Announcement

Collapse
No announcement yet.

NT4 -> Win2003 AD

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • NT4 -> Win2003 AD

    Hi Guys, I've found a few suggestions in other threads, but still need a bit of help.

    I have recently joined a company and have been tasked with upgrading the old NT4 domain to a Win2K3 AD environment. It's not a huge place and it's only on one site.

    My plan is to do an in place upgrade and go from there. Currently I have built a lab and have performed the upgrade. It seems fine, but I am getting one error on my DNS server (which is also the file & print server) :

    lsasrv 40960 error in event log - saying a Kerberos auth error occurred and a domain controller cannot be found.

    However, everything else seems to work fine, pinging, nslookup, user logins (and scripts), drive mapping and printing all works fine.

    The server with the error is another Win2K3 box and I tried to DCPROMO this box to make it another domain controller, only for it to error and say a domain controller cannot be located.

    The set up is as follows :

    NT4 domain : bowl
    DNS companyname.net (not on the Internet!)

    After upgrade :

    Win2K3 AD : bowl.companyname.net
    NETBIOS domain name : bowl

    I need to keep the same domain name, just to make things a little easier!

    My understanding of DNS is limited, especially where AD is concerned!

    When I went through the AD install on the upgraded server (the first DC), I had to call the AD bowl.companyname.net - I tried just calling it bowl.local, but it said it couldn't find DNS. As soon as I added the DNS name in the AD name it worked fine. Is that right?

    Also, one thing I notice is if I ping the DC (ping -a) it returns fine and says it resolves to servername.bowl.companyname.net

    If I ping any other server on the test network it just resolves : servername.companyname.net

    I'm not sure if there is any problems with the set-up or what, but that one error on my DNS server seems to be creating other issues.

    Sorry for the long post guys, but I don't know how to explain this differently.

    Thanks for any help you can give! I hope to be doing this on the production network soon, so I hope to resolve this before I do that!

  • #2
    Re: NT4 -> Win2003 AD

    there have been plenty of threads concerning the migration of an NT domain to 2003... here are a few. i suggest reading them to see the steps needed to accomplish this:
    http://forums.petri.com/showthread.p...migration+2003
    http://forums.petri.com/showthread.p...migration+2003
    http://forums.petri.com/showthread.p...migration+2003
    http://forums.petri.com/showthread.p...migration+2003
    http://forums.petri.com/showthread.p...migration+2003
    http://forums.petri.com/showthread.p...migration+2003

    here is the link to the Active Directory Migration Tool version 2 (ADMT2). you will need it:
    http://www.microsoft.com/downloads/d...DisplayLang=en

    past that, if you have some problems, repost and be specific.

    as far as the error, i had some problems with Kerberos at first. so what i did for the transition was to check "do not require kerberos preauthentication" in the user accounts. then, once migrated, i re-enabled it. this may or may not be applicable in your situation, but i could and did in mine to smooth the migration. we had lots of users connecting to SQL dBs and it was causing some problems because of time differences and Kerberos failing...

    good luck!
    its easier to beg forgiveness than ask permission.
    Give karma where karma is due...

    Comment


    • #3
      Re: NT4 -> Win2003 AD

      James, thanks for your reply.

      As I said, I already searched the forums, and while I found some useful info, there was nothing directly related to my issues.

      Just to be clear, I am doing an upgrade not a migration, so most of the topics you posted are not related, plus as far as I am aware, I will not need the ADMT for an upgrade.

      I think if I can clear that error, I will be fine. But I don't know if it's to do with my DNS structure or something else.

      I hope someone can help.

      Comment


      • #4
        Re: NT4 -> Win2003 AD

        Your problem is DNS related.
        As your dc replies with corp.domain.com, and other reply by domain.com could point out that there is a mixup of several dns zones. But this can also mean that someone configured a specific DNS specific on the other servers.
        [Powershell]
        Start-DayDream
        Set-Location Malibu Beach
        Get-Drink
        Lay-Back
        Start-Sleep
        ....
        Wake-Up!
        Resume-Service
        Write-Warning
        [/Powershell]

        BLOG: Therealshrimp.blogspot.com

        Comment


        • #5
          Re: NT4 -> Win2003 AD

          Originally posted by jacko101 View Post

          Just to be clear, I am doing an upgrade not a migration, so most of the topics you posted are not related, plus as far as I am aware, I will not need the ADMT for an upgrade.
          so your going to continue running NT along with 2003? ok, thats cool. didnt understand that. my bad...

          so does that mean that you now have 2 DNS servers as primary, like a primary for the old domain, and a primary in the new?

          if not, how are the DNS servers setup? who is author. for the domain? you should have a DNS server in the forest root and point all other DCs in the root domain to it as their primary DNS server.

          any WINS servers?

          is it fixed?
          its easier to beg forgiveness than ask permission.
          Give karma where karma is due...

