酷!學園

其他討論區 => MIS 討論區 => 主題作者是: Ken 於 2004-07-22 15:09

主題: migration of nt4 domain to win2003srv
作者: Ken 於 2004-07-22 15:09

Current envoirnmemt:
-current domain controller is Winnt4.0 server (PDC)
-nt4 workstation & win2000 workstation domain


After Migration:
-a new server installed win2003srv
-orginal server (nt server) will stop service
-win2003srv be domain controller with AD
-workstation are winnt & win2000pro


Now,,i had built a nt server & 2003 server for testing,the plan is:
-install 2003srv be member server
-join orginal nt domain
-install AD,promote 2003srv to be Domain controller
-demote orginal nt server
-workstation join AD


But...it seems no work...
-during the configuration of 2003srv AD,only can  join existed AD or create a new AD
-but,my orginal domain is a NT envoirnment,no a AD....


Question:
-is possible to migrate form NT domain to AD envoirnment?or how to do the migration?
-existed domain workstation necessary to join the AD again?


Thanks for all suggestion and helpful.

主題: migration of nt4 domain to win2003srv
作者: Ken 於 2004-07-23 10:29

Sorry to interrupt,refer to the migration cook book,i find out the solution.
I'm simulate the migration now.

Ref link:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/cookbook/default.mspx

主題: migration of nt4 domain to win2003srv
作者: Ken 於 2004-07-27 15:22

mm....i'm facing some difficult during migrate the user password
I'm setting a PES to export the password from NT server to 2003 server.
During run the ADMT at 2003 server to migrate the user account with password,it pop up this error message:

引用

2004-07-27 13:26:51 WRN1:7557 Failed to copy the password for temp12. A strong password has been generated instead.  Unable to copy password. 存取被拒。.

i check it from microsoft,this problem can be solve by:
http://support.microsoft.com/default.aspx?kbid=322981

引用

WRN1:7557 Failed to copy the password for {user.} A strong password has been generated instead. Unable to copy password. Access is denied.
If this error message appears in the Migration.log file, verify the following:
The following registry key value is set on the target domain controllers:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\RestrictAnonymous = 0

Pre-Windows 2000 Compatible Access has Read and Enumerate Entire SAM Domain permissions on the object, as follows:
CN=Server,CN=System,DC={TargetDomain},DC={tld}

The registry key i had set it before.But,what is the meaning of CN=Server,CN=System?
My source domain is NT,there no AD and "Pre-Windows 2000 Compatible Access " group,how can i set it?

Similar description from migration cookbook also:

引用

In the Active Directory Users and Computers snap-in, verify permissions on the PES server object. The PES requires that the “Pre-Windows 2000 Compatible Access” group has “Read All Properties” rights on the following object:
CN=Server,CN=System,DC=<domain_name>

Thanks your any suggestion.

主題: migration of nt4 domain to win2003srv
作者: Ken 於 2004-07-27 15:52

人老眼花....i set this key at source domain...that waste me 1 day to do the trouble shooting..........

引用

The following registry key value is set on the target domain controllers:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\RestrictAnonymous = 0