Planning Your Migration: Windows NT Server 4.0 to Windows 2000 Server
Published: February 15, 2000
Upgrading and/or restructuring domains and recommended migration tools were among the topics discussed at this chat, held from the Expo floor at the Windows 2000 conference.
Host PamS:
Welcome to today's TechNet Chat. Our topic is Migrating from Windows NT to Windows 2000. Questions, comments and suggestions are welcome.
Host Glenn:
Hi, my name's Glenn Pittaway. I'm a program manager in the Windows 2000 Server group.
I work on domain migration, i.e. migration scenarios, and tools
Host Charlie_Russel:
My name is Charlie Russel; I'm the author of Microsoft Windows 2000 Server Administrator's Companion from Microsoft Press.
Host Carmen:
Hi, I'm Carmen Crincoli. I work with Product Support Services, helping customers with setup and file systems issues in Windows 2000.
Host Joseph:
Hi, I'm Joseph Dadzie, a Program Manager on the Windows 2000 Setup team - Upgrades, Sysprep, Unattended
howailau@netzero.net asks:
Can the new Windows (ME)2000 Server limit the shared folder size for client to put their files on the server?
Host Rusty:
Yes, the product ships with a disk quota management system.
Duke:
I installed win2k this AM on my nt 4.0 server. I installed a new drive and put win2000 on it now I cannot boot my win nt 4.0 Blue screen what did I do wrong
Host jim:
Dual Booting
Windows 2000 CD-Media
SETUPTXT\ADVSRV2.TXT
Section:
Multiple Operating Systems and File System Compatibility
The ntfs driver is included with Windows NT 4.0 Service Packs. Before the SP4 you had to download a beta driver. But with SP4 & SP5 shipping now you use the NTFS from the SP.
Student45:
I recently upgraded and my icons for networking dial-up connections keep falling off? Is there a fix for this?
Host Billy:
The personalized menu feature in W2K will automatically hide menu choices that are not used very often. To list all menu choices, including hidden entries, click the double downward pointing "v" icon at the bottom of a menu. This feature can be disabled by clicking Start | Settings | Taskbar & Start Menu and uncheck "Use Personalized Menus".
Student44:
Does the order you migrate NT 4 servers matter between domain controllers, file servers, and application servers? If so what is the recommended order?
Host Nathan:
Not really, the main drive in upgrading should be to move to a native mode environment as quickly as possible to take advantage of the more robust features that become available in this mode.
One precaution that needs to be taken is with domain controllers (DCs). The primary domain controller will need to be upgraded first since the first Windows 2000 DC will assume the PDC emulator role for the domain.
File and application servers can be upgraded in any order and should not have any adverse effects due to which order you choose.
John Michael Nord asks:
Will the migration tool provided with Windows 2000 retain the passwords for users when migrating from NT 4.0 SP5 to 2000?
Glenn:
No.
Putting functionality into the products to facilitate the migration of passwords from NT4.0 to Active Directory represents a security risk, which it was felt would not be acceptable to our customers.
We are working on documenting more secure approaches to password migration using approaches such as password filters.
We hope to make these documents available via KB articles or whitepapers over the next few months via the website, MSDN, TechNet etc..
rg:
Is the creative driver for dxr3 in the server final code. Rg
Joseph:
The drive itself should be compatible. Are you interested in the DVD features? If so, you need a software DVD decoder
Andreas Stephanou asks:
How do I secure that the unique SID for Users Groups and Computers is not changed after migration?
Glenn:
I read this question to mean: 'how do I migrate to Windows 2000 without losing access to resources granted via user and group SIDs?'
There are 2 answers to this:
- If you upgrade domains, the SIDs of security principals do not change.
- If you restructure domains, i.e. migrate security principals between domains, then the SID changes, but in many cases the old SID will be maintained in an attribute on security principals in Active Directory known as 'sIDHistory'.
These SIDs in sIDHistory are added to user access tokens and thus resource access is maintained.
If sIDHistory cannot be used, then tools such as the Active Directory Migration Tool (ADMT) and tools from ISVs such as Aelita, Entevo, FastLane and Mission Critical Software provide functionality to replace the old SIDs on resources with the new ones.
Student51:
The last NT Server 4 in my domain is running Exchange 5.5. Are there any issues with upgrading NT4 SP6a to Win 2000 if it also an Exchange Server?
