After you upgrade the operating system and install Active Directory on the Windows NT 4.0 PDC, add another Windows Server 2003 “based domain controller to the domain as soon as possible. This provides redundancy for any clients running in the environment.
You can add additional domain controllers to the Windows Server 2003 domain by upgrading Windows NT 4.0 “based BDCs and installing Active Directory, or by adding Windows Server 2003 “based member servers to the domain and installing Active Directory on the member servers.
To complete the process for upgrading additional domain controllers, perform the following tasks :
Upgrade the operating system of Windows NT 4.0 BDCs.
Install Active Directory.
Install DNS on additional domain controllers.
Reconfigure the DNS Service.
Add Windows NT 4.0 BDCs to the Windows Server 2003 domain if necessary.
Perform post-upgrade tests.
You can upgrade any Windows NT 4.0 BDC to a Windows Server 2003 “based domain controller as long as it meets the hardware requirements for a domain controller running Windows Server 2003. To determine whether your hardware configuration is compatible with Windows Server 2003, see the Windows Server Catalog link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.
Before upgrading the operating system to Windows Server 2003, use the Winnt32.exe command-line tool to detect any upgrade problems. This tool reports potential upgrade problems, such as inadequate hardware resources or compatibility problems.
To identify potential upgrade problems
At the command line, connect to the I386 directory located at your installation source and type the following command:
For example, if your installation source is the Windows Server 2003 operating system CD in the D: drive, navigate to D:\I386 and type the following command:
D:\I386 > winnt32 /checkupgradeonly
The screen will then display the command prompt while the tool is running. It can take a few minutes for the Microsoft Windows Upgrade Advisor screen to appear.
Resolve reported problems before performing the upgrade.
To install the operating system on the computer, insert the Windows Server 2003 operating system CD in the CD-ROM drive of the domain controller and select the option to install the operating system, or use an automated installation method. If the Windows Server 2003 media is shared on the network, run the Winnt32.exe command.
To complete the operating system installation, perform these tasks:
Verify that you are using a static IP address.
Use NTFS to convert the partitions. The installation of Active Directory will not succeed if you do not have at least one NTFS partition available on which to locate the SYSVOL shared folder.
Select Upgrade for the Installation type.
On the first additional domain controller that is upgraded, configure DNS client settings by using the IP address of the PDC for the Preferred DNS server setting and do not specify an IP address in the Alternate DNS server setting.
On all remaining domain controllers that are upgraded, configure DNS client settings by using the IP address of the PDC for the Preferred DNS server setting and use the IP address of the second domain controller upgraded for the Alternate DNS server setting.
These DNS client settings are temporary and will be changed during the installation of Active Directory.
Install Windows Support Tools, which are available in the \Support\Tools folder on the Windows Server 2003 operating system CD.
During the operating system upgrade the computer will restart three times. After the computer restarts for the last time, the Active Directory Installation Wizard appears.
After upgrading the operating system on a Windows NT 4.0 additional domain controller to Windows Server 2003, the computer is in an intermediate state, meaning that the computer is no longer a Windows NT 4.0 “based domain controller, nor is it a Windows Server 2003 “based member server or domain controller.
The Active Directory Installation Wizard allows you to create an additional domain controller or a member server in the new domain. If you are installing Active Directory by replicating the directory data over the network or from another media source, select the Member Server option in the Active Directory Installation Wizard. This configures the computer to be a Windows Server 2003 “based member server, allowing you to install Active Directory at a later time.
To install Active Directory on a Windows Server 2003 “based member server
At the command line, type Dcpromo .
“ or “
Open Administrative Tools , and then click Configure Your Server Wizard . Select Domain Controller (Active Directory) to configure your domain controller. After the Configure Your Server Wizard finishes, the Active Directory Installation Wizard begins.
For more information about installing and removing Active Directory, see the Directory Services Guide in the Microsoft Windows Server 2003 Resource Kit (or see the Directory Services Guide on the Web at http://www.microsoft.com/reskit).
Table 2.3 lists information for installing Active Directory on additional domain controllers, as well as sample data for installing Active Directory on additional domain controllers in the Fabrikam single domain forest. Fabrikam will use the dcpromo /adv command to install Active Directory on a member server by copying directory data over the network from a domain controller.
Wizard Page or Dialog Box
Additional Domain Controller or Member Server
Select whether you want the computer to become a member server or an additional domain controller for the domain.
Fabrikam will select Member Server. They will install Active Directory at a later time using the dcpromo /adv command.
Domain Controller Type
Select Additional domain controller for an existing domain .
