Decommissioning NT4 Domains - Part 2
Posted in Windows Server by Ben Christian on May 1st, 2006 Dealing with Member Servers
Re-deploying services
In some cases, rather than migrating a server from an NT4 domain, it made more sense to transfer the server’s function to another server or device. For example, DHCP was running on the PDC of one of the legacy domains to issue IP address leases to the workstations in their subnet. I opted to move the function to our switches. We are using 2 Cisco Catalyst 4507 switches; I worked with our network services team (the Cisco guys) to move the scopes from the NT4 server to the 2 switches. Each switch was given it’s own pool of IP addresses for redundancy and load-balancing.
Migrating Member Servers
There were several servers which needed to remain in use. For these servers the migration from their existing NT4 domain to the AD domain was as simple as removing them from the NT4 domain and adding them to the AD domain. The service accounts and ACLs on objects were already using groups from the AD domain (there were external trusts in place between the AD domain and the NT4 domains), and when I added the servers to AD users were still able to access resources on the servers. I tested this process in a lab before migrating the actual production servers.
Decommissioning the actual Domain
Removing the last Domain Controllers
I have completely decommissioned 1 domain so far, with the remaing 2 domains almost done. My aim was to remove all member servers until I was down to a PDC and a BDC. Once I got to that point, I disabled all of the user accounts except for the Administrator and REPL accounts. After a fews days, I then removed the trust relationships.
I took a backup of the PDC, but I wanted to have a very easy way to bring the domain back up if I needed to in future. I considered relying on a Ghost image, but that would require that the image be dumped back to the same hardware, and I knew that the hardware would be scrapped in the near future, leaving the image useless. Although I had the standard backup of the OS, I didn’t want to have to go through the whole restore process if for whatever reason I needed to bring a domain controller back up. My solution was to build an NT4 server in a Virtual PC image and promote it to a BDC in the legacy domain. Once I confirmed that the database had replicated, I shut down the domain controllers and burnt the Virtual PC image to DVD. If I need to bring the domain back up in future, it will be a simple case of starting the VPC session.
