| Author |
Message |
KingBuzzo
Guest
|
 Posted:
Wed Jan 12, 2005 3:35 am Post subject:
NT4/2K3 DNS Domain Name - Fallback Issues |
|
|
I am currently upgrading an NT 4.0 PDC in a lab to 2003.
The current Netbios Domain name is DOMAIN and when I get to step 1 of the AD
setup it wants to change it to a FQDN name.
After I change the domain name to DOMAIN.Company.State.com and a user logs
in, it changes the workstation name from wrkstn to wrkstn.Company.State.com.
If the upgrade is successful in production this would be fine, but if I try
to remove the new 2K3 Domain Controller and put my backup NT 4.0 Domain
Controller back in production, it won't recognize the client because the
computer name has changed.
Is there any way around this or am I missing something here?
Thanks! |
|
| Back to top |
|
 |
Chriss3 [MVP]
Guest
|
| Posted:
Wed Jan 12, 2005 3:44 am Post subject:
Re: NT4/2K3 DNS Domain Name - Fallback Issues |
|
|
There is both a Pre-Windows2000 Name (NetBIOS Name) and a FQDN Name.
Down level clients or servers, Pre-Windows2000 still use the NetBIOS Name.
--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services
No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips
"KingBuzzo" <KingBuzzo@discussions.microsoft.com> skrev i meddelandet
news:AA9220C7-463C-4668-8461-2A7234AE7201@microsoft.com...
| Quote: | I am currently upgrading an NT 4.0 PDC in a lab to 2003.
The current Netbios Domain name is DOMAIN and when I get to step 1 of the
AD
setup it wants to change it to a FQDN name.
After I change the domain name to DOMAIN.Company.State.com and a user logs
in, it changes the workstation name from wrkstn to
wrkstn.Company.State.com.
If the upgrade is successful in production this would be fine, but if I
try
to remove the new 2K3 Domain Controller and put my backup NT 4.0 Domain
Controller back in production, it won't recognize the client because the
computer name has changed.
Is there any way around this or am I missing something here?
Thanks! |
|
|
| Back to top |
|
|
neo [mvp outlook]
Guest
|
| Posted:
Wed Jan 12, 2005 6:09 am Post subject:
Re: NT4/2K3 DNS Domain Name - Fallback Issues |
|
|
To stop the overloading of the first NT4.0 DC being upgraded to Win2Kx
Active Directory and give yourself a fallback, you will want to learn about
the NT4Emulator and NeutralizeNT4Emulator registry keys.
http://support.microsoft.com/default.aspx?scid=kb;en-us;298713&sd=RMVP
(You put the NT4Emulator key into the NT4 PDC before upgrade. Any new
Win2Kx box that is going to be promo'd to DC status gets the NT4Emulator and
NeutralizeNT4Emulator key. When you are ready to let all member
workstations cut over to AD [e.g. you have 2 or more Active Directory
DC/GCs], you remove both registry keys. As the workstations reset their
secure channel, then will cut over to the FQDN for the domain name.)
"KingBuzzo" <KingBuzzo@discussions.microsoft.com> wrote in message
news:AA9220C7-463C-4668-8461-2A7234AE7201@microsoft.com...
| Quote: | I am currently upgrading an NT 4.0 PDC in a lab to 2003.
The current Netbios Domain name is DOMAIN and when I get to step 1 of the
AD
setup it wants to change it to a FQDN name.
After I change the domain name to DOMAIN.Company.State.com and a user logs
in, it changes the workstation name from wrkstn to
wrkstn.Company.State.com.
If the upgrade is successful in production this would be fine, but if I
try
to remove the new 2K3 Domain Controller and put my backup NT 4.0 Domain
Controller back in production, it won't recognize the client because the
computer name has changed.
Is there any way around this or am I missing something here?
Thanks! |
|
|
| Back to top |
|
|
KingBuzzo
Guest
|
| Posted:
Wed Jan 12, 2005 9:13 pm Post subject:
Re: NT4/2K3 DNS Domain Name - Fallback Issues |
|
|
Yes, I understand how it has the two names for backward compatibility but
after logging a workstation into the upgraded domain, it actually renamed it
which caused a problem when I tried to log into the old domain as I was
testing my fallback plan.
