To DC or not to DC

I'm floundering here with information overload and a sad lack of some specific knowledge. The situation:

NT4 domain in a manufacturing enviornment. Basically 2 LANS, 1 for business clients and one for production clients. Mixed network with 95/NT4/2K/XP clients along with a couple VAXs and Unix boxes running Samba.

Right now we have an NT4 PDC and one BDC for each of the LANs. Member servers are about 50/50 NT4 & 2K but moving more heavily to 2K as we add new hardware and retire the old stuff.

The WAN we are on is a mix of a large NT4 domain and several 2K/AD domains.

We are retiring one of the BDCs next month. It is one of those horrible mixes that is doing BDC, serving up some web pages, M$SQL, and such. The replacement server that will be taking over the functions is 2K so couldn't do DC work right now even if that were a good idea (which it isn't).

No suitable canidate for a replacement BDC. All our existing NT4 servers are production servers and I'd hate to destroy any of them to set up the OS as a DC canidate.

The "easy" answer would be to take a BDC which isn't doing anything else and upgrade it to 2K and dcpromo it. Then do the same to the existing PDC and have the option of doing the same to another server that isn't real busy (print server).

We really wouldn't need any of the AD stuff for this domain. Also we will have to continue to use WINS for a number of reasons so I would basically be looking at running an NT4-style domain but using 2K DCs for the job.

I guess my real question here is can I safely do this or will I simply be taking a large gun and shooting one or both of my feet off?

 

Your best bet would be to take a new server, install it as an NT4 BDC. Then promote it to PDC and upgrade to Win2k. This will upgrade your domain to a Win2k domain. You can then migrate your NT4 BDC's to Win2k as you wish. Once all BDC's are migrated to Win2k, you can switch to native mode.

Also you can continue to use WINS and NT4 BDC's for as long as you want.

You can also implement Win2k type group policies when running Win2k DC's, and can maintain your legacy NT4 / Win9x type policies as well.

Make sure you have a good DNS configuration with Win2k. When installing your Win2k server, make sure you have DNS installed.

 

Good advice so far, I'd add a couple of things:

The first 2K DC in the domain MUST be the PDC - do it any other way and its good night Vienna. Saw a customer of mine try to do this and saw him cry as he realised what he'd done !

DNS is imperative as stated, a common gotcha is to ensure that the server can "see" the internet before installing DNS. If it can not it will assume its a root server ! Easily fixed by removing the root zone but still scary the first time it happens to you !!!

Its nice to be able to give some help back to someone like yourself who has spent so much time and effort here to help out others

 

Thanks for the info guys and sorry for the delay in getting back with you.

Fished all weekend and returned to work to find our old faithful PDPs were locking up with file I/O errors and a drive controller on a VAX cluster had died. So Monday was exciting and I just never got on here.

Guess I got spooked by all the "gotcha" articles for dcpromo.

Just to make sure I am really clear here (cause 2K/AD is still very much foreign territory for me and I really don't want to stop production in the factory )

1. Existing NT4 PDC (called CABPDC, dedicated, and doing nothing else) upgraded to 2K.

1.a. Make sure CABPDC can see the DNS server that is housed here but lives on a big AD domain (as opposed to seeing the internet). Verify this how?

1.b. Then start DNS on CABPDC.

2. Upgrade existing BDC to 2K & SP3. Will it remember it is a DC?

3. dcpromo an existing 2K advanced server to BDC.

At this point, I will have a PDC and one BDC on the business LAN and a BDC on the process/factory LAN. Basically an NT4 domain structure running on 2K servers. I think.

Questions:

Bursley - "you can switch to native mode" went right over my head. Sounds like switching the system from NT4 to 2K/AD domain here.

General -
our servers and clients here all live on the pmu_cab domain. Resource domain and all local. All the accounts here belong to production equipment.

Our business user accounts are all on either PMU domain (old NT style) or US domain (new AD thing). Policies, logon scripts, etc. all originate from either PMU or US (depending on which domain logon is used). We have zero control over the stuff.

I am reading that all should continue normally and be unaffected by the DC changes here on pmu_cab.

And TIA for the information. I can also see that we better alert our 2K/AD guru support folks so someone is available for the weekend when we do the switch-over. Just in case.