Creating a Plan for Windows NT 4.0 Domain Controller Upgrade
Updated: March 28, 2003
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Workstations running the Microsoft® Windows® XP operating system that are joined to an existing Windows NT 4.0 domain use NTLM to authenticate to the Windows NT 4.0 domain controllers. When you add a Windows Server 2003– or Windows 2000–based domain controller to a domain, all clients running the Microsoft® Windows® XP, or Windows® 2000 Professional operating system and all servers running Windows Server 2003 or Windows 2000 automatically use Kerberos authentication when users log on interactively. Users at these computers therefore cannot log on by using the Windows NT backup domain controllers. This shifts the Windows Server 2003 and Windows 2000 user authentication load to the existing Windows Server 2003– or Windows 2000–based domain controllers. If the primary domain controller becomes overloaded or fails for any reason, users cannot log on to computers running Windows Server 2003 or Windows 2000.
For this reason, when you add Windows Server 2003– or Windows 2000–based domain controllers to a domain, you must continue to add Windows Server 2003– or Windows 2000–based domain controllers to keep pace with client demands. You can do this by installing new domain controllers or by upgrading existing Windows NT 4.0–based domain controllers.
Review your organization’s plans for domain upgrade and consolidation and for the deployment of new Windows Server 2003–based workstations, and ensure that workstation upgrade does not proceed more rapidly than the domain controller upgrade. Add Windows Server 2003– or Windows 2000–based domain controllers to a domain only when you are certain that the domain controllers have the capacity to meet the authentication needs of all Windows Server 2003–based workstations in the domain.
For more information about upgrading Windows NT 4.0 domains to Windows Server 2003 Active Directory, see "Upgrading Windows NT 4.0 Domains to Windows Server 2003 Active Directory" in this book.