"Chriss3 [MVP]" wrote:
| Quote: | There is both a Pre-Windows2000 Name (NetBIOS Name) and a FQDN Name.
Down level clients or servers, Pre-Windows2000 still use the NetBIOS Name.
--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services
No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips
"KingBuzzo" <KingBuzzo@discussions.microsoft.com> skrev i meddelandet
news:AA9220C7-463C-4668-8461-2A7234AE7201@microsoft.com...
I am currently upgrading an NT 4.0 PDC in a lab to 2003.
The current Netbios Domain name is DOMAIN and when I get to step 1 of the
AD
setup it wants to change it to a FQDN name.
After I change the domain name to DOMAIN.Company.State.com and a user logs
in, it changes the workstation name from wrkstn to
wrkstn.Company.State.com.
If the upgrade is successful in production this would be fine, but if I
try
to remove the new 2K3 Domain Controller and put my backup NT 4.0 Domain
Controller back in production, it won't recognize the client because the
computer name has changed.
Is there any way around this or am I missing something here?
Thanks!
|
|
|
| Back to top |
|
|
KingBuzzo
Guest
|
| Posted:
Wed Jan 12, 2005 9:23 pm Post subject:
Re: NT4/2K3 DNS Domain Name - Fallback Issues |
|
|
Yes, I have read the instructions on how to enable this feature but how will
I stop the new domain from renaming my workstation name after the first login?
"neo [mvp outlook]" wrote:
| Quote: | To stop the overloading of the first NT4.0 DC being upgraded to Win2Kx
Active Directory and give yourself a fallback, you will want to learn about
the NT4Emulator and NeutralizeNT4Emulator registry keys.
http://support.microsoft.com/default.aspx?scid=kb;en-us;298713&sd=RMVP
(You put the NT4Emulator key into the NT4 PDC before upgrade. Any new
Win2Kx box that is going to be promo'd to DC status gets the NT4Emulator and
NeutralizeNT4Emulator key. When you are ready to let all member
workstations cut over to AD [e.g. you have 2 or more Active Directory
DC/GCs], you remove both registry keys. As the workstations reset their
secure channel, then will cut over to the FQDN for the domain name.)
"KingBuzzo" <KingBuzzo@discussions.microsoft.com> wrote in message
news:AA9220C7-463C-4668-8461-2A7234AE7201@microsoft.com...
I am currently upgrading an NT 4.0 PDC in a lab to 2003.
The current Netbios Domain name is DOMAIN and when I get to step 1 of the
AD
setup it wants to change it to a FQDN name.
After I change the domain name to DOMAIN.Company.State.com and a user logs
in, it changes the workstation name from wrkstn to
wrkstn.Company.State.com.
If the upgrade is successful in production this would be fine, but if I
try
to remove the new 2K3 Domain Controller and put my backup NT 4.0 Domain
Controller back in production, it won't recognize the client because the
computer name has changed.
Is there any way around this or am I missing something here?
Thanks!
|
|
|
| Back to top |
|
|
Chriss3 [MVP]
Guest
|
| Posted:
Wed Jan 12, 2005 11:12 pm Post subject:
Re: NT4/2K3 DNS Domain Name - Fallback Issues |
|
|
I think the name is not changed, just the FQDN are added. but the name of
the particular computer are still the same. Are you meaning the NetBIOS Name
is changed?
--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services
No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips
"KingBuzzo" <KingBuzzo@discussions.microsoft.com> skrev i meddelandet
news:EA1D2E44-2915-40DF-BF45-94446A003601@microsoft.com...
| Quote: | Yes, I understand how it has the two names for backward compatibility but
after logging a workstation into the upgraded domain, it actually renamed
it
which caused a problem when I tried to log into the old domain as I was
testing my fallback plan.
"Chriss3 [MVP]" wrote:
There is both a Pre-Windows2000 Name (NetBIOS Name) and a FQDN Name.
Down level clients or servers, Pre-Windows2000 still use the NetBIOS
Name.
--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services
No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips
"KingBuzzo" <KingBuzzo@discussions.microsoft.com> skrev i meddelandet
news:AA9220C7-463C-4668-8461-2A7234AE7201@microsoft.com...
