Migration to Active Directory

    Does this look like a viable plan? Any comments *much* appreciated!

    Background: the Current NT4 Domain Controllers are PDC1, BDC1 and BDC2. All have SP6a. PCD1 runs DNS, WINS and DHCP. All clients are Win2000 Pro or XP.

    TEMPDC is a high-end PC. The new 2003 Server domain controllers will be named DC1 and DC2.

    * Prepare for Migration
    - Shorten DHCP lease life on PDC1
    - Ensure replication has occured between current Domain Controllers
    - Power down BDC2 (for Disaster Recovery)
    - Install temporary NT4 BDC on high-spec PC (TEMPDC)
    - Transfer DNS from PDC1 to TEMPDC
    - Promote TEMPDC to a NT4 PDC
    (Question: do I do this on the existing network??)
    - Transfer DNS to DC1 from PDC1

    * Migration
    - Upgrade TEMPDC to a Windows 2003 Server, thus installing Active Directory.
    - DCPromo DC1 to a Windows 2003 Domain Controller
    - Transfer FSMO roles to DC1 from TEMPDC
    - Setup DHCP and WINS on DC1
    - Install second 2003 Server Domain Controller, DC2.
    - Ensure Replication between DC1 and DC2.

    * Clean-up
    - Decommission Existing NT servers

    Yes, it looks ok to me. Just make sure you get the DNS part right, with the new AD domain name as the zone name and all. The DNS part might be the one that'll toast you if you're not careful. Otherwise, it looks ok.

    Oh, also make DC1 as GC, and after you lose the NT4s, you can demote TEMPDC to member server, and then remove it.

    Daniel Petri
    Microsoft Most Valuable Professional - Active Directory Directory Services


      Thanks Daniel.

      I havr to move DHCP and WINS as well. Is it best to leave these in place on the old NT machines until Active Directory is in place?


        Do you really need WINS once AD is deployed? If you run 2003 in mixed mode you shouldn't need to re-enable it. Also tell AD which machines are Pre-2000.

        I've just done the same migration as your facing and was suprised how smoothly it went (did it in the 1hr lunch break at the client). DanielP was right though, makes sure you've got your head around how the DNS is going to work otherwise now of the AD will work and everything will screw up.

        If your planning on trying to keep the network up while the change takes place then yes, DHCP should be the last serivce you switch. Once the AD is up and running all NT4 boxes will see themselves as BDC's and your AD DC will be seen as PDC in User Manager. All the BDC's should be in the Domain Controllers OU in AD though.

        Good Luck mate



          I understand DNS is key: I've deployed AD before but have never done a migration. Am glad to hear it can go smoothly though!

          Question: how do I move DNS from one NT server to another? I have been messing about with it in the lab but I'm not getting anywhere!

          Or is it perhaps better to upgrade my TEMPDC to Windows 2003 server and then do a zone transfer...

          (Also I *probably* won't need WINS...but I don't want to decommission it just yet as there may be applications about that use NETBIOS).


            I think uograding your TEMPDC would be the best bet and transfer the zone in from your existing DNS server. If it doesn't work you could try manually copying after you have got DNS working on AD.

            So setup the NT box your going to upgrade to 2003 as a dns server, make sure it duplicates with the other bdc's. Promote it to PDC and then upgrade it. The DNS setting should be there once AD is started. Once you've got all your DC's up and running decide which one you want as the DNS server and add it in.

            I know that makes it sound really simple but i'm sure you get my drift

            Mine was a little different in that I already had a 2003 server inplace that was acting as a BDC and had DNS running, so I upgraded a temp nt pdc to 2003 and hey presto, working AD DC. I then ran dcpromo on other 2003 box, transferred FSMO roles and was pretty much in the pub by 3

            Take care



              Have started this project! DHCP and WINS moved over to a 2003 member server. Wish me luck


                Ahh you don't need luck, you'll be fine

                Let us know how you get on



                  Well..GPOs are being applied so I suppose the migration is complete!

                  Thanks for advice and support