BDC/PDC Problems When Upgrading To Windows 2000? 18
Kisc asks: "After being hired to administer Sun/Solaris machines, I find that my next big job is to get our network moved over to Windows 2000 Active Directory Services and Exchange 2000. We're on an NT 4 domain. I did it once... but it didn't work, due to undocumented problems with BDCs. We got a Microsoft tech support guy to finally admit that BDCs cause known problems when trying to upgrade your PDC to Windows 2000/ADS. I have read through three different books, and never found mention of that (including the O'Reilly book on ADS). Please, does anyone know of a book, set of books, a Web site, or anything, where I can get the information on Exchange 2000/ADS/Windows 2000 that Microsoft doesn't want me to have?"
Why not migrate to NDS instead? (Score:1)
Anyway, to get just a bit on-topic I would start by laying out what you hope to achieve by migrating to AD and calculating expected cost/benefit. Don't forget to consider the option of delaying for 12 months until others have finished doing the research and writing the books.
sPh
Re:AD requires W2K "native mode" (Score:1)
How about bind 9.x?
Your Working Boy,
Re:Don't replace your NT4 PDC/BDC - I second! (Score:2)
BIG MISTAKE DUDE!
Active Directory has to be in charge of your network. That means you put all of your UNIX at 2000's mercy. Do NOT do it!
I'm currently writing a book on how to keep NT off your network -- completely! Using NIS and (in a future edition) LDAP. People think they must have a native PDC -- NOT TRUE! There is a lot you can do with NIS and NT. [ Note: I was a contributing author of Sam's "Samba Unleashed" [mcp.com] by Steve Litt, who is actually a good friend of mine. I was also an original NT 3.1 beta tester and after 8 years of NT, finally chucked it "cold turkey" in mid-1999 because UNIX is just so much better for networks. ]
Again, do NOT put your network at the mercy of 2000 server! Once you do, your network is forever Microsoft controlled. Microsoft did this purposely. And even the IEEE has identified Windows 2000 and Active Directory as a "Threat to Internet Standards and Diversity".
Worse yet is when you put Exchange and SQL 2000 on that same network. Nuts! This really ties you down to MS-only solutions! Exchange is a pig that self-corrupts (you like those 48-hour straight downtimes, eh?)! Try Bynari TradeServer [bynari.com] instead (flat $599 -- unlimited users, GTK+ management GUI, standards-based, LDAP-based, 100% Outlook Calendar/Contact compatible), plus they have a UNIX client that can interact with Outlook. So you save money *AND* get Internet standards -- a win-win!
I fight the ignorant on this every day (largely our admin/accounting departments). John Dvorak has pointed it out best (paraphrased), "Microsoft knows standalone PCs, but knows nothing about networking" urging Microsoft to just get out of the network/server business because it doesn't know crap (and Sun seems to be the opposite, good network, bad PC knowledge ;-).
-- Bryan "TheBS" Smith
Flamebait??? BS!!! (Score:2)
This guy is a Solaris admin. As such, he needs to be concerned what Win2k/AD will do to his Solaris boxen!
Geez, get your freak'n heads out of the Windows-only clouds! Some of us have applications that are Linux and Solaris-only on our networks!!!
-- Bryan "TheBS" Smith
IEEE: "W2K: A Threat to Internet Diversity ..." (Score:2)
-- Bryan "TheBS" Smith
Don't replace your NT4 PDC/BDC (Score:2)
Why are you switching from the NT4 domain model to W2K domain model? What do you benefit from such a move? Don't switch just because it's the latest thing from Microsoft© At my job, we've rolled out an Active Directory/W2K environment and we have been dealing with Active Directory limitations and a serious problem ¥services die silently on some servers that we think may be caused by Active Directory©
Rather than replacing your existing PDC/BDC, I'd suggest that you create an Active Directory domain that resides with your NT4 domain© Then, start adding machines to the AD domain as you convert them to W2K© See what works and what doesn't before you convert everything over©
It may be funny, but... (Score:3)
Apparently, Samba TNG is able to do a full PDC, including ADS. I'm not sure how stable it is right now (I work for a Linux company and don't need to deal with that stuff too much).
I suggest trying it out and getting on the mailing list.
You see, the greatest strength of open source, the reson I use it, is that you can fix a bug if you find one. The free part doesn't matter at all here. In fact, you always have the option of contracting someone to do such development for you. It's not free anymore, but you have control, not a company who withholds information...
Quite frankly, I'm glad I don't have to depend on one company who may or may not care about whether their software works for me. Not being able to see Sorenson QuickTime is an extremely small price to pay.
Re:What an odd question (Score:1)
If you've already got a NT4 network running, why not go with Exchange 5.5? It's reasonably stable (for Exchange). Or look at HP OpenMail, which provides all the functionality of Exchange, but which can run on a number of platforms.