I am currently upgrading an NT 4.0 PDC in a lab to 2003.
The current Netbios Domain name is DOMAIN and when I get to step 1 of
the
AD
setup it wants to change it to a FQDN name.
After I change the domain name to DOMAIN.Company.State.com and a user
logs
in, it changes the workstation name from wrkstn to
wrkstn.Company.State.com.
If the upgrade is successful in production this would be fine, but if I
try
to remove the new 2K3 Domain Controller and put my backup NT 4.0 Domain
Controller back in production, it won't recognize the client because
the
computer name has changed.
Is there any way around this or am I missing something here?
Thanks!
|
|
|
| Back to top |
|
|
KingBuzzo
Guest
|
| Posted:
Wed Jan 12, 2005 11:43 pm Post subject:
Re: NT4/2K3 DNS Domain Name - Fallback Issues |
|
|
Yes, and then when I tried to log back into the old domain the trust was
broken because the computername was different.
Maybe I did something wrong?
"Chriss3 [MVP]" wrote:
| Quote: | I think the name is not changed, just the FQDN are added. but the name of
the particular computer are still the same. Are you meaning the NetBIOS Name
is changed?
--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services
No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips
"KingBuzzo" <KingBuzzo@discussions.microsoft.com> skrev i meddelandet
news:EA1D2E44-2915-40DF-BF45-94446A003601@microsoft.com...
Yes, I understand how it has the two names for backward compatibility but
after logging a workstation into the upgraded domain, it actually renamed
it
which caused a problem when I tried to log into the old domain as I was
testing my fallback plan.
"Chriss3 [MVP]" wrote:
There is both a Pre-Windows2000 Name (NetBIOS Name) and a FQDN Name.
Down level clients or servers, Pre-Windows2000 still use the NetBIOS
Name.
--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services
No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips
"KingBuzzo" <KingBuzzo@discussions.microsoft.com> skrev i meddelandet
news:AA9220C7-463C-4668-8461-2A7234AE7201@microsoft.com...
I am currently upgrading an NT 4.0 PDC in a lab to 2003.
The current Netbios Domain name is DOMAIN and when I get to step 1 of
the
AD
setup it wants to change it to a FQDN name.
After I change the domain name to DOMAIN.Company.State.com and a user
logs
in, it changes the workstation name from wrkstn to
wrkstn.Company.State.com.
If the upgrade is successful in production this would be fine, but if I
try
to remove the new 2K3 Domain Controller and put my backup NT 4.0 Domain
Controller back in production, it won't recognize the client because
the
computer name has changed.
Is there any way around this or am I missing something here?
Thanks!
|
|
|
| Back to top |
|
|
neo [mvp outlook]
Guest
|
| Posted:
Thu Jan 13, 2005 2:44 pm Post subject:
Re: NT4/2K3 DNS Domain Name - Fallback Issues |
|
|
If *all* Active Directory DC/GCs are running in NT4 emulation and the member
server/workstation is not overriding the emulation with the neutralize key,
then you will see that the domain name will not change from NetBIOS to FQDN.
/neo
"KingBuzzo" <KingBuzzo@discussions.microsoft.com> wrote in message
news:907A4433-44BE-4CC1-AE64-3B3FCA0C0AED@microsoft.com...
| Quote: | Yes, I have read the instructions on how to enable this feature but how
will
I stop the new domain from renaming my workstation name after the first
login?
"neo [mvp outlook]" wrote:
To stop the overloading of the first NT4.0 DC being upgraded to Win2Kx
Active Directory and give yourself a fallback, you will want to learn
about
the NT4Emulator and NeutralizeNT4Emulator registry keys.
http://support.microsoft.com/default.aspx?scid=kb;en-us;298713&sd=RMVP
(You put the NT4Emulator key into the NT4 PDC before upgrade. Any new
Win2Kx box that is going to be promo'd to DC status gets the NT4Emulator
and
NeutralizeNT4Emulator key. When you are ready to let all member
workstations cut over to AD [e.g. you have 2 or more Active Directory
DC/GCs], you remove both registry keys. As the workstations reset their
secure channel, then will cut over to the FQDN for the domain name.)
