First DC in Domain Problem

Posted on January 8, 2009 by Daniel Petri in Active Directory with 0 Comments

Why do Windows 2000-based clients connect only to the Domain Controller that was upgraded first in a Mixed-Mode Domain?

After you upgrade the first of multiple Windows NT Server 4.0-based domain controllers to Windows 2000 or to Windows Server 2003, all of the domains Windows 2000 Professional and Windows XP-based clients connect to that domain controller for authentication purposes. These clients do not connect to any other domain controller; therefore, the upgraded domain controller may become overloaded. You may also experience loss of fault tolerance capability. Read 284937 for more info.

To resolve this problem, obtain the latest service pack for Windows 2000.

Before you apply the latest service pack to a computer that you want to upgrade from Windows NT Server 4.0 to Windows 2000 Service Pack 1 (SP1), follow these steps on the Windows NT Server 4.0 primary domain controller (PDC):

On the computer that is running the Windows NT Server 4.0 PDC, start Registry Editor (Regedt32.exe).

  1. Locate and click the following key in the registry:

  1. Click Add Value on the Edit menu, and then add the following registry value:Value name: NT4Emulator

    Data type: REG_DWORD

    Radix: Hex

    Value data: 0x1

  2. Quit Registry Editor.
  3. Apply the latest service pack for Windows NT 4.0.

Note: If you run Dcpromo.exe before you add the registry key, all Windows 2000 Professional and member servers must rejoin the domain. You can use the Netdom utility to rejoin member servers.

You can also use this procedure to upgrade a computer that is running Windows NT 4.0 as a backup domain controller (BDC). You do not need to make any changes to the computers that are running Windows 2000 Professional or to member servers in the domain.

This procedure is a temporary solution. When you have sufficient Windows 2000 domain controllers, you can remove the NT4emulator registry value on all the Windows 2000 domain controllers.

To perform remote administration on Windows 2000 domain controllers that have the NT4emulator registry value after you install the Windows 2000 Administration Tools package, follow these steps:

  1. On the computer that is running Windows 2000 Professional or a member server, start Registry Editor (Regedt32.exe).
  2. Locate and click the following key in the registry:

  1. Click Add Value on the Edit menu, and then add the following registry value:Value name: NeutralizeNT4Emulator

    Data type: REG_DWORD

    Radix: Hex

    Value data: 0x1

  2. Quit Registry Editor.

Use Dcpromo.exe to upgrade, and then apply the latest service pack.

Links

Windows 2000-Based Clients Connect Only to the Domain Controller That Was Upgraded First in a Mixed-Mode Domain – 284937

Sponsored