I am administrator over a network with an NT4 PDC (primary domain controller), NT4 BDCs (backup domain controllers) and standalone NT4. I want to safely migrate my NT4 domain to Win2k Active Directory. For this purpose I plan to use a heavy workstation, which will be installed as an NT4 BDC and upgraded to Win2k on a separate network. I don't want to use this dirty machine, so I plan to install a new Compaq ML350 with Win2k, AD, DNS and DHCP. After this is completed I plan to shut down all servers in my running environment and put the ML350 in it. After starting this server, I will start my current PDC. I expect this server to say, "There is already an active PDC." Can I demote this server to be BDC in my new Win2k domain? And if so, is this a risky operation?
Your assumption is incorrect and it won't work as you expect. You could, however, do something like this:
- Build the heavy workstation as a BDC.
- Take the BDC off the network.
- Upgrade the PDC to be Windows 2000/Active Directory.
- Build the ML350 as the domain controller in the Active Directory.
- Migrate the Flexible Single Master Operations (FSMO) over to the ML350. (This is a critical step! Your AD will NOT be operational without doing this.) The MS KB article #223787, Flexible Single Master Operation transfer and seizure process will discuss moving each of the five FSMO rolls.
- Make the ML350 a global catalog (GC). Use the Active Directory Sites and Services to perform this action.
- Migrate DNS to the ML350 if you don't have another DNS structure already in place.
- Upgrade any other NT 4.0 BDCs to Windows 2000.
- Take the old PDC offline and erase it.
If all is working well, the heavy workstation you saved will no longer be needed and you can erase it. If, however, something goes wrong, you can take the Win2k servers offline and put the NT 4.0 BDC back online. Promote the NT 4.0 BDC to a PDC and then you are right back where you started.