"KingBuzzo" <KingBuzzo@discussions.microsoft.com> wrote in message
news:AA9220C7-463C-4668-8461-2A7234AE7201@microsoft.com...
I am currently upgrading an NT 4.0 PDC in a lab to 2003.
The current Netbios Domain name is DOMAIN and when I get to step 1 of
the
AD
setup it wants to change it to a FQDN name.
After I change the domain name to DOMAIN.Company.State.com and a user
logs
in, it changes the workstation name from wrkstn to
wrkstn.Company.State.com.
If the upgrade is successful in production this would be fine, but if I
try
to remove the new 2K3 Domain Controller and put my backup NT 4.0 Domain
Controller back in production, it won't recognize the client because
the
computer name has changed.
Is there any way around this or am I missing something here?
Thanks!
|
|
|
| Back to top |
|
|
KingBuzzo
Guest
|
| Posted:
Thu Jan 13, 2005 9:11 pm Post subject:
Re: NT4/2K3 DNS Domain Name - Fallback Issues |
|
|
So as long as I make those changes any of the new DC's to emulate NT4 none of
the workstations will be renamed.
I guess I should run them in emulation mode for an indefinite period until
I'm sure I can cut the DC's over?
I was under the impression that nothing would change on the client in
emulation or non-emulation mode other than they may swamp the 1st DC with
kerberos authentication requests.
Thanks!
"neo [mvp outlook]" wrote:
| Quote: | If *all* Active Directory DC/GCs are running in NT4 emulation and the member
server/workstation is not overriding the emulation with the neutralize key,
then you will see that the domain name will not change from NetBIOS to FQDN.
/neo
"KingBuzzo" <KingBuzzo@discussions.microsoft.com> wrote in message
news:907A4433-44BE-4CC1-AE64-3B3FCA0C0AED@microsoft.com...
Yes, I have read the instructions on how to enable this feature but how
will
I stop the new domain from renaming my workstation name after the first
login?
"neo [mvp outlook]" wrote:
To stop the overloading of the first NT4.0 DC being upgraded to Win2Kx
Active Directory and give yourself a fallback, you will want to learn
about
the NT4Emulator and NeutralizeNT4Emulator registry keys.
http://support.microsoft.com/default.aspx?scid=kb;en-us;298713&sd=RMVP
(You put the NT4Emulator key into the NT4 PDC before upgrade. Any new
Win2Kx box that is going to be promo'd to DC status gets the NT4Emulator
and
NeutralizeNT4Emulator key. When you are ready to let all member
workstations cut over to AD [e.g. you have 2 or more Active Directory
DC/GCs], you remove both registry keys. As the workstations reset their
secure channel, then will cut over to the FQDN for the domain name.)
"KingBuzzo" <KingBuzzo@discussions.microsoft.com> wrote in message
news:AA9220C7-463C-4668-8461-2A7234AE7201@microsoft.com...
I am currently upgrading an NT 4.0 PDC in a lab to 2003.
The current Netbios Domain name is DOMAIN and when I get to step 1 of
the
AD
setup it wants to change it to a FQDN name.
After I change the domain name to DOMAIN.Company.State.com and a user
logs
in, it changes the workstation name from wrkstn to
wrkstn.Company.State.com.
If the upgrade is successful in production this would be fine, but if I
try
to remove the new 2K3 Domain Controller and put my backup NT 4.0 Domain
Controller back in production, it won't recognize the client because
the
computer name has changed.
Is there any way around this or am I missing something here?
Thanks!
|
|
|
| Back to top |
|
|
Chriss3 [MVP]
Guest
|
| Posted:
Thu Jan 13, 2005 10:19 pm Post subject:
Re: NT4/2K3 DNS Domain Name - Fallback Issues |
|
|
The trust should not be broken, Verify your trust sate in Active Directory
Domains & Trusts tool.
How to verify a trust:
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_ADtrustVerify.asp
--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services
No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips
"KingBuzzo" <KingBuzzo@discussions.microsoft.com> skrev i meddelandet
news:023BF4AA-1803-4100-BC91-51B8240643C8@microsoft.com...
| Quote: | Yes, and then when I tried to log back into the old domain the trust was
broken because the computername was different.
