active Directory.
This procedure upgrades all computer and user accounts to Active
Directory, and the client settings will not need to be changed.
In
the merger example, the Windows Server 2003 CD is inserted into the
SCDCTEMP02 server, and a direct upgrade to Windows Server 2003 is
performed. As part of the upgrade, the Active Directory Wizard allows
the domain to be joined with an existing AD structure. In this case,
the CompanyXYZ domain is added as a subdomain to the companyabc.com domain, effectively making it companyxyz.companyabc.com, as illustrated in Figure 5.
Reestablishing Prior Domain Controllers and Moving OM Roles
Another
useful feature of this approach is that all the original servers that
were domain controllers can be promoted back to their original
functions without reloading the operating system. The DCPromo
process can be run again on the servers, adding them as domain
controllers for the domain in the new forest. In addition, the OM roles
can be transferred as previously defined to move the original roles
back to their old locations.
In the merger example, all the original domain controllers that are now member servers in the domain are repromoted using DCPromo. SFDC01, SFDC02, LADC01, and SDDC01 are all readded as domain controllers, and the proper OM roles are replaced.
Retiring the Temporary Domain Controller
The
final step in the Mixed-Mode Domain Redirect is to retire the promoted
NT BDC from the domain. The easiest way to accomplish this is to run DCPromo
to demote it and then simply shut off the server. Both temporary
servers can then be retired from duty and recycled into other uses.
In CompanyXYZ, the SCDCTEMP02 server is demoted using DCPromo
and turned off. Overall, the procedure spares the company the need to
change client logons, user settings, or server hardware and allows it
to re-create the existing Windows 2000 domain within a different
Windows Server 2003 Active Directory forest.