Similar Problems (Score:3)
The BDC's call for a new "poll" (i can only tell you what was told to me...) every time one of the win2k BDC's goes down. The winner is the win2k system with the most... something, i don't remember, maybe hardware? lastest verions?
Catch: They also "poll" when they come back up. So the job of BCD can be constanly shifting.
We were have a very hard time when I was installing my Win2k workstation, then wrote a few bad loops that were taking down my win2k server...
Note that this is hearsay from a programmer, not a networker.
What an odd question (Score:1)
OK, firstly, to answer the subsiduary question, "why are you going to AD"; one very likely reason for moving accross is that Exchange 2000 requires you to move to AD.
So it may be a choice has been made to go to Exchange 2K. I must say my own take is that Exchange 2000 offers some interesting features, particularly having the information store mounted like it were part of the file system, but that the pain of an AD move is keeping me away from it. It'd be interesting if you could post your companies reasons....
On the whole I'd suggest not so much moving as creating a parallel AD network, establishing trusts, and moveing things over piece at a time.
Of course you could always hold off on the grounds that Whistler is imminent...
Re:misperception - correction (Score:1)
(actually I can hardly believe I didn't catch myself before I submitted -- there is something to say about trying to function for a day non-caffinated: "Don't do it")
So, the correction:
In "native mode" there are *only* _DC_s.
In "mixed mode" (i.e. before you have upgraded all your NT4 BDCs to W2K DCs and told the domain that you want to do the one way conversion to "native mode") you can still have NT4 BDCs.
To quote M$, "...however, mixed mode severely limits the functionality of a Windows 2000 network..." meaning, if you are still in mixed mode and don't really plan to get to native mode as soon as you can you really needn't have bothered with the upgrade.
W2K is actually pretty neat, for example you can assign or publish software packages to user accounts, meaning the software is installed & configured (transparently to the user) the first time the user wants to use it. And this installation is very difficult to sabotage. E.G. I assigned myself M$ Word, doubleclicked the icon on my toolbar, and it installed & I used it. Then I got bored and selected the
While I know noone's users would do such a thing (yah, rite) it's a handy feature to have when your users think they know what they're doing.
-Dubber
Re:AD requires W2K "native mode" (Score:1)
No offense meant to the developers, I'm just basically opposed to doing stuff to the machine over and over. Once I get it set up & running right I shouldn't have to touch it very often.
AD requires W2K "native mode" (Score:2)
If you try to switch to AD while you still have NT4 BDCs present, of course there will be issues. NT4 can't handle several aspects of AD.
As to *nix boxen, as long as you don't care that they are not DCs, they work acceptably on the network. However, they don't handle some of the DDNS stuff he way the W2K stuff does. I suggest using a W2K box for DDNS - I find much less hassle (but I'm not a control freak) this way.
-Dubber
seems to be a small misperception here (Score:2)
In W2K there are no _B_DCs. All _DC_s contain a distributed, writeable, copy of the SAM database if you haven't enabled AD or if you're in native mode with AD enabled each DC contains a copy of the "Active Directory" database.
The first W2K (server) box that is brought online will become the "forest root" domain server --meaning it will emulate an NT4 PDC for backward compatibility (naming scheme requires dns/fqdn format - no more WINS, no more UNC paths, no more nasty browser service) it will be the boss (for it *is* a control freak, unlike me) for the W2K network. (for ease of admin, put the *nix boxen on a different logical network - much easier)
No more polling, no more elections. (yay!)
NT4 BDCs always were responsible for the same thing - logon validation to take the heat off the PDC. (this is the only "real" reason for making a BDC anyway (besides PDC/SAM Database backup))
Any other "jobs" each box did was configurable and not dynamically changable. Member servers could handle these other responsibilities anyway.
Perhaps the original explanation you received was less than clear. (I know I can be obfuscatory by accident) If you are really interested in this sort of thing you should ask for clarification of your situation. (IM(honest)O)
Ah, but I digress
-Dubber
Re:Don't replace your NT4 PDC/BDC - I second! (Score:1)
And even the IEEE has identified Windows 2000 and Active Directory as a "Threat to Internet Standards and Diversity".
Exactly where did you get this quote?
Samba 2_2_0 CVS (Score:2)
Re:Don't replace your NT4 PDC/BDC (Score:1)
Upgrading to Windows 2000 (Score:2)
The initial fears/concerns are no different to that which Novell experienced on their first release of NDS. The fact is that implementing directory services, much less an enterprise directory service, is a big task and should not be taken lightly. Education is key to making the customer comfortable with the solution.
To those who are reading these boards and doubting the product, take the messages here with a grain of salt because you do not know the situation on the other end as to whether the person experienced problems because they improperly designed and implemented the product due to lack of knowledge or experience.
Colin... colinbowern@hotmail.com