Maybe I did something wrong?
"Chriss3 [MVP]" wrote:
I think the name is not changed, just the FQDN are added. but the name of
the particular computer are still the same. Are you meaning the NetBIOS
Name
is changed?
--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services
No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips
"KingBuzzo" <KingBuzzo@discussions.microsoft.com> skrev i meddelandet
news:EA1D2E44-2915-40DF-BF45-94446A003601@microsoft.com...
Yes, I understand how it has the two names for backward compatibility
but
after logging a workstation into the upgraded domain, it actually
renamed
it
which caused a problem when I tried to log into the old domain as I was
testing my fallback plan.
"Chriss3 [MVP]" wrote:
There is both a Pre-Windows2000 Name (NetBIOS Name) and a FQDN Name.
Down level clients or servers, Pre-Windows2000 still use the NetBIOS
Name.
--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services
No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips
"KingBuzzo" <KingBuzzo@discussions.microsoft.com> skrev i meddelandet
news:AA9220C7-463C-4668-8461-2A7234AE7201@microsoft.com...
I am currently upgrading an NT 4.0 PDC in a lab to 2003.
The current Netbios Domain name is DOMAIN and when I get to step 1
of
the
AD
setup it wants to change it to a FQDN name.
After I change the domain name to DOMAIN.Company.State.com and a
user
logs
in, it changes the workstation name from wrkstn to
wrkstn.Company.State.com.
If the upgrade is successful in production this would be fine, but
if I
try
to remove the new 2K3 Domain Controller and put my backup NT 4.0
Domain
Controller back in production, it won't recognize the client because
the
computer name has changed.
Is there any way around this or am I missing something here?
Thanks!
|
|
|
| Back to top |
|
|
KingBuzzo
Guest
|
| Posted:
Thu Jan 13, 2005 10:45 pm Post subject:
Re: NT4/2K3 DNS Domain Name - Fallback Issues |
|
|
I mean the trust between the NT4 Domain and the workstation was broken
because the W2K3 AD DC renamed the workstation upon login.
"Chriss3 [MVP]" wrote:
| Quote: | The trust should not be broken, Verify your trust sate in Active Directory
Domains & Trusts tool.
How to verify a trust:
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_ADtrustVerify.asp
--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services
No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips
"KingBuzzo" <KingBuzzo@discussions.microsoft.com> skrev i meddelandet
news:023BF4AA-1803-4100-BC91-51B8240643C8@microsoft.com...
Yes, and then when I tried to log back into the old domain the trust was
broken because the computername was different.
Maybe I did something wrong?
"Chriss3 [MVP]" wrote:
I think the name is not changed, just the FQDN are added. but the name of
the particular computer are still the same. Are you meaning the NetBIOS
Name
is changed?
--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services
No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips
"KingBuzzo" <KingBuzzo@discussions.microsoft.com> skrev i meddelandet
news:EA1D2E44-2915-40DF-BF45-94446A003601@microsoft.com...
Yes, I understand how it has the two names for backward compatibility
but
after logging a workstation into the upgraded domain, it actually
renamed
it
which caused a problem when I tried to log into the old domain as I was
testing my fallback plan.
"Chriss3 [MVP]" wrote:
There is both a Pre-Windows2000 Name (NetBIOS Name) and a FQDN Name.
Down level clients or servers, Pre-Windows2000 still use the NetBIOS
Name.
--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services
No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips
"KingBuzzo" <KingBuzzo@discussions.microsoft.com> skrev i meddelandet
news:AA9220C7-463C-4668-8461-2A7234AE7201@microsoft.com...
I am currently upgrading an NT 4.0 PDC in a lab to 2003.
The current Netbios Domain name is DOMAIN and when I get to step 1
of
the
AD
setup it wants to change it to a FQDN name.
After I change the domain name to DOMAIN.Company.State.com and a
user
logs
in, it changes the workstation name from wrkstn to
wrkstn.Company.State.com.
If the upgrade is successful in production this would be fine, but
if I
try
to remove the new 2K3 Domain Controller and put my backup NT 4.0
Domain
Controller back in production, it won't recognize the client because
the
computer name has changed.
