David_Wallis

Id rather than upgrade a bdc to 2k3, build a new domain alongside existing domain and migrate users using scripts..

Please please please help back up my argument!!

David

Foot_Tapper

I would certainly like to test a system out, before going fully commited.
Who's gonna get the egg on their face if it didnt work, after going for a straight switch over.
If its not you then who cares

User 1421

direct migration from NT to 2003 i nigh on impossible. Migration would have to go via windows 2000 so a ( dont quote me on the terminology name ) ad connector wont work with NT.


Scripts can do it tho , and quite easily.

Erm , didnt help that tho did it ?

ChrisB

I did a single NT4 domain to a new W2003 AD using the MS ADMT tool.

That went smoothly but it was a fraction of the size of your network David.

ozzy

I've done direct NT4 -> w2k3 AD migration too, but only on a small scale compared to David. Did it with an in-place upgrade and also a migration running new system in parallel.

You can also buy 3rd-party migration software that talks you through domain-by-domain migration and it will even simulate the move to pick up any errors.

The problem with an in-place upgrade is you have no real way of testing it unless you can copy images to a test environment and then upgrade that.

What if things go pear-shaped and you have to backout? can you? if you start having problems can you handled downtime and allocate enough staff to fire-fight.

Upgrades need loads of planning beforehand, where as migration can be done in parallel and managed in much smaller chunks.

Depends what timescales are involved getting everything migrated.

Only large scale upgrades I've done was a few years ago with NetWare. 6,000 users and server consolidation at the same time. Makes my head hurt just thinking about it again.

Who's pushing the migration David; Management or other techies in your dept?

Stefan

LanCat

Someone's realised NT4 is out of support at the end of the year

My choice would be to build alongside and migrate rather than upgrade. The third party tools, Quest or whatever are great if you have budget. If not then a combination of hard work and admt works well too (done that with a few hundred users quite easily)

Upgrades from NT to Win2xxx are messy. driver issues, bios upgrades

BlkKnight

What does this mean in small business terms? Have you ever actually had to contact M$ for support? I'm guessing 99% is no.

WHY do you actually want to upgrade?

Is it worth the time & effort?

Your PDC will quite happily sit there in the background doing it's stuff forever (bar hardware failure).

As for migration, wasn't the rule of thumb anything over 50 users script it, anything less do it by hand. NEVER EVER do an insitu upgrade.

If you are mad enough to do a NT > 2000 > 2003 upgrade make sure you have a bloody good backup (IE mirror the disk (put it somewhere safe) & do tape backups-) and TEST THE BACKUPS

David_Wallis

I want to use the ADMT with a new domain running along side so GPO's can be tested etc, and new scripts can be in place.. they want to just take the pdc off line and upgrade a bdc to 2k3.. its been tested in our test lab and works fine however I dont like the approach of doing it this way.. I would rather create new admin accounts for the new domain and tidy it up, then just migrate users and sid history using ADMT, all they then have to do is logon to a different domain.

I dont need to justify why we are going to AD, but its got something to do with another global site going live in feb. We run NT4 domain with 2k 2k3 servers without a problem. Weve been looking at AD since in beta, and we have been planning the project a long time, I just disagree with some bits on the project plan.. so if anyone has any links to sites saying over 50 users then dont do an inplace upgrade then please please post them!!

There are around 8000 users to migrate and I dont think this would be the problem, Ive heard of ADMT dropping the SID and not adding this to SID history but I can test this.

David

LanCat

The out of support means no more security patches for NT4. If it doesn't bother you then no need to do anything. If it does then move.

roblane

Obviously there are pro's & cons to both approaches. The in-place upgrade is attractive in its simplicity:

Preservation of NetBIOS Domain Name
Time constraints
Less Complex
SID History and Re-ACLing
Re-Configure Mailbox for new account
Remove dependency on app re-coding
No additional Toolset required
Invisible to user (like for like)


Alternatively the migration route gives you a clean base to to start from and while the upgrade may work fine in the lab we all know things often don't work that way in production. Also its often the case that,whichever approach you take, issues don't necessarily rear their heads immediately.

For example if you in-place upgrade and then find a problem and want to roll back the PDC but have forgotton to use the nt4emulator key you'll be spending a few hours rejoining workstations to the NT4 domain

The migration approach gives you a way to roll back if necessary while still maintaining the new environment as a place to fix the problems you found. It is more work tho.


For the most part sidhistory works pretty well too tho there are some WK rids you cannot migrate - but thats all doc'd too.

These are just my opinions as someone who gets to provide support when things go wrong in both scenarios rather than as someone who has to implement them..

David_Wallis

cheers,

The new domain sounds like the best bet IMHO, as it means we arent trying to do the configuration etc on a live network.

Ive written a script for dumping the sid history for all users in AD, which may go some way to confirming things are ok.

David

WRX_Rich

iTrader: (5)

we have a 2k domain which we are upgrading to 2k3, if you have a few domain controllers ( we have 6 , 2 on each site) it was far easyier to put the 2k3 server on the domain migrate all the rolls pdc emulator etc etc then switch the other server off far less down time

we had a single lable domain ( don't ask I didnt set it up ) which has led to big problems with in dns so we have had to upgrade to 2k3 , now im just not sure how 4000 machine are going to like a re name of the domain

R1916v

If your place is that bothered about staying on NT you just need to buy the extended support contract MS are offering on NT4.