Charlie_Russel:
Yes, you need to be on Exchange SP3
sgswartz:
Will any of the BackOffice components work with 2000.....ex SMS
Rusty:
Yes, they all will work, including SMS 2.0 (with sp2 for SMS)
ryoungs:
Is the TechNet February 2000 120-day version of Professional and Server that comes in the TechNet subscription the same as the final release?
Rusty:
It is the same code as the final version except for the time limit. You can upgrade using the full retail version.
Student135:
If I cannot find a HW driver for W2K, can I use the driver for NT4?
Rusty:
You need to contact the manufacturer for a Windows 2000 driver; however, you may find that the NT 4.0 or the Windows 98 drivers will work, depending on the device.
Student51:
Can I migrate a multiple master domain model in NT4 to a single domain model to Windows 2000?
Glenn:
This is really a restructure. We will be providing restructure capability in ADMT.
Student206:
Hi - I want to migrate my Windows 98 machine to Windows 2000 Professional. Does the upgrade remove unnecessary entries in the registry and dlls?
Joseph:
Yes. The upgrade does remove all Win98 system files and only migrates the files and registry entries required on upgrade.
Student44:
Will Windows 2000 offer any new integration tools for Unix-Windows?
Charlie_Russel:
Yes, a new version of Services for UNIX is due out shortly.
howailau@netzero.net asks:
Can the new Windows (ME)2000 Server limit the shared folder size for client to put their files on the server?
jim:
No you cannot limit a folder size. Disk quota is controlled by user account. So you can assign a folder with only one user. Then place a user quota.
Student158:
What's the best way to migrate a 2-domain one-way trust network to W2K?
Glenn:
Can't answer this! It depends on what you want to do.
Some people will want to upgrade in place and keep the 2 domains.
Some people will want to restructure these into a single domain.
Student44:
Will Windows 2000 offer any new integration tools for Unix-Windows?
Joseph:
Yes. You can get additionally Unix-Windows by installing the Services for Unix product. http://www.microsoft.com/windows2000 has links to it.
Student44:
Will Windows 2000 offer any new integration tools for Unix-Windows?
Host shaun:
Also, we just released Microsoft Interix 2.2, which enables you to run UNIX-based apps on Windows 2000.
Donna Randolph ASKS:
We are a large company wanting to move to Windows 2000. However many of our machines do not meet the minimum requirements and I have heard a lot of scary reviews to not upgrade but to start fresh on a machine.
In large scale deployment is there a good recommendation on whether or not we should just start machines fresh or just upgrade the hardware and software all at once? Downtime for servers of course needs to be minimal. Starting fresh means rebuilding our domain.
Charlie_Russel:
This is really several questions, so let's do it in pieces. First I'd make sure that you have a machine as a PDC that meets the minimum requirements, even if that means buying a new machine, installing as a BDC and then promoting.
Once you have a PDC in place that is ready to be a Windows 2000 Domain Controller, you can perform an upgrade on that machine. This will prevent losing your entire domain. Frankly, I think any strategy that avoids that will be more acceptable to users.
Then, your machines that don't meet the minimum requirements -- depends on the machines, but if you can add RAM to them, they'll very likely be acceptable. At least that's been my experience.
Finally, workstation machines that don't meet minimum requirements -- that's easy -- they're perfect fits for becoming Terminal Services clients.
technet2:
Can I dual boot nt4 and win2k on separate partitions?
Carmen:
Yes, as long as you are running Service Pack 4 or higher on the Windows NT 4.0 installation.
Student44:
Does the order you migrate NT 4 servers matter between domain controllers, file servers, and application servers? If so what is the recommended order?
Glenn:
No, but if you're upgrading the domain you have to do the PDC first before BDCs.
You can however upgrade workstations and servers before DCs.
rob:
What is the expected turn-around time for updated "Microsoft Digitally Signed" drivers once the ISV submits them to Microsoft? Will there be a specific Web site where we can find these drivers? If so, is it already accessible? What is the URL? Thanks!
Joseph:
The time varies based on whether the driver has been submitted in the past.
The drivers will be downloadable off Windows Update or the hcl web site.
Student50:
Why does mirroring prevent pre-installing the Recovery Console?
