Re: 2003 Migration
- From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
- Date: Thu, 27 Jul 2006 20:10:59 +0100
Hi
Informative Sites:
Best Practice Active Directory Design for Managing Windows Networks
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/plan/bpaddsgn.mspx#E1AAG
Windows Server 2003 Tools
http://www.microsoft.com/technet/downloads/winsrvr/tools/default.mspx
Windows Server 2003
http://support.microsoft.com/default.aspx?scid=fh;EN-US;winsvr2003
Considerations:
- Install the latest service pack.
http://www.microsoft.com/downloads
- Check Hardware.
Windows Catalog and HCL
http://www.microsoft.com/whdc/hcl/default.mspx
Active Directory Sizer
http://www.microsoft.com/windows2000/techinfo/reskit/tools/new/adsizer-o.asp
Windows Application Compatibility
http://www.microsoft.com/technet/prodtechnol/windows/appcompatibility/default.mspx
Microsoft File Server Migration Toolkit
http://www.microsoft.com/windowsserver2003/upgrading/nt4/tooldocs/msfsc.mspx
How to Upgrade Windows 2000 Domain Controllers to Windows Server 2003
http://support.microsoft.com/?id=325379
Upgrade or migrate?
Reasons to Upgrade
Especially for small organizations, the ease of an upgrade rather than a new
installation can make sense. Generally, with an upgrade, configuration is
simpler, and your existing users, settings, groups, rights, and permissions
are retained. Also, with an upgrade, you do not need to re-install files and
applications.
Reasons to Migrate
There are good reasons to migrate rather than upgrade-especially when
dealing with large organizations. If you want to practice careful
configuration management, for example, for a server where high availability
is important, you might want to perform a new installation on that server
instead of an upgrade. This is especially true for servers on which the
operating system has been upgraded several times in the past.
Active Directory Migration Tool v.2.0
http://www.microsoft.com/downloads/details.aspx?FamilyID=788975b1-5849-4707-9817-8c9773c25c6c&DisplayLang=en
Active Directory Migration Tool v3.0
http://www.microsoft.com/downloads/details.aspx?FamilyId=6F86937B-533A-466D-A8E8-AFF85AD3D212&displaylang=en
Planning:
* Backup the Servers.
* If you can take at least one DC Offline (In case of UPGRADE FAILURE you
always seize the roles, and return to previous state.) The only drawback to
this method is that all changes that were made while the safe DC was offline
are lost. To minimize this loss, you could periodically turn the safe BDC on
and off (when the domain is in a stable state) during the upgrade process,
to update its safe copy of the directory.
* Make sure that the Hardware and apps meet the requirements.
* Run from command prompt:
Cdsource\I386\winnt32.exe /checkupgradeonly
* Make sure that all Apps installed are compatible with W2K3 and don't cause
problems with the upgrade process or pos upgrade process.
* Make sure that existent clients have compatibility with SMB signing, Each
Windows Server 2003 domain controller enables SMB signing in its local
security policy by default.
How to enable Windows 98/ME/NT clients to logon to Windows 2003 based
Domains
http://support.microsoft.com/?id=555038
* Document everything network related (users, groups, permissions,
printers,etc).
* How to Upgrade Windows 2000 Domain Controllers to Windows Server 2003
http://support.microsoft.com/?id=325379
* Initial synchronization requirements for Windows 2000 Server and Windows
Server 2003 operations master role holders
http://support.microsoft.com/default.aspx?scid=kb;en-us;305476
* Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003
Domain
http://support.microsoft.com/default.aspx?scid=kb;en-us;555040
*If you have exchange 5.5/2000 or upgrading to Exchange 2003 check:
Windows Server 2003 adprep /forestprep Command Causes Mangled Attributes in
Windows 2000 Forests That Contain Exchange 2000 Servers
http://support.microsoft.com/?id=314649
How to Upgrade Windows 2000 Domain Controllers to Windows Server 2003
http://support.microsoft.com/?id=325379
Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003
Domain
http://support.microsoft.com/default.aspx?scid=kb;en-us;555040
Common Mistakes When Upgrading Exchange 5.5/2000 To a Exchange 2003
http://support.microsoft.com/?id=555262
Considerations when you upgrade to Exchange Server 2003
http://support.microsoft.com/?id=822942
* If you have UNIX
Cannot Upgrade Windows 2000 Server to Windows Server 2003 with Windows
Services for UNIX 2.0 Installed
http://support.microsoft.com/?id=293783
* Others
Incorrect Schema extension for OS X prevents ForestPrep from completing in
Windows 2000
http://support.microsoft.com/?id=887426
Enhancements to Adprep.exe in Windows Server 2003 Service Pack 1 and in
hotfix 324392
http://support.microsoft.com/?id=324392
- Before Upgrade:
* Verify the end-to-end Active Directory replication throughout the forest.
