- Should I upgrade the PDC to Win2k server, or do a fresh install? (A fresh install would be a huge undertaking.)
- And, will the NT server BDCs have any problems with authentication and replication?
If you do not have to time to create a pristine environment, don't rush it. Just upgrade the PDC to Windows 2000 and Active Directory. The concept of a Windows 2000 BDC is non-existent. The Windows 2000 DCs all operate on the same level. There are specialized server roles called FSMO roles that can be assigned to the operational configuration of being a Global Catalog Server.
While running with NT 4.0 BDCs, your AD will be running in mixed mode. You will want to move to native mode as soon as you can. This means the NT 4.0 BDCs must either be upgraded or permanently removed from the network. I would strongly suggest taking one BDC off of the network (power it down) while you perform the PDC upgrade. Should something go horribly wrong, you can bring the BDC back on the network (after shutting the Win2k PDC down) and convert your domain back to the previous NT 4.0 state.
Keep in mind that the NT 4.0 BDCs will only be handling authentication for the NT 4.0 workstations. Any Windows 2000 Professional or Windows XP workstations will only authenticate to the Windows 2000 DCs. And while you only have one Win2k DC in the network, you are exposing yourself to a single point of failure. If the Win2k DC goes down, the Win2k workstations and XP workstations will not be able to authenticate on the domain.
Also, once you have upgraded the PDC, directory replication will stop working. Until you upgrade the BDCs and switch to native mode, replication will not work. You can perform some manual steps to get around this. The best description of this is in an excerpt from the MCSE study guide for the 70-222 exam.
*Sign up to have Active Directory tips delivered to your inbox every Tuesday morning.
This was first published in June 2002