Ask the Expert spotlight: Active Directory

Ease the pain of your Windows 2000 migration and learn how to make the most of your Active Directory. AD expert Paul Hinsberg has the Rx for Win2k implementation and management headaches.

Ease the pain of your Windows 2000 migration and learn how to make the most of your Active Directory. SearchWin2000.com's Active Directory and Migration expert Paul Hinsberg has the Rx for Win2k implementation and management headaches. Browse through these member-submitted questions recently tackled by Paul. Or, got a pressing AD problem of your own? Click here to ask Paul a question.

1. Is a pristine forest a good idea?

Dear Paul,
I'm upgrading/migrating from Win2K to Win2003 and retiring all old servers in the process. I don't like the forest name and domain name of our Win2k AD and would like to make the internal and external DNS namespace the same. I would like to bring up the new servers in a pristine forest and move user and computer accounts over. Is this a good idea? Can you recommend a good tool for moving accounts and users from one forest to another?

Click here to read Paul's response.

2. Problems bringing up a Win 2003 domain

Dear Paul,
We have an existing NT4.0 domain, and we are now bringing up a Win 2003 AD domain. While we migrate several servers and buildings, we need to have users on the new 2003 domain access resources on the NT 4.0 domain. So we go through the steps to set up a trust, it appears to go fine on the NT 4.0 side, but when we sit down at the 2003 controller and run the trust setup, it prompts me for credentials and not the trust password credentials (we never get to that point). After I put in the NT 4.0 domain it then gives me an error: Operation Failed. Access is denied. We are using the domain admin account for credentials and have looked at numerous sites for info and have found nothing referring to this error. Any thoughts?

Click here to read Paul's response.

3. How to migrate a primary domain controller to a Blade Server

Dear Paul,
Our existing Windows 2000 primary domain controller is getting old, and we want to replace it with completely new hardware (IBM Blade Server H20). The old hardware is using SCSI disks and Hardware RAID 5 for both the system and data disks. The new hardware will use SCSI and hardware RAID 1 for the system disk and hardware RAID 5 for the data disk. The existing Primary Domain Controller is currently installed with Exchange 2000. Now my management requests me to migrate the Primary Domain Controller and Exchange 2000 to the new Blade Server. I don't know the steps to do it. Please help and thank you in advance.

Click here to read Paul's response.

4. Local profiles are suddenly changing

Dear Paul,
Our company has recently migrated from an NT 4.0 domain to a Windows 2003 domain. An external company was brought in to perform the migration. This was approximately two weeks ago. Now, we are having issues with local profiles suddenly changing. Of course we can go into each machine and copy the profile info over, but that doesn't copy the registry info. This is slowly hitting every machine including our servers. Is there anything we can do to copy all info over to the new profile?

Click here to read Paul's response.

5. Preventing users from using Active Desktop to access the Internet

Dear Paul,
I have tried to lock down Windows 2000 Pro to prevent users from accessing the Internet. I recently discovered that by utilizing Active Desktop, users can access the Internet. How do I prevent active desktop from being used in this manner?

Click here to read Paul's response.


Paul E. Hinsberg is a consultant, technical trainer and author with more than 10 years of experience in a wide variety of operating systems and programming languages. He is a Microsoft MVP and the author of several Windows technical publications, among them, "Windows NT Performance: Monitoring, Benchmarking and Tuning," "Investigating Application Performance on Windows NT." Paul has also served as technical editor and advisor on several other books on Windows administration and networking. Paul holds an MCSE and Masters in Business Administration. His company, CRSD Inc., has helped with the implementation of large NT and 2000 rollouts.

Dig deeper on Microsoft Active Directory Design and Administration

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close