Rusty:
The "WINNT32 /CMDCONS" command performs the same system checks as a "clean" installation. A clean installation of Windows 2000 is not allowed on a mirrored system partition. If you want the Recovery Console pre-installed on a mirrored system partition to help facilitate a repair, you must break the mirror, install the Recovery Console
John Michael Nord asks:
Will the migration tool provided with Windows 2000 retain the passwords for users when migrating from NT 4.0 SP5 to 2000?
jim:
When using Active Directory Migration Tool, Clone Principal passwords are not retained. The passwords are stored one-way encryption and cannot be decrypted.
technet2:
Can I dual boot nt4 and win2k on separate partitions?
Glenn:
Yes, but you need SP4 or later if you're using NTFS.
AlaskaMCT:
Is there any additional information on the new child, forest, etc; naming structure?
shaun:
There is a whole chapter in the Deployment Planning Guide on Designing the Active Directory Structure--posted on microsoft.com
Lani:
What about backup domain do I need to upgraded to windows 2000?
Glenn:
Clarify please. Do you mean BDC?
student153:
is windows 2000 NT 5 or is it an upgrade to win 989 ?
Rusty:
Windows 2000 is the next generation of Windows NT products. Millennium is the upgrade from Windows 98.
ryoungs:
When upgrading from Win98 to 2000 Professional the Novell Client upgraded to 2000. However doing a new install with 120-day limit I cannot find the Client on the cd. Does the Netware Client for 2000 come on the live version?
Joseph:
You need to get the client software from Novell however in your scenario.
nt pro:
Can you establish a 2-way trust between NT4 DC and a win2k DC
Glenn:
You can establish a 2-way trust between NT and W2k domains if that's what you mean.
AlaskaMCT:
I don't have control over my DNS server - how crucial is this for the Active Directory? Will it work as LOCAL?
Carmen:
DNS is vital for service requests that are to be directed at the Active Directory. For clients to find domain controllers, global catalog servers, and other services, they have to be able to query DNS to find the correct services entries.
That being said, it is possible to set up DNS records manually, or even create a local HOSTS file with the proper hostname mappings, but the number of entries and possibilities for mistakes is large, and maintaining the entries would be a nightmare whenever network changes happen.
technet2:
I tried dual booting nt4 and w2k RC2 using boot manager 1 time and partition magic another and both os's did not work.
jim:
Dual Booting
Windows 2000 CD-Media
SETUPTXT\ADVSRV2.TXT
Section:
Multiple Operating Systems and File System Compatibility
sgswartz:
is there any plan to support AD in NT4.0 with a service pack.
Rusty:
Active directory client for NT 4.0 will be included in service pack 7.
ryoungs:
Why is it mandatory that I setup DNS on a Windows 2000 Server. I prefer to have my ISP take care of DNS.
Nathan:
Most ISPs will not support dynamic updates or server records and Windows 2000 depends heavily on server records to locate resources on the network such as domain controllers and the global catalog servers.
Student181:
what are we talking about
Rusty:
Migration to Windows 2000
mt-Rick:
What is the best <preferred> way to upgrade to win2k, clean install or over the top? I have a single domain with a PDC and BDC.
Glenn:
You'll want to keep your users. You have to upgrade the PDC first.
You can then upgrade the BDCs or fresh them.
m:
How stable is Windows 2000 compared to systems running Linux?
Joseph:
Windows 2000 is extremely stable. Lots of customers are using it for mission critical tasks. http://www.microsoft.com/windows2000 has a lot of customer testimonials about its stability.
Student53:
To perform an upgrade, must an operating system exist on a hard disk or can you insert a CD to verify previous ownership?
Rusty:
The upgrade can scan the CD for an approved upgrade product.
Student50:
Will RIS be able to support PCMCIA cards for its remote installations? Right now it's limited to PCI cards.
Carmen:
There are plans to make PXE enabled PC Card network adapters, but currently, the limit is as you stated, PCI cards supported from the floppy, and cards that have PreBoot Execution (PXE) BIOS chips installed.
Student47:
How do I setup DDNS for W2k Server with domain xyz.com for internal network while the external request for xyz.com still gets resolved by DNS, which is there on UNIX?
How do I configure my desktops (Win2Kpro,WinNT 4) so they can connect as Intranet/internet?
Billy:
Here are a couple of choices. One, configure the UNIX server to xyz.com as a secondary which transfers from the primary zone on the W2K DNS server.