REPADMIN /REPLSUM /BYSRC /BYDEST /SORT:DELTA
All the domain controllers in the forest must replicate Active Directory
without error, and the values in the "Largest Delta" column of the repadmin
output should not be significantly greater than the replication frequency on
the corresponding site links or connection objects that are used by a given
destination domain controller.
* Resolve all replication errors between domain controllers that have failed
to inbound replicate in less than Tombstone Lifetime (TSL) number of days
(by default, 60 days). If replication cannot be made to function, you may
have to forcibly demote the domain controllers and remove them from the
forest by using the Ntdsutil metadata cleanup command, and then promote them
back into the forest. You can use a forceful demotion to save both the
operating system installation and the programs that are on an orphaned
domain controller. For more information about how to remove orphaned Windows
2000 domain controllers from their domain, click the following article
number to view the article in the Microsoft Knowledge Base:
How to remove data in Active Directory after an unsuccessful domain
controller demotion
http://support.microsoft.com/kb/216498/
* Verify that the contents of the Sysvol share are consistent
DCDIAG.EXE /e /test:frssysvol
* Inventory and test the operations roles.
DCDIAG /test:FSMOCHECK
NETDOM QUERY FSMO
* Verify that the schema master and each infrastructure master has performed
inbound replication of Active Directory since last booted.
REPADMIN /SHOWREPS DCNAME
For more information about operations masters and their placement.
Description Active Directory FSMO roles
http://support.microsoft.com/kb/197132/
FSMO placement and optimization on Active Directory domain controllers
http://support.microsoft.com/kb/223346/
* Examine the event logs on all the domain controllers for problematic
events.
* The volume that hosts the Active Directory database file, Ntds.dit, must
have free space equal to at least 15-20% of the Ntds.dit file size. The
volume that hosts the Active Directory log file must also have free space
equal to at least 15-20% of the Ntds.dit file size. For additional
information about how to free up additional disk space, see the "Domain
Controllers Without Sufficient Disk Space" section of this article.
* You can install a new computer (more powerful) make it a an additional DC
of the existent Domain then you can use that server to perform the upgrade
- Dns Planning:
Prior to beginning the moving from Windows 2000 to the Windows Server 2003
Active Directory service, ensure that you have designed a DNS and Active
Directory namespace and have either configured DNS servers or are planning
to have the Active Directory Installation Wizard automatically install the
DNS service on the domain controller.
Active Directory is integrated with DNS in the following ways:
Active Directory and DNS have the same hierarchical structure. Although
separate and implemented differently for different purposes, an
organization's namespace for DNS and Active Directory have an identical
structure. For example, microsoft.com is both a DNS domain and an Active
Directory domain.
DNS zones can be stored in Active Directory. If you are using the Windows
Server DNS service, primary zone files can be stored in Active Directory for
replication to other Active Directory domain controllers.
Active Directory uses DNS as a locator service, resolving Active Directory
domain, site, and service names to an IP address. To log on to an Active
Directory domain, an Active Directory client queries its configured DNS
server for the IP address of the Lightweight Directory Access Protocol
(LDAP) service running on a domain controller for a specified domain.
While Active Directory is integrated with DNS and they share the same
namespace structure, it is important to distinguish the basic difference
between them:
DNS is a name resolution service. DNS clients send DNS name queries to their
configured DNS server. The DNS server receives the name query and either
resolves the name query through locally stored files or consults another DNS
server for resolution. DNS does not require Active Directory to function.
Active Directory is a directory service. Active Directory provides an
information repository and services to make information available to users
and applications. Active Directory clients send queries to Active Directory
servers using LDAP. In order to locate an Active Directory server, an Active
Directory client queries DNS. Active Directory requires DNS to function.
