Re: What happens to my W2K domain controllers

Make sure you make the remote dc's gc's as well

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.


"Paul Bergson" <pbergson@xxxxxxxxxx> wrote in message
news:%23w%23xgkZ5FHA.3276@xxxxxxxxxxxxxxxxxxxxxxx
> See inline
>
> Hope this helps
>
> --
>
>
> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
> "JConchie" <JConchie@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:151FD619-0172-409B-8715-D44E61DCF49F@xxxxxxxxxxxxxxxx
>> Current setup:
>> Single W2k Domain, with three sites. 4 W2K DCs..two in main office site
>> (FSMO roles, DNS,DHCP and Wins) and one each (VPN linked) in the two
> remote
>> offices (running AD-integrated DNS)
>> Main Office also has Exchange 2000 running on an up-to-date W2k box (no
>> plans to upgrade Exchange) and two 2003 member servers running
>> apps/files/printers.
>> Clients in remote sites and a few in main office are on static
> ips.....rest
>> of main office is on DHCP
>>
>> The Change:
>> We are replacing both the W2k boxes in the remote sites with new 2003
>> boxes....which will necessitate....if we want to continue with DCs in
>> both
>> sites, which we do....the local authentication and DNS is well worth
>> it.............upgrading the domain to Windows 2003.
>>
>> The Plan:
>>
>> 1) The Exchange 2000 schema changes are already in place, so will run
> inetorgpersonprevent.ldf as per KB314649
>>
>> 2) Run W2003 adprep/forestprep and /domainprep on one of the main office
> 2003 member servers.
>>
>> 3) Install and disable AD-integrated DNS and DHCP on one of the main
> office
>> 2003 member servers.
>
> Install dns and dhcp on a member server. Nothing to disable.
>
>> 4) Run dcpromo on one of the main office 2003 servers, when successful:
>
> Dcpromo the server that has the dns installed on it. DNS will follow with
> the upgrade to the DC.
>
> Change the ip address of the new dhcp/dns server to the same as the old
> and
> modify the old one to a new value
>
> Migrate the FSMO roles
> http://support.microsoft.com/kb/324801
>
> Transfer the dhcp database
> http://support.microsoft.com/default.aspx?scid=kb;en-us;325473
>
> Assign the global catalog server to one or more servers
> http://support.microsoft.com/default.aspx?scid=kb;en-us;295419
>
>
>> 5) Run dcpromo on the other main office 2003 server
>>
>> 6) Instal AD-integrated DNS on the two new boxes for the remote sites.
> Run dcpromo on both.
>
> Install the dns service and dcpromo the servers.
>
>>
>> 7) Ship both new 2003 DCs to their respective sites and set them up.
>>
>> 8) Run dcpromo on all four old W2k DCs to demote them to member servers.
>
> Demote local office don't demote remote until they have been installed and
> are replicating properly. Once you choose to demote old in remote modify
> the ip address of the new to match the old.
>
>>
>> 9) Shut down DNS and DHCP on W2K boxes and enable it on new 2003,
>> pointing
>> new DHCP to new DNS server.
>>
>
> Already done in other steps
>
>> 10) Point static IP boxes to new DNS.
>
> Not needed if you make the new server the old ip address as addressed
> earlier
>>
>>
>> The Questions, for the marbles:
>>
>> 1) Anything out of sequence in the plan? Any missing steps?
>
> See inline comments
>>
>> 2) During the 4-5 day difference (setting both of them up here in the
>> main
>> office and then shipping to remote sites) beween promoting to a Windows
> 2003
>> domain and getting the remote DCs up and running, is there any problems
> that
>> we may run into leaving the four W2K DCs not yet demoted to member
> servers?
>
> No tombstoning has a 60 day life time
>
>>
>> 3) During that same delay, will the users in the remote offices continue
> to
>> authenticate logins to the local W2k server....or will they have to
>> authenticate over the lan to one or the other of the new 2003 DCs in the
> main
>> office?
>
> Don't demote so soon
>
>>
>> 4) Anything at all else we are missing here?
>
>


.

Relevant Pages

  • Re: What happens to my W2K domain controllers
    ... > offices (running AD-integrated DNS) ... > plans to upgrade Exchange) and two 2003 member servers running ... > Clients in remote sites and a few in main office are on static ... > 8) Run dcpromo on all four old W2k DCs to demote them to member servers. ...
    (microsoft.public.windows.server.active_directory)
  • Re: dnsmgmt stand-alone servers
    ... The problem I have is that I can't manage the DNS remotely from a ... There are no "firewall" restrictions to access the two servers. ... Standalone servers will need identical username and passwords for each user ... That is the problem of accessing remote standalone servers, ...
    (microsoft.public.windows.server.dns)
  • Re: Global Catalog Location
    ... It *could* be a DNS issue (as you well know it can almost always be a DNS ... I would suggest that the op install the set up Sites in the ADSS ... netdiag /v on all Servers. ... on all of the remote DCs as well as then ...
    (microsoft.public.win2000.active_directory)
  • Re: Exchange 2003 Issues sending outbound mail
    ... after we upgraded our entire network to AD 2003 as well as all 8 servers. ... Are your internal DNS ... > manually attempt to telnet to the remote MX host on port 25? ...
    (microsoft.public.exchange.admin)
  • Re: configuration of 2 remote sites
    ... The users at the remote siites will need to access ... You should configure the sites and assign the proper subnets ... to these sites and then use IFM to promote the new additional servers, ... you're using different subnets you may want to setup WINS at these remote ...
    (microsoft.public.windows.server.active_directory)