When Fabrikam initiates the Active Directory Installation Wizard by using the dcpromo /adv command, this is the first wizard page that appears.
Copying Domain Information
Fabrikam will copy domain information from the first domain controller that is deployed, SEA-FAB- DC01, which is in the same location as the new one. Therefore, they selected Over the network from a domain controller to copy the information in the shortest time.
Type the user name and password of an account with sufficient administrative credentials to install Active Directory on this computer, and the fully qualified domain name of the domain in which the computer will become an additional domain controller.
Additional Domain Controller
Type the full DNS name of the forest root domain.
Database and Log Folders
Type the folder locations specified by your design.
Shared System Volume
Confirm or type the location specified by your design.
Directory Service Restore Mode Administration Password
In the Password and Confirm password boxes, type any strong password.
Verify that all information on the Summary page is accurate, and then click Finish. After the Active Directory Installation Wizard finishes, you are prompted to restart the computer. The installation is not complete until the computer restarts.
Configure all additional domain controllers that you add to your single domain forest as Global Catalog servers.
After you install Windows Server 2003 Active Directory, enable Remote Desktop for Administration, formerly known as Terminal Services in Remote Administration mode, to enable administrators to log on remotely if necessary.
To enable Remote Desktop for Administration
In Control Panel, double-click System , select the Remote tab, and then select Allow users to connect remotely to this computer .
If the additional domain controller was also a DHCP server, you will need to authorize the server to allow it to continue to lease IP addresses. For more information about authorizing a DHCP server, see Authorize the DHCP Service earlier in this chapter.
Install DNS on all Windows Server 2003 “based domain controllers that you add to the domain.
To install DNS on additional domain controllers
In Control Panel , double-click Add or Remove Programs , and then click Add/Remove Windows Components .
In Components , select the Networking Services check box, and then click Details .
In Subcomponents of Networking Services , select the Domain Name System (DNS) check box, click OK , and then click Next .
If prompted, in Copy files from , type the full path to the distribution files and then click OK . The required files will be copied to your hard disk.
After deploying additional domain controllers in a single domain forest, do the following to reconfigure the DNS service:
Configure the DNS client settings of the first and subsequent domain controllers.
After you have deployed an additional domain controller, modify the DNS client settings on the first domain controller. Because no other domain controllers were running when you deployed the first domain controller, modify the DNS client settings on the first domain controller to include the additional domain controller. As you deploy more domain controllers, you might also need to modify the Alternate DNS server setting specified on existing domain controllers to ensure that this setting points to the closest DNS server.
Update the DNS delegation.
If you have delegated the DNS zone to an existing DNS server, update the DNS delegation for the domain after you install the DNS Server service on new domain controllers.
Enable aging and scavenging for DNS on one additional domain controller.
It is best to enable aging and scavenging for DNS on two servers that are running the DNS Server service in your environment. You enabled aging and scavenging on the PDC when you upgraded the PDC to Windows Server 2003 Active Directory. For information about setting aging and scavenging properties for the additional DNS server, see Enable Aging and Scavenging for DNS earlier in this chapter.
If you have applications in your environment that can run only on a Windows NT 4.0 “based domain controller, and if you have upgraded all the Windows NT 4.0 BDCs to Windows Server 2003 or if the existing Windows NT 4.0 BDC in your environment becomes unavailable, you might need to add an additional Windows NT 4.0 BDC to your environment. You can do this by installing a new Windows NT 4.0 BDC in the domain. Prior to installing the new Windows NT 4.0 BDC in the domain, you must first add the new computer account to the Windows Server 2003 domain.
You will not be able to install a new Windows NT 4.0 “based BDC in your environment if you have SMB packet signing and secure channel signing enabled. If these security policies are enabled in your environment, modify them before installing a new Windows NT 4.0 “ based BDC. For information about modifying security policies, see Modify Security Policies earlier in this chapter.
To add a Windows NT 4.0 BDC to a Windows Server 2003 domain
In Active Directory Users and Computers, right-click the Domain Controllers folder.
Point to New , and then click Computer .
Type the computer name of the BDC.
Ensure that the check boxes are selected for Assign this computer account as a pre-Windows 2000 Computer and Assign this computer account as a backup domain controller .
Install the BDC in the domain.
After you upgrade each additional domain controller, verify that the upgrade was successful. Use the same tests and tools that you used to verify that the upgrade of the Windows NT 4.0 PDC was successful. For more information about developing a test plan, see Planning the Migration in this book.
Also, verify that DNS recursive name resolution is configured according to your organization s the DNS design for your organization. For more information about verifying recursive name resolution, see Verify DNS Server Recursive Name Resolution earlier in this chapter.