Is there any way around this or am I missing something here?
Thanks!
|
|
|
| Back to top |
|
|
neo [mvp outlook]
Guest
|
| Posted:
Sat Jan 15, 2005 7:25 am Post subject:
Re: NT4/2K3 DNS Domain Name - Fallback Issues |
|
|
Yes, you must add the NT4Emulator and neutralize registry key to the NT4 PDC
before upgrading it to Win2Kx. You must add the emulator and neutralize
registry key values to any Win2Kx server before promoting it to a domain
controller. Last but not least, you must add the Emulator and neutralize
registry key value to any NT4 BDC that you plan to upgrade. This will
ensure that no member workstation/server will sniff an Active Directory
domain controller. If the staff forget to do this first, the jig is up
because Windows 2000 and newer lock to the new bits and won't go back to
talking to a pure NT4 domain controller unless they are unjoined/rejoined.
Once you are confident that you have enough Win2Kx DCs to support your
environment, you can remove the emulator and neutralize registry keys from
the DCs if you want to cut the site over in one go. If you want to play the
take it slow approach, you can add the neutralize key to member
workstations/servers so that you can control how many hosts recognize the
new environment.
Just keep in mind that while running in emulation, that active directory
group policies will not apply. Member workstation/servers will continue to
use NT4 system policies until the emulator registry keys are removed from
the Win2Kx DCs or the neutralize registry key value is added to the member
server/workstation.
/neo
"KingBuzzo" <KingBuzzo@discussions.microsoft.com> wrote in message
news:5A918EC9-78A5-4CDE-AEC6-F843BB7679FF@microsoft.com...
| Quote: | So as long as I make those changes any of the new DC's to emulate NT4 none
of
the workstations will be renamed.
I guess I should run them in emulation mode for an indefinite period until
I'm sure I can cut the DC's over?
I was under the impression that nothing would change on the client in
emulation or non-emulation mode other than they may swamp the 1st DC with
kerberos authentication requests.
Thanks!
"neo [mvp outlook]" wrote:
If *all* Active Directory DC/GCs are running in NT4 emulation and the
member
server/workstation is not overriding the emulation with the neutralize
key,
then you will see that the domain name will not change from NetBIOS to
FQDN.
/neo
"KingBuzzo" <KingBuzzo@discussions.microsoft.com> wrote in message
news:907A4433-44BE-4CC1-AE64-3B3FCA0C0AED@microsoft.com...
Yes, I have read the instructions on how to enable this feature but how
will
I stop the new domain from renaming my workstation name after the first
login?
"neo [mvp outlook]" wrote:
To stop the overloading of the first NT4.0 DC being upgraded to Win2Kx
Active Directory and give yourself a fallback, you will want to learn
about
the NT4Emulator and NeutralizeNT4Emulator registry keys.
http://support.microsoft.com/default.aspx?scid=kb;en-us;298713&sd=RMVP
(You put the NT4Emulator key into the NT4 PDC before upgrade. Any new
Win2Kx box that is going to be promo'd to DC status gets the
NT4Emulator
and
NeutralizeNT4Emulator key. When you are ready to let all member
workstations cut over to AD [e.g. you have 2 or more Active Directory
DC/GCs], you remove both registry keys. As the workstations reset
their
secure channel, then will cut over to the FQDN for the domain name.)
"KingBuzzo" <KingBuzzo@discussions.microsoft.com> wrote in message
news:AA9220C7-463C-4668-8461-2A7234AE7201@microsoft.com...
I am currently upgrading an NT 4.0 PDC in a lab to 2003.
The current Netbios Domain name is DOMAIN and when I get to step 1
of
the
AD
setup it wants to change it to a FQDN name.
After I change the domain name to DOMAIN.Company.State.com and a
user
logs
in, it changes the workstation name from wrkstn to
wrkstn.Company.State.com.
If the upgrade is successful in production this would be fine, but
if I
try
to remove the new 2K3 Domain Controller and put my backup NT 4.0
Domain
Controller back in production, it won't recognize the client because
the
computer name has changed.
Is there any way around this or am I missing something here?
