Q: We recently upgraded from Windows NT to Windows Server 2003. Due to a DNS issue during the migration we deviated from the step-by-step and did not allow Active Directory to automatically put DNS on the 2003 domain controller.
After the NT 4.0 PDC was upgraded and AD was loaded we put DNS on the domain controller and brought over the needed zone records. The upgrade was successful with the exception that administrative tools need to be pointed directly to a domain controller or BDC to be used.
We talked to Microsoft concerning this for approximately four hours and they could not give us a definitive answer, however they are under the impression that the problem may be with the clients.
At the conclusion of this upgrade we experienced the same issue with administrative tools. We rolled back the network to NT 4.0 until further testing can be done. We did not experience these problems in the lab environment. The rollback/failover to the NT 4.0 environment was successful and only took about four minutes each time we did it. The problem centers on the administrative tools not pointing to the DC or BDC. Any thoughts?
A: Prior to the upgrade from Windows NT 4.0, did you make sure that the Fully Qualified Domain Name for the NT 4.0 domain was set to be exactly like you were going to build the Windows 2003 AD? If you upgrade a NT 4.0 domain controller with a name like mycomputer.mycompany.com and you specify during the upgrade that the AD domain will be mycomputer.mycompany.local, then the upgraded server will literally not be able to find itself.
The machine name will remain mycomputer.mycompany.com and will not change to what it should be -- mycomputer.mycompany.local to match the domain. When this sort of situation occurs, one of the several symptoms is the odd behavior of the Admin tools.
The other possibility is that the DNS records, while they may contain all of the A-records (host records) it might not contain the SRV records. When the ADMIN tools and other services are run they locate domain controllers by querying a service like PDC emulator service, or Global Catalog service for a domain.
When you move the zone to the Windows server, make sure that Secure Automatic updates are permitted, that the zone is AD Integrated (personal preference), and that the domain controllers point to a single machine as the primary and themselves as the secondary.
Dig Deeper on Legacy operating systems
Related Q&A from Paul Hinsberg
Need to take an in-place upgraded PDC offline to rebuild it and use the second and third freshly-built 2003 DCs to handle services? Our expert ... Continue Reading
One admin wants to know if he can run DCPROMO on a Windows Server 2003 machine while the root domain is on Windows 2000. Continue Reading
A new admin's Active Directory is in utter chaos. Here's what our expert suggests. Continue Reading