Two, use one of the versions of Bind that support DDNS. Also, please see the deployment planning guide on our website (i.e. Chap 6) at: http://www.microsoft.com/windows2000/techinfo/reskit/dpg/default.asp
Student45:
I changed the MX record for my internet domain to point to my newly installed Win2KAS machine. I want to use the SMTP service to receive and route e-mail on that machine. I have started to service and specified the IP address. It is not working. Help!
jim:
What is problem? SMTP service not starting?
Student53:
To perform an upgrade, must an operating system exist on a hard disk or can you insert a CD to verify previous ownership?
Joseph:
To do an upgrade, an operating system must exist. You can do a clean install however without an OS installed on the hard disk.
Steve:
If my 4.0 pdc is leased and I am going to pull it out to put in a new pdc, what's the best strategy for upgrading to Win2000?
Glenn:
Easiest way us add the new machine as a BDC. Promote it to PDC, then upgrade it.
Beauzeaux:
What is the timeline for NT Service Pack 7? Is it close?
Eddy:
MS does not have a time line for the next service pack release. You can check the Microsoft website for information on Service Pack releases.
Student50:
We are currently adding a Pro machine to our existing NT 4 domain that has 1 PDC, 1 BDC, no DHCP. 2000 detects it but won't let me add it.
Carmen:
This is a supported configuration, but without more information about the error message, there's not much advice I can lend. The first place to look would be our support online site. (http://support.microsoft.com)
Motley Asks:
Can you fully administer a Win2K Server from a Win2K Professional machine (EX: Start/stop services, event viewer, ddns, wins config, etc/) without using pcAnywhere/netmeeting or the like?
Charlie_Russel:
Install Terminal Services in Remote Admin mode and use the Terminal Services client from your Pro machine.
Carmen:
Regarding admin of Win2k server from Pro (Motley's question). With adminpak.msi (available from the Win2k Server CD), you can add the MMC management snapins for all server services, which will allow you to admin any Win2k server machine you have access to. (adminpak.msi is a software installer package, to clarify.)
Lancer:
I work for a large corp. with over 800 NT4 domains, and our biggest issue is AD. Where can I locate docs on implementation guides for AD, and the big question is, do we want to use AD? What are the advantages/disadvantages?
Nathan:
Guides for Active Directory and other Windows 2000 migration information can be found here. http://www.microsoft.com/technet/prodtechnol/windows2000serv/default.mspx
Active Directory will greatly improve management of your domain environment just on the simplification of maintaining the implicit transitive trusts between the domains.
You could also consider reducing the number of domains and use organizational units instead.
Carmen:
The Windows 2000 Server Deployment Planning Guide is posted on Microsoft.com
Link to the Deployment Planning Guide online: http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/w2rkbook/dpg.asp
sgswartz:
When setting up W2K Server Active Directory. there is an option for support for older versions of windows. After all of the servers and clients are rolled over to 2000. How do you roll back from that original selection and set AD for 2000 only?
Nathan:
In Active Directory domains and trusts, right-click on the domain that you want to convert and choose to switch the domain to native mode.
Student49:
Right now I'm running W2K beta 3 and will buy the final on Feb 17. What steps do I need to take to jump to that final code?
Glenn:
You need to upgrade via RC2.
joeuser:
Can I use Windows NT 4.0 policies for Windows 2000 Professional machines, since we will be upgrading workstations first?
jim:
No you can not use NT 4.0 Policies on Windows 2000 Machines. We do support NT 4.0 Policies on Windows 2000 DC's for Windows NT 4.0 Desktops.
themarcel:
How does promoting a stand-alone Windows 2000 Adv Server to a PDC, with Active Directory Service affect the current Domain PDCs? Do I have to set-up my own DNS? etc.
Glenn:
Upgrade the PDC first.
Then run DCPROMO on your Adv Server making it a replica in the domain.
You do need to set-up your own DNS.
Student53:
I have installed/running W2k partition. The system partition is C:(Win98SE). I want to eliminate the C: partition and make W2k have the whole drive. Is there a way to do this without reinstalling the apps and setup all of the profiles?
Rusty:
Backup your W2k partition. Repartition as desired. Reinstall W2k, restore from backup.
Student44:
I can't login to Windows NT through Win2000. I can't find a network setting similar to Windows 95 or 98? Can someone help me?
Rusty:
Right Click MY COMPUTER, go to Properties. Use the Network Identification Tab to join the domain.
Student55:
Can anyone tell me how to fix-restore my dual boot option for Win98 and Win2000? I reinstalled my .sys file and now I can't boot Win2000?
