Our Windows 2000 migration is a restructure and I currently have a test lab set up with a replica of the NT4 domain and the new Win2k domain, with two DCs and a two-way trust between the domains. The Win2k domain is in native mode due to the ADMT requirement. The NT4 domain client machines are Win2k and migration of the client machines to Win2k domain will not be done all at once, but over time during the actual migration. DHCP and WINS services have been moved to the Win2k domain and decommissioned on the NT4 domain. DNS is AD-integrated using secure dynamic updates and set up so DHCP updates the PTR record, but Win2k client updates host a record. WINS lookup is also configured in DNS, as the Win2k and NT4 domains will both be running during migration.
I am sure my problem is due to DNS security and/or authentication. In the test lab, the NT4 domain clients cannot register their host name in DNS when DNS is set for secure updates only, but they can register when it is just set to dynamic updates. Would there be any requirement for the NT4 domain Win2000 clients to register in DNS to access resources in the Win2k domain during migration, or can I safely set these machines to not register in DNS until they are moved to the Win2k domain?
Well, Windows NT4 machines do not register themselves in DNS at all unless you have put the DSClient on the machines OR you have instructed DHCP to update the record for the client. So, if you would like the NT4 registration to occur, instruct the DHCP server to update the forward and reverse records for down-level clients who cannot do it themselves. This will still allow the Windows 2000 machines to do their own A record registrations, but will perform them on behalf of the NT4 workstations and servers that are incapable of registering their records.