depends, if it's the PDC, then you make another machine the PDC, if it's a BDC, then you don't demote without formatting. there might be some registry hack to do it, but that's the official position I believe.
The NT 4 box is the PDC, we are moving over to Win 2K Server and going to deploy an Active Directory. In an ideal world we would just turn off the NT 4 box but we cant in this case as it has Sage and SQL on it and we need our maintance company to move it for us, that will take 6 - 8 weeks for them to come and do it.
How do I then change the NT 4 to not being the PDC?
Win2k ditched the PDC and BDC model, in a win2k domain all servers are simply domain controllers. Again, IIRC you cannot simply make a PDC not a PDC, I know it's stupid, and also probably the reason why M$ ditched this PDC/BDC model. Ask primesuspect, he can tell you how best to do this move.
Well, for a mixed network you have three general choices.
Leave it up as PDC, but on its own segment and thus on it's own LAN stub and make a WAN bridge to it.
Migrate domain control to Novell.
Dump all IDS to paper, back up your DBMSs, build a new win2k domain server for domain control from your paper, destroy paper, and unplug your server overnight while you rebuild from a reinstall as file server and then backup recovery and possibly a reupdate. (Essentially your move, expedited).
Four would be more interesting, convert domain control (starting with LAN border entries) to OpenBSD-- which it excells at. OpenBSD, NetBSD, Linux, and Unix can all handle security function as multiple apps with individualized security by app. Thus, break part, you do not break all-- each brick can be secured individually and the gates can jail intruders in something that looks like a core plus data set but has false data (honeypotting is one extended variance of this).
To stage this box out, you could backup domain control to a backup server, separate DBMS to a DBMS server and take the box down if you can recover overnight. It while the box is down the data can be transfered on a faster box this might be possible to do in a short time (think of server's backedup HD's as source for data rather than server itself, move data to faster box inside HDs if can build file system in new box that mirrors old by either moving one half of the mirror temporarily to faster box for data recovery and transfer and leave second box live with minimal interruption to stick in new blank and let the array remirror itself).
Or wait until maint can get there and back up religiously so you have failover if the older box dies catastrophicly. Just a few ideas.
Since you have a need to have both up, you need to create on a second box while first is live, then stage up second box and take first down. Further, I would separate security control from any DBMS as far as physcial box if the money to do so is there or can be made available-- much more survivablility that way.
1 : Domain Controller which is running Windows NT4 Server, SQL Server and Sage
2 : Win2K Server that is be ditched
3 : Win2K Server that is remaining as is, basically as a file store.
4 : About 5 differnet mac servers.
This is the setup we have :
The NT4 Sever acts as the Domain Controller and handles user authetication for the network, this also runs SQL Server and Sage for our account dept. Ideally we would just turn this box off, but we cant we need to keep Sage on their till its moved.
The first Win2K Machine handles DNS and DHCP this is being taken over by our new server (more on that in a minute) the third Win2K box handles no main network fuction and ditto to the macs.
Due to the age of this collection we have got a new blade server to replace most of the current hardware.
The new server will consit of three blades
1) The main blade this will handle DNS, DHCP, Domain, User Logon etc
2) This is not needed for network
3) Linux just mail server.
What i want to be able to do is set up the new system with all teh users accounts, etc and deactivate the old domain controller and have this one take over. If that is not possible is there a way to set up the Active Directory with all the details then simply deactivate it till its needed?
This is an interesting problem. Unfortunately, there's no easy way to solve it. Just glancing at your posts, my initial reaction is to say wait until the dB maintenance company can synchronize with you and you can have the work done on the same day. But there is a fantastic tool that Microsoft makes freely available called the Active Directory Migration Tool: http://www.microsoft.com/windows2000/techinfo/planning/activedirectory/admt.asp
Take a look at that first, and tell me if you think it's what you need. Post back, and we'll go from there.
Click on the link, it was truncated in posting to fit message display width to fit display size-- the link part does work, though. For some reason your browser did not redirect properly and 404'd instead.
First thing to do is to force replication of domain objects to your BDC's, then take your PDC offline and promote a BDC, not trying to demote your PDC ...WTF (This way if AD fuxx0rs up and chokes during install you still have your original PDC untarnished and can be placed back online to fall back to your original domain configuration). Then install WIN2K, will your be running a mixed mode domain or Native WIN2K?
Comments
How do I then change the NT 4 to not being the PDC?
Nikumba
Leave it up as PDC, but on its own segment and thus on it's own LAN stub and make a WAN bridge to it.
Migrate domain control to Novell.
Dump all IDS to paper, back up your DBMSs, build a new win2k domain server for domain control from your paper, destroy paper, and unplug your server overnight while you rebuild from a reinstall as file server and then backup recovery and possibly a reupdate. (Essentially your move, expedited).
Four would be more interesting, convert domain control (starting with LAN border entries) to OpenBSD-- which it excells at. OpenBSD, NetBSD, Linux, and Unix can all handle security function as multiple apps with individualized security by app. Thus, break part, you do not break all-- each brick can be secured individually and the gates can jail intruders in something that looks like a core plus data set but has false data (honeypotting is one extended variance of this).
To stage this box out, you could backup domain control to a backup server, separate DBMS to a DBMS server and take the box down if you can recover overnight. It while the box is down the data can be transfered on a faster box this might be possible to do in a short time (think of server's backedup HD's as source for data rather than server itself, move data to faster box inside HDs if can build file system in new box that mirrors old by either moving one half of the mirror temporarily to faster box for data recovery and transfer and leave second box live with minimal interruption to stick in new blank and let the array remirror itself).
Or wait until maint can get there and back up religiously so you have failover if the older box dies catastrophicly. Just a few ideas.
Since you have a need to have both up, you need to create on a second box while first is live, then stage up second box and take first down. Further, I would separate security control from any DBMS as far as physcial box if the money to do so is there or can be made available-- much more survivablility that way.
1 : Domain Controller which is running Windows NT4 Server, SQL Server and Sage
2 : Win2K Server that is be ditched
3 : Win2K Server that is remaining as is, basically as a file store.
4 : About 5 differnet mac servers.
This is the setup we have :
The NT4 Sever acts as the Domain Controller and handles user authetication for the network, this also runs SQL Server and Sage for our account dept. Ideally we would just turn this box off, but we cant we need to keep Sage on their till its moved.
The first Win2K Machine handles DNS and DHCP this is being taken over by our new server (more on that in a minute) the third Win2K box handles no main network fuction and ditto to the macs.
Due to the age of this collection we have got a new blade server to replace most of the current hardware.
The new server will consit of three blades
1) The main blade this will handle DNS, DHCP, Domain, User Logon etc
2) This is not needed for network
3) Linux just mail server.
What i want to be able to do is set up the new system with all teh users accounts, etc and deactivate the old domain controller and have this one take over. If that is not possible is there a way to set up the Active Directory with all the details then simply deactivate it till its needed?
Nikumba
Take a look at that first, and tell me if you think it's what you need. Post back, and we'll go from there.
http://www.microsoft.com/windows2000/downloads/tools/admt/default.asp
Click on the link, it was truncated in posting to fit message display width to fit display size-- the link part does work, though. For some reason your browser did not redirect properly and 404'd instead.
John Danielson.
http://mib.teco.edu/ftp/win2k/activedirmig/
UPromote