If use BIND DNS servers Make sure that you have BIND 8.1.2
- Supports: Srv records, Dynamic Updates, Doesn't Support
Secure Dynamic Updates (this is one disadvantage over the MS Dns server
Servers, and represents security issues).
- Create Primary Zone
If Use 2003 DNS
* Create Primary Zone
* You can use an pre existent Dns or you can create it during the upgrade
process.
* Convert to AD-Integrated.
* NetDiag /fix (This is an extra measure, to register the necessary dns
records).
* Make sure that every domain controller has its DNS properties under NIC
configuration pointing to itself. (If DC IP Address is 10.0.0.1 then Dns
should be 10.0.0.1).
* Make sure that every DNS server can resolve all domains in the forest.
(Use Forwarding, Stub Zones or Secondary Zones).
* Make sure that all clients Only uses the local(s) Dns Server.
How Domain Controllers Are Located in Windows
http://support.microsoft.com/kb/247811/
DNS Conditional Forwarding in Windows Server 2003
http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html
DNS Stub Zones in Windows Server 2003
http://www.windowsnetworking.com/articles_tutorials/DNS_Stub_Zones.html
How To Create a Child Domain in Active Directory and Delegate the DNS
Namespace to the Child Domain
http://support.microsoft.com/kb/255248/
Check:
Troubleshooting DNS
http://technet2.microsoft.com/WindowsServer/en/Library/de2aa69d-1155-4dc9-a651-e8362f6a81c81033.mspx
How to Verify the Creation of SRV Records for a Domain Controller
http://support.microsoft.com/?id=241515
Verify DNS server responsiveness using the nslookup command
http://technet2.microsoft.com/WindowsServer/en/Library/f8761f04-d665-4507-9509-ebb92bbb66ef1033.mspx
- The Upgrade.
* Adprep
http://technet2.microsoft.com/WindowsServer/en/Library/bc5ebbdb-a8d7-4761-b38a-e207baa734191033.mspx?mfr=true
* Run the adprep /Forestprep -> Schema Master Role.
To perform this step you should disable the replication before running the
/Forestprep switch.
Check section: Upgrading the forest with the adprep /forestprep command in:
http://support.microsoft.com/?id=325379
* Run the adprep /Domainprep -> Infrastructure Master Role.
Description Active Directory FSMO roles
http://support.microsoft.com/kb/197132/
FSMO placement and optimization on Active Directory domain controllers
http://support.microsoft.com/kb/223346/
* Make sure that you have 1 GC per site (GCs are needed unless: you only
have one domain, or the DFL is prior to Windows 2000 or Windows 2003).
* Make sure that network clients point to the Network Dns server only
(Usually the DC).
* Check Dns and AD
Verifying Active Directory Installation
http://technet2.microsoft.com/WindowsServer/en/Library/3d157c1a-5c80-4947-ba8b-a02e5fb1dada1033.mspx
Troubleshooting DNS
http://technet2.microsoft.com/WindowsServer/en/Library/de2aa69d-1155-4dc9-a651-e8362f6a81c81033.mspx
How to Verify the Creation of SRV Records for a Domain Controller
http://support.microsoft.com/?id=241515
Verify DNS server responsiveness using the nslookup command
http://technet2.microsoft.com/WindowsServer/en/Library/f8761f04-d665-4507-9509-ebb92bbb66ef1033.mspx
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"Nhan Nguyen" <Nhan Nguyen@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0D944A8A-5123-4D28-9C76-F87D11F424AA@xxxxxxxxxxxxxxxx
I have four DC in a MS-2000 Active Directory... I have purchased three new
servers and installed MS-2003 w/ SP1 (these servers are not networked to
the
2000 AD and have no roles applied to them.
The four servers have SP4 applied and ADMT2 tools installed.
Questions...
What is the next step?
run adpprep /forestprep first?
or join the 3 server as members?
Do I need to run adpprep /forestprep on all four servers?
Is there a step missing?
.
- Prev by Date: Re: 2003 Migration
- Next by Date: Re: Raising to native mode
- Previous by thread: Re: 2003 Migration
- Next by thread: Re: 2003 Migration
- Index(es):
Relevant Pages
|
|