          Comment


          • #6
            Re: NT4 -> Win2003 AD

            I won't be running NT alongside 2003, I'm upgrading NT4 to 2003 AD.

            Currently I have one Win 2K3 DNS server that is running in the NT4 domain. I also have a WINS server.

            It feels like a DNS issue, but I don't know what. I'll check out the zones and see what I can work out, but I have a limited understanding of DNS..........

            Before the upgrade, I tested DNS as much as I could, DNSLint, NSLookup, pinging...everything worked and still works fine, but that one error in the DNS server event log, is really a deal breaker.

            I want the DNS server to be a DC, but it complains saying it can't find the domain controller, even though, it logs in fine, it is the file and print server for the domain and I have no other errors.

            I didn't install DNS on the new Active Directory DC, I just installed Win2003, AD and pointed the DNS settings to the DNS server, could that be a problem?

            It's my round if anyone can sort this!

            Comment


            • #7
              Re: NT4 -> Win2003 AD

              Whats the DNS configuration of your servers? Is a DNS Server running on the upgraded NT4 box? Is the DNS Server box configured to look at itself as a DNS server?
              Please remember to leave positive reputation points (The Ying Yang Icon) if someone helps you.

              Comment


              • #8
                Re: NT4 -> Win2003 AD

                Originally posted by ]SK[ View Post
                Whats the DNS configuration of your servers? Is a DNS Server running on the upgraded NT4 box? Is the DNS Server box configured to look at itself as a DNS server?
                The DNS is on a different server to the upgraded NT4 DC (now Win2K3). I have pointed all servers and workstations (via DHCP where required) to point to the DNS server, the DNS looks at itself for DNS, with no secondary.

                Is the DNS suffix supposed to be the same as the AD domain name? I am getting a little confused with having a DNS name and an AD name..........

                For the upgrade, I wanted to keep the same netbios name as the old NT4 domain, but I had to add the DNS suffix when upgrading NT4 to Win2K3, otherwise it told me the DNS lookup failed.

                So the full AD name is domain.dnsname.net - is that right?

                Thanks again for any assistance!

                Comment


                • #9
                  Re: NT4 -> Win2003 AD

                  The DNS server will believe itself to be the authoritative for whatever domain name you choose. The idea is you use a domain name for your AD domain (Example companyname.local). You then configure DNS to be authoritive for that domain. So yes the suffix should basically be servername.companyname.local.

                  When an authenticated computer that is part of the domain boots up it registers its name with the DNS server. So when another computer wants to find the IP for a computer it can query the DNS server.

                  AD is highly dependant on DNS in order for it to function. You cannot install a new AD domain without a DNS server. DNS basically replaces WINS but technically does the same job. Allows your internal network to see and communicate with each other. Network pc's can also find out which pc is a domain controller for your domain from DNS.
                  Please remember to leave positive reputation points (The Ying Yang Icon) if someone helps you.

                  Comment


                  • #10
                    Re: NT4 -> Win2003 AD

                    Originally posted by ]SK[ View Post
                    The DNS server will believe itself to be the authoritative for whatever domain name you choose. The idea is you use a domain name for your AD domain (Example companyname.local). You then configure DNS to be authoritive for that domain. So yes the suffix should basically be servername.companyname.local.
                    So, how do I handle the upgrade, as I want to keep the old NT4 domain name?

                    At the moment, we have an NT4 domain called bowl and a DNS namespace called companyname.net (not Internet based)

                    Everything is a member of the domain, so they all log in to bowl.

                    When I upgrade the NT4 PDC to Win2K3 and AD, it asks for an AD name (or is that actually the DNS name?). What should I use? I obviously still need the netbios name to be bowl to not affect servers / pc's ability to login without making any changes.

