+ Post New Thread
Results 1 to 5 of 5
Windows Server 2008 Thread, Promoting a domain from 2003 to 2008 in Technical; Has anyone in a large organisation gone about the process of promoting a 2003 domain to a 2008 domain? I ...
  1. #1

    garethedmondson's Avatar
    Join Date
    Oct 2008
    Location
    Gowerton, Swansea
    Posts
    2,260
    Thank Post
    965
    Thanked 324 Times in 192 Posts
    Blog Entries
    11
    Rep Power
    164

    Promoting a domain from 2003 to 2008

    Has anyone in a large organisation gone about the process of promoting a 2003 domain to a 2008 domain?

    I know our LEA are considering it but there are a lot of things to take into account. One of them being how Windows 2000 clients will react.

    If anyone has done this sort of migration with old (Windows 2000) clients how did they get through the issues - especially if replacing machines and OS wasn't an option?

    What about Windows XP? - Did that migrate well or would it be better with Windows Vista/7? I know a lot of schools will stay on XP for a while around here.

    I'm not part of the LEA process - I am leeching info (LOL) and taking an interest, but I thought I would just ask on here.

    Any notes, advice welcome

    GJE

  2. #2
    jsnetman's Avatar
    Join Date
    Oct 2007
    Posts
    887
    Thank Post
    23
    Thanked 134 Times in 126 Posts
    Rep Power
    39
    Done it here with xp clients, no issues at all really.

  3. #3
    Kogelkopper's Avatar
    Join Date
    Nov 2008
    Posts
    27
    Thank Post
    3
    Thanked 1 Time in 1 Post
    Rep Power
    0
    We've just done a Windows 2003 Domain upgrade to Windows 2008 R2 and no problems with our 875 Windows XP SP3 machines!

  4. #4

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,644
    Thank Post
    895
    Thanked 1,314 Times in 798 Posts
    Blog Entries
    1
    Rep Power
    444
    It should be fine but older O/S's will mean you need to enable legacy security for kerbros (I think its kerbros at least) but thats just a GP setting in default domain policy.

  5. #5
    bio
    bio is offline
    bio's Avatar
    Join Date
    Apr 2008
    Location
    netherlands
    Posts
    520
    Thank Post
    16
    Thanked 130 Times in 102 Posts
    Rep Power
    37
    I could be that you have a mismatch in LAN authentication level. You can check this in the local security policies on the member server or on the default domain controllers policy.

    This is an exerpt from that policy

    Network security: LAN Manager authentication level
    This security setting determines which challenge/response authentication protocol is used for network logons. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers as follows:
    Send LM & NTLM responses: Clients use LM and NTLM authentication and never use NTLMv2 session security; domain controllers accept LM, NTLM, and NTLMv2 authentication.
    Send LM & NTLM - use NTLMv2 session security if negotiated: Clients use LM and NTLM authentication and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
    Send NTLM response only: Clients use NTLM authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
    Send NTLMv2 response only: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
    Send NTLMv2 response only\refuse LM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM (accept only NTLM and NTLMv2 authentication).
    Send NTLMv2 response only\refuse LM & NTLM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM and NTLM (accept only NTLMv2 authentication).

    Important
    This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP Professional, and the Windows Server 2003 family to communicate with computers running Windows NT 4.0 and earlier over the network. For example, at the time of this writing, computers running Windows NT 4.0 SP4 and earlier did not support NTLMv2. Computers running Windows 95 and Windows 98 did not support NTLM.

    Default:
    Windows 2000 and windows XP: send LM & NTLM responses
    Windows Server 2003: Send NTLM response only
    Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send NTLMv2 response only

SHARE:
+ Post New Thread

Similar Threads

  1. adding a server 2008 dc to a 2003 domain
    By jason2234 in forum Windows Server 2008
    Replies: 61
    Last Post: 10th May 2012, 02:00 PM
  2. Promoting Windows Server 2008 R2 as DC + DNS in 2003 AD Domain
    By albertwt in forum Windows Server 2008 R2
    Replies: 8
    Last Post: 4th November 2009, 08:27 AM
  3. 2003 domain with 2008 terminal servers
    By KWestos in forum Windows Server 2000/2003
    Replies: 1
    Last Post: 14th October 2009, 05:05 PM
  4. adding macs to a 2003/2008 domain
    By sted in forum Mac
    Replies: 16
    Last Post: 31st July 2009, 06:53 PM
  5. Migrating to 2008 Domain from 2003
    By broyles in forum Windows Server 2008
    Replies: 3
    Last Post: 10th April 2008, 03:58 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •