Re: Domain Browsing Issues
- From: "Coraleigh Miller" <coraleighmiller@xxxxxxxxx>
- Date: Tue, 11 Sep 2007 22:33:18 -0700
Hi,
Yes...also in order to transfer all your AD settings etc Meinolf Weber (an
esteemed poster in this group) actually recently posted a step by step good
strategy for replacing a 2000 AD server with a 2003 AD. I have pasted it
below....
Coraleigh Miller
(paste)
...........................................................................................................................................
Hello JPCLYONS,
- on the 2000 DC, if not done, make DNS as Active directory integrated zone,
easier for administration and replication
- on the 2003 server, point DNS on the NIC only to the 2000 DNS server
- prepare the schema master 2000 for the new schema with adprep /forestprep
adprep /domainprep from the 2003 installation cd with an account that is
member of the schema admins
- run dcpromo on the 2003 server, make it DNS server and check that DNS is
active directory integrated, let it time for replication from DNS
- if the new one is ready so far, run dcdiag and netdiag against the new
server to check for errors
- if no errors make it a global catalog server
Open Active directory site and services, go to Sites, default first site
name, servers, choose the server, right click NTDS settings, open properties
and checkmark Global catalog (check event viewer after it, in Directory
service
you must find event id 1110 and 1119)
- move the 5 FSMO roles to the new 2003 machine, check in
eventviewer>directory
services for entries about success or failure
http://support.microsoft.com/kb/324801
- check again with dcdiag and netdiag for errors
- change DNS settings from the new server to point to itself as primary
server,
change the 2000 machine to point to the new 2003 server as primary DNS
server
- give it some time and test that your environment it still running, web,
shares, login etc. Also again dcdiag and netdiag
- do not forget to reconfigure your clients for the new DNS server
- if you have done all your server preparation, you can copy your data to
new locations with keeping your security settings with xcopy or robocopy
- if everything is ok, you can start demoting the old server, do NOT delete
them from AD, run dcpromo on the 2000 DC and follow the wizard, read
carefully.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
Can anyone point me to a references for replacing a Windows 2000...........................................................................................................................
server with a Windows 2003 server?
I need a step by step guide - since this project was inherited and my
credentials right now are just an MCP.
The current server is in a mixed mode Active Directory structure.
It is the PDC, DNS and file server. The new Windows 2003 server will
replace all these functions.
So far, I have installed the server in the rack, assigned the two NICS
with IP's, and gotten all service packs. It is still in WORKGROUP - I
have not added it to the domain.
Without disrupting logins, DNS, etc, I need to know the sequence of
how to proceed.
I do not want DHCP on, or any other services that are not absolutely
essential.
I also realize that this answer might already be somewhere on these
forums, and I will look, it's just that I do not want this to linger,
as the old server has hardly any disk space - the new one has 400
gigs.
Any and all answers will be gratefully appreciated.
Jim Lyons
J P C LYONS AT GEE MAIL DOT COM
(/paste)
<swu30@xxxxxxxxxxx> wrote in message
news:1189360842.994457.43950@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi -
Ok, both of my AD servers are W2k in mixed mode. Given that, and that
I want to replace them both from a hardware level, can I install two
new W2k3 servers in "2000 mode", then retire the old hardware leaving
me with new w2k3 servers in "2000 mode" and then up both W2k3 AD
servers to "2003 mode"?
If not, what's a good strategy for replacing and upgrading my W2k AD
servers?
Thx again!
On Sep 5, 12:57 am, "Coraleigh Miller" <CoraleighMil...@xxxxxxxxx>
wrote:
Hi! :-)
Yes you can mix 2000 DCs with 2003 DCs, as long as your domain functional
level remains at 2000. Doing this however you dont gain some of the new
domain features of 2003. http://support.microsoft.com/kb/322692
If you were to raise your domain functional level to take advantage of
the
2003 features, you would not be able to use any 2000 DCs...so you would
have
to upgrade them all to 2003. You would also have to buy 2003 client
access
licenses...http://www.microsoft.com/windowsserver2003/howtobuy/licensing/priclic...
Hope this helps.
Coraleigh Miller
<sw...@xxxxxxxxxxx> wrote in message
news:1188878736.086728.274450@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Aug 27, 12:07 am, "Coraleigh Miller" <CoraleighMil...@xxxxxxxxx>
wrote:
On the clients you should disable the Computer Browser service since
this
would take precedence over WINS browsing. You can use Group Policy to
do
this if you wish..http://support.microsoft.com/kb/297789
Also make sure the clients have the WINS server IP in their tcpip
settings.
If you use DHCP for your workstations, add both the WINS server IP and
node
type (0x8, hybrid) to your DHCP scope options.
Let me know how it goes. :-)
Coraleigh Miller
<sw...@xxxxxxxxxxx> wrote in message
news:1188183273.619497.37010@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Aug 26, 1:25 pm, "Coraleigh Miller" <CoraleighMil...@xxxxxxxxx>
wrote:
Ahh ok. Try the Browstat tool to troubleshoot a possible Browser
problem,
it could be that the new pcs are trying to be the Master Browser
and
confusing the browser
service.http://support.microsoft.com/kb/188305/en-us
Do any of your Master Browsers have two network
cards?http://support.microsoft.com/kb/191611/en-us
You might really want to consider using WINS for your "my network
places"
browsing, it is far less broadcast chatty on your network and
performs
more
efficiently with multi-subnet
networks.http://technet2.microsoft.com:80/windowsserver/en/library/babc5a09-05...
Are you using Trend Micro
antivirus?http://support.microsoft.com/kb/318245
Do you have any issue related event ids in your Event Log?
Coraleigh Miller
<sw...@xxxxxxxxxxx> wrote in message
news:1188132357.554349.105140@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Aug 25, 10:38 pm, "Coraleigh Miller"
<CoraleighMil...@xxxxxxxxx>
wrote:
Hiswu30,
Since you mentioned that you imaged these new pcs, did you
account
in
your
clone process for each pc getting an unique SID? Check that
they
do
in
fact
have their own sids, if not there are tools to help fix this
including
NewSIDhttp://www.microsoft.com/technet/sysinternals/security/newsid.mspx
and
Ghostwalkerhttp://entkb.symantec.com/security/output/n1999050308324125.html
Are there any related event ids in your event logs?
Coraleigh Miller
<sw...@xxxxxxxxxxx> wrote in message
news:1188075487.914197.146470@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
We recently imaged a small (< 25) number of laptops for use in
our
office. Our basic setup is a routed network with servers on a
192.168.10.x network, clients on 3 diff subnets. We have a
number
of
W2k and W2k3 servers, clients are WinXP desk and laptops. We
have
two
AD servers doing DNS & DHCP.
What we're running into is with the new laptops, they can't
always
browse the Microsoft Network. We have an app that we need to
browse
in
order to setup correctly. On the same subnet I can have
clients
that
can browse, while others (usually the new laptops, but not
always)
can't. They get the "xDomain is not accessible. You might not
have
permission to use this network resource....
We've gone through all the network settings, firewall and
others
on
the clients and they seem the same. They can auth to the AD
and
login
just fine. DNS and access to IP resources not a problem. We
can
map
a
drive to the same server that we can't browse to (well, we
can't
browse to anything).
Are we having a master browser issue on this subnet? We do not
have
WINS running. There are rare times when one of the laptops
that
can't
browse, can, for a while. We can have on the same subnet,
machines
that can browse and others that can't. And they may "flip
flop".
ANY help would be greatly appreciated. Thx!
Hi -
Yes, they have their own SID. The odd thing is that sometimes
there
are "older" PCs/laptops on the same subnet that have been able to
browse and then they can't either. So it' not just limited to the
newly imaged laptops. Although it is far more often with them.
Will check out the browse tool. No, they are all single NIC
machines.
The non-browse issue seems to come into play after we load Sophos
AV.
We have to browse to the server that has Sophos, we do a network
install. After the install is complete, browsing is still OK - until
we reboot. Then the laptop cannot browse the same network.
No matter if we login as the local admin, domain user, or domain
admin, we get the "xDomain is not accessible. You might not have
permission to use this network..." error. All net services are good
except browsing. Nothing in the event log of the client or AD
servers. Arg!
I can easily turn on WINS, do I need to disable/enable anything on
the
clients?
Thx!- Hide quoted text -
- Show quoted text -
Thanks for the help so far. I'll give this a try and let you know. If
I can bounce one more question off of you, I would like to replace one
of our aging AD servers. Our AD is currently on W2k, can I have AD on
a W2k3 server if the other
is W2k AD? I heard you can't mix. True? If so, can you migrate from
W2k to W2k3?
Thx!
.
- References:
- Re: Domain Browsing Issues
- From: swu30@xxxxxxxxxxx
- Re: Domain Browsing Issues
- From: Coraleigh Miller
- Re: Domain Browsing Issues
- From: swu30@xxxxxxxxxxx
- Re: Domain Browsing Issues
- Prev by Date: Re: Terminal server licensing - bug??
- Next by Date: Re: Solution: Viewing Event Log Remotely
- Previous by thread: Re: Domain Browsing Issues
- Next by thread: Re: Memory leak in tcpsvcs.exe on Windows 2003 R2 / SP2
- Index(es):
Relevant Pages
|