Joseph:
There are a number of options depending which OS you can boot now. See http://support.microsoft.com
for more information. Search for "dual boot"
sgswartz:
Will upgrading NT4 server to 2000 roll the DFS service over correctly and connect to the directories that DFS points to if the actual data directories are still on a NT 4.0 server?
Rusty:
YES
tom:
When will exam 70-240 be available?
Nathan:
Please check for updates on exam availability at http://www.microsoft.com/learning/
Motley
When implementing AD, our company's domain name doesn't match our DNS name, would you recommend standardizing on our DNS name for our new AD root. What problems will arise if we don't?
Carmen:
Other than confusion, there aren't any known technical issues. For your sake as an admin, and for your users, it's suggested that they have the same name.
ryoungs:
Naming the DNS recommends xyzcompany.com and I want to use xyzcompany without the .com part. Would this cause any problems?
Rusty:
No, it will not be a problem for your internal domain use; but, see answer above
ryoungs:
If I have a domain name called xyzcompany.com on the internet and internally named xyzcompany.com. Wouldn't this become confusing to the end users?
Rusty:
Not at all. It should be less confusing to most end-users.
ryoungs:
Will the license number for 120 day Professional and Server evals be included on the March TechNet series.
PamS:
This issue has been corrected for March.
notyac:
For multiple monitors, W98 allows the use of a AGP and PCI combination, whereas NT4 only allows two PCI slots. W2000 also requires two PCI slots. I would like to save the PCI slot for other applications. Will W2000 ever support the PCI, AGP combination?
Rusty:
Windows 2000 supports this configuration.
ryoungs:
Naming the DNS recommends xyzcompany.com and I want to use xyzcompany without the .com part. Would this cause any problems?
Billy:
Internally you could do this, externally this won't work because it would require you to have a root DNS server. You can get a public DNS domain name from INTERNIC.
sgswartz:
I can connect to the 2000 Server via VPN with a 2000 client and a NT 4.0 client, but the 98 Client will not connect. The 98 Client will establish a VPN link with a NT 40 Server????
jim:
First Check Policies? But allow downground clients. Also make sure policy defaults to PPTP first & not L2TP. Win 98 will not fall back(retry)
Motley:
So should the root be "xyzcompany" or "xyzcompany.com"?
Nathan:
If your company is going to have an Internet presence you should consider registering a domain name with one of the common roots such as .com or .net.
Motley:
Slightly off topic, but, had Microsoft reconsidered it's position as marketing Win2K professional as a replacement for home/game/legacy app use?
Joseph:
Win2k Professional is still targeted at business use. You can get the full product positioning on http://www.microsoft.com/windows2000
sibaraki:
SMTP not allowed in domain replication due to lack of support with FRS - still true??
Billy:
SMTP is supported for AD intersite replication, however, the file replication service (FRS) doesn't support SMTP.
Motley:
So should the root be "xyzcompany" or "xyzcompany.com"?
jim:
JDP customers are using xyzcompany.net internal xyzcompany.com outside. The Internet group does not have a standard yet. Most are using .net, .local. You can use com but you then can not use VPN.
Motley:
Slightly off topic, but, had Microsoft reconsidered it's position as marketing Win2K professional as a replacement for home/game/legacy app use?
Eddy:
Win2k Professional is considered an upgrade for NT4.0 Workstation, not Windows 98 for games etc... It is designed for business applications.
george:
Pro and Server NFR (not for sale) will be available ? and when ?
Joseph:
This has been available for a while. You can get it through MSDN or contact your local Microsoft office.
ryoungs:
When are first Service Packs for 2000 due to be released?
Joseph:
The service pack policy has been to ship one on a regular schedule approx 6 months after release.
sibaraki:
On intra-site replication, is SMTP still off limits since it can't support File replication services?
Billy:
IntErsite Active Directory replication can be accomplished with RPC or SMTP. IntrAsite replication can only be accomplished with RPC, since this scenario involves well connected machines, SMTP based replication would not be desirable.
PamS:
For training on this topic, please check out http://www.microsoft.com/learning/. Course #2010 especially applies.
PamS:
Thanks for joining us today! This has been a lot of fun for us. Unfortunately we are going to have to end this TechNet chat now.
Billy:
Thank you very much for participating, it has been our pleasure answering your questions!