AD: 2003 Interim mode...NT 4.0 question.

[LoStMaTt]

About 2 months ago I proceeded on an upgrade from NT 4.0 to Server 2003 with great success. Now I still have a NT 4.0 box with lots of shares and a Database application that I cannot remove for a good while.

I still want to proceed on raising the domain functional level but am not sure what consequences are in store for the NT 4.0 box.

I know that it can no longer be a BDC(Backup Domain Controller) and that is perfectly fine. If I install the Active Directory Client software on the box prior to raising the domain functional level will everything still operate as normal?

 

[Sharaz Jek]

first things first... before you can even THINK about planning its migration...

how are its backups? are you taking dailiy backups?

2nd, does the application support being run on a 2003 box? if yes, then then before you proceed, do yourself a favor and ghost the entire NT4 server to an image that you can restore if something futz's up.

otherwise, i dont see how the AD client could make a problem, but i really dont see how you would need it. isnt the client just for finding AD resources? if its a server, all it should need to do is authenticate against the new DC. if its unable to auth someone else inbound to that server, then *maybe* you could look at it, but i really cant see how you would need it (unless there are more details you havent told us yet).

 

[LoStMaTt]

It has to do with SMB Signing I believe. Just nobody has explained to me exactly what effects it will have if I raise the domain functional level.

 

[Sharaz Jek]

are you talking about native versus mixed mode?

native is for if you only have domain controllers that are 2003. mixed mode, is for if you still have a BDC online that is handling authentiatios from desktops.

if your NT4 server is just a member and not a BDC, then you should be able to raise it to native mode.

 

[LoStMaTt]

Basically I want to raise the domain functional level to 2003 native so that I can begin to roll out Group Policy. In its current status group policy does not work. If I raise the domain functional level will the NT 4.0 box still be accessible to the clients in Active Directory under the new functional level?

 

[Zlash]

Uh it should function just fine even in mixed mode.

 

[LANm0nk3y]

Basically I want to raise the domain functional level to 2003 native so that I can begin to roll out Group Policy. In its current status group policy does not work. If I raise the domain functional level will the NT 4.0 box still be accessible to the clients in Active Directory under the new functional level?

If you don't have NT4 domain controllers (PCD/BCDs) then you're fine raising the domain functional level. There's also Forest functional level too. I think you should look up some articles -- do some research on it. It's kind of hard to tell you everything in your environment what you should and shouldn't do. This is a major impact if you're going about it the wrong way. Double/Triple check your scenarios. Just IMHO.

are you talking about native versus mixed mode?

I think he's asking if should just go native instead of mixed. I believe he knows the differences at least "enough to be dangerous".

 

[MIRTBelGeran]

is the NT4.0 box with file shares and DB apps a BDC? From your post it sounds that way. You can not demote a 4.0 box that has a Domain controller role. The only way to remove that is to do an OS rebuild. You can not change to native mode as long as a BDC is in the domain.

To somewhat isolate the NT4.0 BDC from AD clients create a subnet in AD users an computers with a /32 mask assigned to the IP of the BDC and assign that to an AD site.

This should keep other users and applications from authenticating to this machine.

 

[LoStMaTt]

Bah its not worth all of that trouble. We are phasing out the database application that requires us to use that server in about 90 days or so. I am just getting impatient and wanted to move on with the network upgrade plan I layed out.