Q

How can I install Active Directory, change my domain name and still allow my existing clients to acc

I currently have a single NT4 domain. Let's call it "ABC." I have NT4 workstations and XP workstations as clients. I also have a couple of Windows 2000 servers in the domain. I now want to install Active Directory, and while doing so I want to go with a new name for my domain -- let's say "ABC.One.com." If I upgrade my PDC (primary domain controller) to Win2k and use the new name while installing AD, my existing clients will not be able to log in to the new domain, right? And I do not want to visit each client machine and change the domain name, etc., at this time, as I have more than 5000 clients and limited resources. E-mail is not a concern right now. What is the best way to tackle this scenario? Thanks.
When you think about it, you're really not changing the domain name. The ABC.One.com is the new Active Directory name, but the NetBIOS name will stay ABC. Thus, the Windows NT 4.0 machines will still know the domain as ABC and the Windows 2000 Professional and Windows XP machines will automatically recognize that Active Directory has been added to the old ABC domain and will alter their configuration connection to ABC.One.com. They will also alter the way they communicate with the domain -- shifting from LanManager to Kerberos authentication and LDAP protocols.

The only time you would have to change the machines and rejoin the domain will be if you "drop back" to an NT 4.0 domain. Then you will need to rejoin the NT 4.0 domain. Hopefully you won't have to face that situation. The only trick is that you must change the PDC's DNS name to match the new Active Directory name prior to upgrading. So, on the PDC do an IPCONFIG/ALL to see how it is configured. Below is a sample display:

 

C:>ipconfig /all

Windows 2000 IP Configuration

Host name ---------------------------- apollo
Primary DNS suffix ------------------- MyCorp.com
Node type ---------------------------- Hybrid
IP routing enabled ------------------- No
WINS proxy enabled ------------------- No
DNS suffix search list --------------- MyCorp.com

But you want to call the Active Directory domain ABC.MyCorp.com. So on the NT 4.0 PDC prior to upgrade you make the change. Just to make sure you go to the IPCONFIG/ALL again and see:

 

C:>ipconfig /all

Windows 2000 IP Configuration

Host name -------------------------- apollo
Primary DNS suffix ----------------- ABC.MyCorp.com
Node type -------------------------- Hybrid
IP routing enabled ----------------- No
WINS proxy enabled ----------------- No
DNS suffix search list ------------- ABC.MyCorp.com

Of course, this being an NT 4.0 domain, the NetBIOS name of the domain is still ABC. When you upgrade to Active Directory you indicate that you want the AD domain to be called ABC.MyCorp.com (to fit my example). But you indicate that the NetBIOS name should remain ABC. All your machines will happily make the adjustment.

As always, testing is the best way to prepare and double-check that your plan is correct. Build a workstation to be a BDC (backup domain controller) in your domain. Then, take it off the production network and connect a hub (or cross-over cable, for that matter) to another workstation. Make sure the NT 4.0 and/or XP workstation can connect to your little domain. Promote the BDC to a PDC. Since none of this is on the production network there should be no conflicts. Then upgrade the server to Windows 2000 AD using the step hints I just gave you. Reboot the XP workstation once the AD is done and you will see the changes it makes in the configuration. But your NT and XP workstations will not require any intervention (other than the reboot) to get them to find the domain. Of course, DNS must be configured correctly in order for the XP machines to locate the domain now!

This was first published in December 2002

Dig deeper on Microsoft Active Directory Design and Administration

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close