But, let's say that you install the NT 4.0 BDC and then shuffle it off the network into a dark corner of the building where one would perform such unnatural acts. There you do an inplace upgrade while not on the network. Then you put your Frankenstein server back on the network as an AD controller. Chaos would ensue as the Windows 2000 servers would soon find the AD controller, and authenticate against it. Password changes, etc. would be done on the AD controller but would NEVER propogate to the NT 4.0 BDCs. As time goes on fewer and fewer users would be able to access the network. And your RAS solution would be so confused it would probably just implode.
If you are going to have an AD infrastructure and want to start with a fresh server, you would do the following:
- Install the server as a BDC in the NT 4.0 domain.
- Make sure it has synchronized with the domain.
- Promote the server to a PDC.
- Upgrade the server to Windows 2000 AD.
And you're done. The other 2 NT 4.0 servers would be BDCs (forever) in the same AD/domain as the Windows 2000 DC.
This was first published in July 2002