                    Should I just call the AD by the existing DNS namespace? Then manually type a netbios name in of my choice?

                    I think I'm getting a headache and need a beer..........

                    Any help is very much appreciated!

                    Comment


                    • #11
                      Re: NT4 -> Win2003 AD

                      The old NETBIOS name will still continue to work. The setup want's a domain name which as far as I am awake can be different from your netbios name. I would keep it the same though. So if your domain is bowl, maybe call it bowl.local for DNS.
                      Please remember to leave positive reputation points (The Ying Yang Icon) if someone helps you.

                      Comment


                      • #12
                        Re: NT4 -> Win2003 AD

                        Originally posted by ]SK[ View Post
                        The old NETBIOS name will still continue to work. The setup want's a domain name which as far as I am awake can be different from your netbios name. I would keep it the same though. So if your domain is bowl, maybe call it bowl.local for DNS.
                        Thanks for your advice so far, but I'm still a bit unsure about the DNS name.

                        The current DNS name is 'companyname.net' - should I have to use that when I am installing AD? Or can I use any AD name I want, like the example you gave of bowl.lcoal, even if the DNS name is different?

                        I have been told on another forum that the AD name and the DNS name are one and the same?

                        Thanks again...............

                        Comment


                        • #13
                          Re: NT4 -> Win2003 AD

                          OK, I did the NT4 -> 2K3 AD upgrade again and changed my AD name to be the same as the current DNS name and it seems OK. I still have a couple of errors in the event logs, but I don't think it's too serious.

                          I have been able to use DCPROMO to create a second DC and I have have moved the FSMO roles, so AD must be working OK, or is that wishful thinking?

                          I made the NetBIOS name the same as my current NT4 domain name, which is different to my new AD name, but I don't think that matters.....

                          Any other advice would be appreciated or any other test I can do to make sure I am working OK.

                          Thanks for your advice!

                          Comment


                          • #14
                            Re: NT4 -> Win2003 AD

                            The only reason NETBIOS domain names exist in AD is for backwards compatibility. The NETBIOS and DNS name dont have to be the same, so for example you can have DOMAINNAME and example.local. Its easier to make them the same though.

                            In terms of computers I am not sure what servers you have running. Do you have just the one DC now (WIN2k3)?

                            When I did this I had an NT4 server and a brand new Windows 2003 server. I first created a Virtual PC on my laptop of NT4 and joined that to the NT4 domain. Made this Virtual PC into the Primary Domain Controller and then upgraded it to Windows 2003. I then joined the new 2003 server to this AD domain and transferred all FSMO roles etc. Eventually I removed the Virtual PC copy of Windows 2003 from the domain. This left the NT4 in a Backup Domain Controller role. Ideally I would take the NT4 server out but they still wanted it for file storage.
                            The new DNS name was basically their old NETBIOS name but with .local added to the end.

                            If you still have your NT4 server in a BDC role then I guess you could test adding a new user on the 2003 server. Then look on the NT4 to see if it sees this new user?
                            Please remember to leave positive reputation points (The Ying Yang Icon) if someone helps you.

                            Comment


                            • #15
                              Re: NT4 -> Win2003 AD

                              Originally posted by ]SK[ View Post
                              The only reason NETBIOS domain names exist in AD is for backwards compatibility. The NETBIOS and DNS name dont have to be the same, so for example you can have DOMAINNAME and example.local. Its easier to make them the same though.
                              Actually, it was the existing DNS name and the new AD name that I was wondering if they had to be the same? I had DNS set up already in an NT4 domain, so when upgrading to the Win2K3 and AD, is the AD name the same as the DNS name?

                              That's what I have now done and it seems to be working, but just wanted someone to clarify if that's what had to happen?


                              Originally posted by ]SK[ View Post
                              If you still have your NT4 server in a BDC role then I guess you could test adding a new user on the 2003 server. Then look on the NT4 to see if it sees this new user?
                              I'll run a couple of tests and see what I get. I do have a BDC on line and will try what you suggest.

                              Is there a way of testing AD replication to / from the 2 DC's? It seems to work, like I said before, I've moved the FSMO roles and it hasn't complained!

                              Thanks......

                              Comment

                              Working...
                              X