One early morning, January 9th 2001, to be exact. We pulled the trigger on a large pilot for one of the largest Microsoft networks in existence. You see, I am contracting for a large US government agency, which has the largest SMS and Exchange implementations world-wide. These are over 220,000 seats for both. We are looking at the largest Win2k rollout to date, and we have just recently started the pilot.
Our layout is something like this. 23 Account Domains, organized geographically, and 220+ resource domains. No central management, and no standardized hardware. There are 23 different business units that completely manage their own account domains and resources. So rolling the account domains into a single domain is out of the question, we need to maintain the 23 different account domains at the least. We are planning on collapsing all 220+ resource domains into a corresponding account domain, but this is going to take much time, since each resource domain has a plethora of servers and workstations that will have to be moved into an OU in the account domain.
This was the day that we were starting the ugprade for the 1st account domain. Our plan was something like this: We would upgrade the PDC, and then start building Win2k DC's at every site, replacing a corresponding NT4 BDC, until all the NT4 BDC's were eliminated. Then we switch to Native mode, so we can use the SID-HISTORY attributes in the AD (which are only available in native mode) and start the collapse process for the resource domains. So this all hinged on us upgrading the PDC as the first step.
We had performed extensive testing for the past 6 months in the lab, testing every scenario that we could think of. We had pulled mirrored drives from production for use in the lab, so we had a most recent copy of the PDC in identical hardware, within our test environment. And the upgrades had went smoothly.
We had installed 2 placeholder domains in production already, which included:
and those were smooth also
(Names have been changed in accordance with my non-disclosure)
Now, onto the upgrade
Lesson One, Strange DNS occurences