Thanks!
|
|
|
| Back to top |
|
|
KingBuzzo
Guest
|
| Posted:
Mon Jan 17, 2005 6:14 pm Post subject:
Re: NT4/2K3 DNS Domain Name - Fallback Issues |
|
|
Yes, this is the answer I was looking for!
I will wipe my test DC and try it again.
Thank you!
"neo [mvp outlook]" wrote:
| Quote: | Yes, you must add the NT4Emulator and neutralize registry key to the NT4 PDC
before upgrading it to Win2Kx. You must add the emulator and neutralize
registry key values to any Win2Kx server before promoting it to a domain
controller. Last but not least, you must add the Emulator and neutralize
registry key value to any NT4 BDC that you plan to upgrade. This will
ensure that no member workstation/server will sniff an Active Directory
domain controller. If the staff forget to do this first, the jig is up
because Windows 2000 and newer lock to the new bits and won't go back to
talking to a pure NT4 domain controller unless they are unjoined/rejoined.
Once you are confident that you have enough Win2Kx DCs to support your
environment, you can remove the emulator and neutralize registry keys from
the DCs if you want to cut the site over in one go. If you want to play the
take it slow approach, you can add the neutralize key to member
workstations/servers so that you can control how many hosts recognize the
new environment.
Just keep in mind that while running in emulation, that active directory
group policies will not apply. Member workstation/servers will continue to
use NT4 system policies until the emulator registry keys are removed from
the Win2Kx DCs or the neutralize registry key value is added to the member
server/workstation.
/neo
"KingBuzzo" <KingBuzzo@discussions.microsoft.com> wrote in message
news:5A918EC9-78A5-4CDE-AEC6-F843BB7679FF@microsoft.com...
So as long as I make those changes any of the new DC's to emulate NT4 none
of
the workstations will be renamed.
I guess I should run them in emulation mode for an indefinite period until
I'm sure I can cut the DC's over?
I was under the impression that nothing would change on the client in
emulation or non-emulation mode other than they may swamp the 1st DC with
kerberos authentication requests.
Thanks!
"neo [mvp outlook]" wrote:
If *all* Active Directory DC/GCs are running in NT4 emulation and the
member
server/workstation is not overriding the emulation with the neutralize
key,
then you will see that the domain name will not change from NetBIOS to
FQDN.
/neo
"KingBuzzo" <KingBuzzo@discussions.microsoft.com> wrote in message
news:907A4433-44BE-4CC1-AE64-3B3FCA0C0AED@microsoft.com...
Yes, I have read the instructions on how to enable this feature but how
will
I stop the new domain from renaming my workstation name after the first
login?
"neo [mvp outlook]" wrote:
To stop the overloading of the first NT4.0 DC being upgraded to Win2Kx
Active Directory and give yourself a fallback, you will want to learn
about
the NT4Emulator and NeutralizeNT4Emulator registry keys.
http://support.microsoft.com/default.aspx?scid=kb;en-us;298713&sd=RMVP
(You put the NT4Emulator key into the NT4 PDC before upgrade. Any new
Win2Kx box that is going to be promo'd to DC status gets the
NT4Emulator
and
NeutralizeNT4Emulator key. When you are ready to let all member
workstations cut over to AD [e.g. you have 2 or more Active Directory
DC/GCs], you remove both registry keys. As the workstations reset
their
secure channel, then will cut over to the FQDN for the domain name.)
"KingBuzzo" <KingBuzzo@discussions.microsoft.com> wrote in message
news:AA9220C7-463C-4668-8461-2A7234AE7201@microsoft.com...
I am currently upgrading an NT 4.0 PDC in a lab to 2003.
The current Netbios Domain name is DOMAIN and when I get to step 1
of
the
AD
setup it wants to change it to a FQDN name.
After I change the domain name to DOMAIN.Company.State.com and a
user
logs
in, it changes the workstation name from wrkstn to
wrkstn.Company.State.com.
If the upgrade is successful in production this would be fine, but
if I
try
to remove the new 2K3 Domain Controller and put my backup NT 4.0
Domain
Controller back in production, it won't recognize the client because
the
computer name has changed.
Is there any way around this or am I missing something here?
