Problem solve Get help with specific problems with your technologies, process and projects.

The ABCs of PDCs and BDCs

In this two-part article, Paul Hinsberg comes with information about the two things that seem to be baffling you the most.

Paul Hinsberg

A, B, C, D, E, F, G -- this migration is killing me! That is the general sentiment we have been hearing from our members. In this two-part article,'s resident migration expert, Paul Hinsberg, comes to the rescue with information about the two things that seem to be baffling you the most -- primary domain controllers (PDCs) and backup domain controllers (BDCs). We hope his answers to other members' questions will help you through the muddy migration waters, too. member: How do I configure Windows 2000 Server as a PDC?

Paul Hinsberg: Windows 2000, when installed in a new domain, will automatically be a PDC if it is the first system in the directory structure. If you are upgrading from NT4, you will want to upgrade the PDC first. That system will then still be the PDC. If you have an Active Directory and want to move the PDC role (called Flexible Single Master Operations role), you should use Active Directory Users and Computers or the NTDSUTIL.exe tool from support tools to perform the action. member: How can I promote an NT4 member server to a BDC? I mainly work with Windows 2000 servers.

Paul Hinsberg: You can't. To make an NT4 member server a BDC, you must reinstall it. member: I have two BDCs in an NT domain. If I upgrade one of the BDCs to a Windows 2000 server, will it still be functioning as an NT BDC or not?

Paul Hinsberg: You must first upgrade the PDC to Windows 2000, prior to upgrading the BDCs. Once you have done that, you can upgrade the BDCs to Windows 2000 DCs. They will be able to authenticate users using the NTLM [NT LanManager] communication method, until you switch the domain to native mode on the upgraded PDC. Since there is no NT4 PDC anymore, there is no NT replication -- it is all Active Directory. member: I have an NT4 PDC and BDC that need to be converted. We are planning on doing the BDC first, leaving the PDC in NT for now, but demoting it to a BDC. Is this the proper thing to do?

Paul Hinsberg: You will need to promote the BDC to PDC first; then upgrade to Windows 2000. You will also want to consider getting another machine and building it up as a BDC prior to performing any Windows 2000 upgrade. This can be a workstation on which you have installed Windows NT server. Then take that server offline and perform the upgrades to the regular machines. This gives you a quick way to back out, if necessary.

Note that if you have to back out, any Windows 2000 or Windows XP workstations/servers will need to rejoin the NT domain to properly authenticate. Windows NT, Windows 98, etc., won't know the difference. member: I am running a flat Windows 2000 PDC server with Exchange 2000 on it. I have two other Windows 2000 servers in this domain and one NT4 server. If all workstations are logging on to the Windows 2000 domain, do I need to run DNS and WINS on the PDC server, or can I run it on another box? What is recommended for best performance?

Paul Hinsberg: If you do not have too many servers and workstations (e.g., less than 1,000), then leaving DNS and WINS on one of the DCs should be fine. Running the DNS and WINS on another machine will help offload some of the load from the Windows 2000 DCs, which will help performance of both the DNS and the DC -- but, again, if you do not have too many users and servers, it is more cost-effective to run all of the services on just a couple of machines. member: We have one PDC server and one BDC server on NT. Which one do we need to upgrade first to Windows 2000? The network will still be working with one PDC on NT and one on Windows 2000.

Paul Hinsberg: The PDC will need to be upgraded first. The BDCs can be NT4 for a while without a problem. During this time, the domain will be running in mixed mode. Once all of the BDCs are Windows 2000, then you can switch your domain to native mode.

MORE ON THIS TOPIC: Webcast: Staying secure during an NT to 2000 migration

Dig Deeper on Windows client management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.