Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

legacy OS or applications 2008 DC

0 views
Skip to first unread message

sawyer

unread,
Jan 7, 2010, 1:03:26 PM1/7/10
to

Hello

Does anyone know of any legacy OS (unix,linux) or applications (TFS) that
might now be able to authenticate to a windows 2008 DC. The reason I ask is
because we are in the proccess of upgrading our last 2003 DC to 2008, and we
had to hold off on upgrading this particular DC, because of an issue with an
appliance called "datadomain" We recently upgraded the OS of the datadomain
appliance so it will now work with a 2008 DC, but we are taking the prudent
step because of this and want to know if there are any known issues or if
someone reading this post has run into issues with an appliance, legacy OS
or application after upgrading a DC to 2008?

Many thanks

Paul Bergson [MVP-DS]

unread,
Jan 8, 2010, 8:41:11 AM1/8/10
to

I'm sure there are plenty. That is why you have to test and verify. Check
with your vendors for any issues.

In your situation if you feel you have done you due dilligence then, don't
do anything to the dc other than shut the system down for a week and see if
anything breaks. Since you have already extended the schema you don't have
to worry about that and raising the doamin and/or forest level shouldn't be
an issue since there isn't much that is happening, so I think shutting the
system down would be a good last step prior to upgrading. Hopefully this
isn't the fsmo master for any of the roles. If so transfer these prior to
the shutdown to be safe.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"sawyer" <occo...@cox.net> wrote in message
news:9ED21164-C305-4145...@microsoft.com...

sawyer

unread,
Jan 8, 2010, 12:16:31 PM1/8/10
to
yes this DC if the main FSMO role holder, so cant shut it down, but thanks
for the suggestion

"Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> wrote in message
news:OMiL$gGkKH...@TK2MSFTNGP02.phx.gbl...

Paul Bergson [MVP-DS]

unread,
Jan 8, 2010, 3:11:03 PM1/8/10
to
It can be shutdown for a couple of days. it shouldn't be the FSMO PDCe if
you are running 2008 dc's anyways. As a matter of fact they should all be
moved to 2008.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"sawyer" <occo...@cox.net> wrote in message

news:B19FEF17-E155-435E...@microsoft.com...

Revenger

unread,
Jan 9, 2010, 11:34:26 AM1/9/10
to

Hi sawyer!

Well, a fellow admin of mine had a nasty time when he upgraded all the DCs
to 2008 with a NAS storage device (SMB storage device) which works with AD
to authenticate the users.

After upgrading all the DCs to 2008 the NAS device couldn't authenticate
with AD anymore, and he couldn't get to the data on the NAS.

NAS device used older cryptography algorithms to authenticate, and the new
2008 DC's have a policy Allow cryptography algorithms compatible with
Windows NT 4.0 set to Not Configured, and they won't allow authentication.
Anyhow, the link is here:

http://support.microsoft.com/default.aspx?scid=KB;EN-US;942564

All in all, he had to promote the old W2k3 server back, make a backup of
the data on the NAS device (which could now authenticate with the 2003 DC),
and then demote the DC again.

Hope this helps someone ...

sawyer

unread,
Jan 11, 2010, 12:15:20 PM1/11/10
to

this is the kind of stuff that worries me, thanks for the info!

"Revenger" <R...@R.com> wrote in message
news:91f567ryjn34$.1oziz4703i8xl$.dlg@40tude.net...

Paul Bergson [MVP-DS]

unread,
Jan 11, 2010, 2:17:38 PM1/11/10
to
We haven't upgraded our AD due to diligence required to test the SAN and AD
2008. There is a matrix for the firmware that must be followed. If you
don't properly test, you can't hold anyone else accountable.

Test, Test, Test...

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Revenger" <R...@R.com> wrote in message
news:91f567ryjn34$.1oziz4703i8xl$.dlg@40tude.net...

Jorge Silva

unread,
Jan 11, 2010, 4:50:49 PM1/11/10
to
Hi
I not follow Paul's suggestion and create a lab for that, take note of the
most common issues an their resolutions.

--

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.


"sawyer" <occo...@cox.net> wrote in message

news:B19FEF17-E155-435E...@microsoft.com...

Revenger

unread,
Jan 12, 2010, 1:00:44 PM1/12/10
to
On Mon, 11 Jan 2010 13:17:38 -0600, Paul Bergson [MVP-DS] wrote:

> We haven't upgraded our AD due to diligence required to test the SAN and AD
> 2008. There is a matrix for the firmware that must be followed. If you
> don't properly test, you can't hold anyone else accountable.
>
> Test, Test, Test...

I couldn't agree with you more ... The lack of testing led to the problem,
but still, that was a lesson. All lessons come at a price, this one only
costed some time and some nerves :-)

0 new messages