作者 主題: migration of nt4 domain to win2003srv  (閱讀 5966 次)

0 會員 與 1 訪客 正在閱讀本文。

Ken

  • 鑽研的研究生
  • *****
  • 文章數: 524
    • 檢視個人資料
    • http://square.2y.net
migration of nt4 domain to win2003srv
« 於: 2004-07-22 15:09 »
Current envoirnmemt:
-current domain controller is Winnt4.0 server (PDC)
-nt4 workstation & win2000 workstation domain


After Migration:
-a new server installed win2003srv
-orginal server (nt server) will stop service
-win2003srv be domain controller with AD
-workstation are winnt & win2000pro


Now,,i had built a nt server & 2003 server for testing,the plan is:
-install 2003srv be member server
-join orginal nt domain
-install AD,promote 2003srv to be Domain controller
-demote orginal nt server
-workstation join AD


But...it seems no work...
-during the configuration of 2003srv AD,only can  join existed AD or create a new AD
-but,my orginal domain is a NT envoirnment,no a AD....


Question:
-is possible to migrate form NT domain to AD envoirnment?or how to do the migration?
-existed domain workstation necessary to join the AD again?


Thanks for all suggestion and helpful.

Ken

  • 鑽研的研究生
  • *****
  • 文章數: 524
    • 檢視個人資料
    • http://square.2y.net
migration of nt4 domain to win2003srv
« 回覆 #1 於: 2004-07-23 10:29 »
Sorry to interrupt,refer to the migration cook book,i find out the solution.
I'm simulate the migration now.

Ref link:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/cookbook/default.mspx

Ken

  • 鑽研的研究生
  • *****
  • 文章數: 524
    • 檢視個人資料
    • http://square.2y.net
migration of nt4 domain to win2003srv
« 回覆 #2 於: 2004-07-27 15:22 »
mm....i'm facing some difficult during migrate the user password
I'm setting a PES to export the password from NT server to 2003 server.
During run the ADMT at 2003 server to migrate the user account with password,it pop up this error message:
引用
2004-07-27 13:26:51 WRN1:7557 Failed to copy the password for temp12. A strong password has been generated instead.  Unable to copy password. 存取被拒。.


i check it from microsoft,this problem can be solve by:
http://support.microsoft.com/default.aspx?kbid=322981
引用

WRN1:7557 Failed to copy the password for {user.} A strong password has been generated instead. Unable to copy password. Access is denied.
If this error message appears in the Migration.log file, verify the following:
The following registry key value is set on the target domain controllers:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\RestrictAnonymous = 0

Pre-Windows 2000 Compatible Access has Read and Enumerate Entire SAM Domain permissions on the object, as follows:
CN=Server,CN=System,DC={TargetDomain},DC={tld}




The registry key i had set it before.But,what is the meaning of CN=Server,CN=System?
My source domain is NT,there no AD and "Pre-Windows 2000 Compatible Access " group,how can i set it?

Similar description from migration cookbook also:
引用

In the Active Directory Users and Computers snap-in, verify permissions on the PES server object. The PES requires that the “Pre-Windows 2000 Compatible Access” group has “Read All Properties” rights on the following object:
CN=Server,CN=System,DC=<domain_name>



Thanks your any suggestion.

Ken

  • 鑽研的研究生
  • *****
  • 文章數: 524
    • 檢視個人資料
    • http://square.2y.net
migration of nt4 domain to win2003srv
« 回覆 #3 於: 2004-07-27 15:52 »
人老眼花....i set this key at source domain...that waste me 1 day to do the trouble shooting..........
引用
The following registry key value is set on the target domain controllers:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\RestrictAnonymous = 0