Thanks!
|
|
|
| Back to top |
|
|
KingBuzzo
Guest
|
| Posted:
Mon Jan 17, 2005 6:14 pm Post subject:
Re: NT4/2K3 DNS Domain Name - Fallback Issues |
|
|
Yes, this is the answer I was looking for!
I will wipe my test DC and try it again.
Thank you!
"neo [mvp outlook]" wrote:
| Quote: | Yes, you must add the NT4Emulator and neutralize registry key to the NT4 PDC
before upgrading it to Win2Kx. You must add the emulator and neutralize
registry key values to any Win2Kx server before promoting it to a domain
controller. Last but not least, you must add the Emulator and neutralize
registry key value to any NT4 BDC that you plan to upgrade. This will
ensure that no member workstation/server will sniff an Active Directory
domain controller. If the staff forget to do this first, the jig is up
because Windows 2000 and newer lock to the new bits and won't go back to
talking to a pure NT4 domain controller unless they are unjoined/rejoined.
Once you are confident that you have enough Win2Kx DCs to support your
environment, you can remove the emulator and neutralize registry keys from
the DCs if you want to cut the site over in one go. If you want to play the
take it slow approach, you can add the neutralize key to member
workstations/servers so that you can control how many hosts recognize the
new environment.
Just keep in mind that while running in emulation, that active directory
group policies will not apply. Member workstation/servers will continue to
use NT4 system policies until the emulator registry keys are removed from
the Win2Kx DCs or the neutralize registry key value is added to the member
server/workstation.
/neo
"KingBuzzo" <KingBuzzo@discussions.microsoft.com> wrote in message
news:5A918EC9-78A5-4CDE-AEC6-F843BB7679FF@microsoft.com...
So as long as I make those changes any of the new DC's to emulate NT4 none
of
the workstations will be renamed.
I guess I should run them in emulation mode for an indefinite period until
I'm sure I can cut the DC's over?
I was under the impression that nothing would change on the client in
emulation or non-emulation mode other than they may swamp the 1st DC with
kerberos authentication requests.
Thanks!
"neo [mvp outlook]" wrote:
If *all* Active Directory DC/GCs are running in NT4 emulation and the
member
server/workstation is not overriding the emulation with the neutralize
key,
then you will see that the domain name will not change from NetBIOS to
FQDN.
/neo
"KingBuzzo" <KingBuzzo@discussions.microsoft.com> wrote in message
news:907A4433-44BE-4CC1-AE64-3B3FCA0C0AED@microsoft.com...
Yes, I have read the instructions on how to enable this feature but how
will
I stop the new domain from renaming my workstation name after the first
login?
"neo [mvp outlook]" wrote:
To stop the overloading of the first NT4.0 DC being upgraded to Win2Kx
Active Directory and give yourself a fallback, you will want to learn
about
the NT4Emulator and NeutralizeNT4Emulator registry keys.
http://support.microsoft.com/default.aspx?scid=kb;en-us;298713&sd=RMVP
(You put the NT4Emulator key into the NT4 PDC before upgrade. Any new
Win2Kx box that is going to be promo'd to DC status gets the
NT4Emulator
and
NeutralizeNT4Emulator key. When you are ready to let all member
workstations cut over to AD [e.g. you have 2 or more Active Directory
DC/GCs], you remove both registry keys. As the workstations reset
their
secure channel, then will cut over to the FQDN for the domain name.)
"KingBuzzo" <KingBuzzo@discussions.microsoft.com> wrote in message
news:AA9220C7-463C-4668-8461-2A7234AE7201@microsoft.com...
I am currently upgrading an NT 4.0 PDC in a lab to 2003.
The current Netbios Domain name is DOMAIN and when I get to step 1
of
the
AD
setup it wants to change it to a FQDN name.
After I change the domain name to DOMAIN.Company.State.com and a
user
logs
in, it changes the workstation name from wrkstn to
wrkstn.Company.State.com.
If the upgrade is successful in production this would be fine, but
if I
try
to remove the new 2K3 Domain Controller and put my backup NT 4.0
Domain
Controller back in production, it won't recognize the client because
the
computer name has changed.
Is there any way around this or am I missing something here?
Thanks!
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in