Re: W2K DC Migrate To New Hardware
- From: v-amanwa@xxxxxxxxxxxxxxxxxxxx (Amanda Wang [MSFT])
- Date: Mon, 09 May 2005 12:02:44 GMT
Hello,
Thanks for your update and let me know your further concern regarding the
issue.
I would give the answer to your concerns separately:
1. Will the fact that we are still running in mixed mode create any
problems with the move to new hardware? i.e. are we likely to experience
any user authentication and permission issues with my original plan?
You can change the mixed mode to Win 2k native mode after moving. And
using mixed mode will not effect any user authentication and permission
because it is not related to them.
2. Looking in our AD Site & Services snap-in, I notice that the DC we are
demoting is also our ISTG (Inter-Site Topology Generator). Do I need to
change this role manually to another server before demotion? We are single
forest, domain, site here, therefore don't have inter-site comms.
Based on my research, after demotion, ISTG will be removed on the old
server and you need to create a new connection for ISTG on new server
manually. You can choose the original domain in AD. For more assistance
on how to configure the setting in AD, please directly contact to
Microsoft.public.win2000.active_directory to get the most qualified pool of
respondents.
HTH!
Thanks & Regards
Amanda Wang [MSFT]
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
====================================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================================
--------------------
>From: "BC" <bcharlton@xxxxxxxxxxxxxxx>
>Newsgroups: microsoft.public.windows.server.migration
>Subject: Re: W2K DC Migrate To New Hardware
>Date: 6 May 2005 04:37:35 -0700
>Organization: http://groups.google.com
>Lines: 390
>Message-ID: <1115379455.091672.43790@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
>References: <1115152486.010768.120390@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
> <#IXniWGUFHA.3052@xxxxxxxxxxxxxxxxxxxxx>
> <9cR3xqUUFHA.2476@xxxxxxxxxxxxxxxxxxxxx>
> <xvG5efVUFHA.2184@xxxxxxxxxxxxxxxxxxxxx>
>NNTP-Posting-Host: 83.104.84.97
>Mime-Version: 1.0
>Content-Type: text/plain; charset="iso-8859-1"
>Content-Transfer-Encoding: quoted-printable
>X-Trace: posting.google.com 1115379459 8000 127.0.0.1 (6 May 2005 11:37:39
GMT)
>X-Complaints-To: groups-abuse@xxxxxxxxxx
>NNTP-Posting-Date: Fri, 6 May 2005 11:37:39 +0000 (UTC)
>In-Reply-To: <xvG5efVUFHA.2184@xxxxxxxxxxxxxxxxxxxxx>
>User-Agent: G2/0.2
>Complaints-To: groups-abuse@xxxxxxxxxx
>Injection-Info: o13g2000cwo.googlegroups.com; posting-host=83.104.84.97;
> posting-account=3lUg1A0AAABR2Y2mblrtDMME0F56cA1o
>Path:
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onli
ne.de!news.glorb.com!postnews.google.com!o13g2000cwo.googlegroups.com!not-fo
r-mail
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.migration:10052
>X-Tomcat-NG: microsoft.public.windows.server.migration
>
>Hi Amanda
>Another quick query if I may. Looking in our AD Site & Services
>snap-in, I notice that the DC we are demoting is also our ISTG
>(Inter-Site Topology Generator). Do I need to change this role
>manually to another server before demotion? We are single forest,
>domain, site here, therefore don't have inter-site comms. However,
>just wanted to know if it would cause issues.
>Thanks
>BC
>Amanda Wang [MSFT] wrote:
>> Hello,
>>
>> Thanks for your update.
>>
>> Your questions are: Is it possible to run more than one GC on our
>network?
>> What are the implications for ourExchange 2K box? At present, if
>the root
>> DC (and GC) is down, Exchange 2K doesn't function. Can I run GC on
>the
>> same box as Exchange 2K (it is already a DC).
>>
>> Based on my knowledge, you can run more than one GC on your network
>and we
>> recommend that there is one GC in one site. Meanwhile, Exchange is
>not
>> recommended to be run on a DC.
>>
>> The main reasons are as following:
>>
>> The only valid business cases for installing Exchange Server on a DC
>that I
>> have ever encountered are (1) budget limitations in an environment
>too
>> large to use Microsoft Small Business Server, and (2) when deploying
>> Exchange servers in locations where reliable WAN links are difficult
>or
>> impossible to purchase and implement. Exchange 2003 on a domain
>controller
>> is supported by Microsoft as a valid configuration, provided you
>adhere to
>> the following restrictions and limitations:
>>
>> ¡¤ Exchange and Active Directory are both resource-intensive
>applications.
>> There are serious performance implications that result from running
>them
>> both on the same system.
>>
>> ¡¤ The domain controller must also be a global catalog server.
>>
>> ¡¤ Several directory-related components of Exchange 2003, namely
>DSAccess,
>> DSProxy and the message categorizer will not load-balance or failover
>to
>> any other domain controller or global catalog server.
>>
>> ¡¤ You should not take advantage of the /3GB switch in Windows, as
>it could
>> cause Exchange to consume all available memory, effectively choking
>out
>> Active Directory.
>>
>> ¡¤ System shutdown will take longer due to the order in which
>components
>> are automatically shutdown. This problem can be overcome by shutting
>down
>> Exchange prior to shutting down the operating system.
>>
>> ¡¤ This configuration is less secure because Exchange
>administrators will
>> have local administrative access to Active Directory, enabling them
>to
>> elevate their privileges. In addition, any security vulnerability
>found in
>> Exchange or Active Directory exposes the other to attack and
>compromise.
>>
>> ¡¤ Once Exchange has been installed on a computer, its role (e.g.,
>domain
>> controller or member server) cannot be changed. Do not demote or
>promote
>> an Exchange 2003 computer. Doing so will break several components,
>> including Outlook Mobile Access, and Microsoft Product Support
>Services
>> does not support this.
>>
>> ¡¤ Running clustered Exchange servers on cluster nodes that are
>also domain
>> controllers is not supported by Microsoft and should never be done
>under
>> any circumstances.
>>
>> For more questions about Exchange, you'd best address in
>> Microsoft.public.exchange or exchange2000 to get the most efficient
>and
>> professional support.
>>
>> HTH!
>>
>> Thanks & Regards
>>
>> Amanda Wang [MSFT]
>>
>> Microsoft Online Partner Support
>>
>> Get Secure! - www.microsoft.com/security
>>
>> ====================================================================
>>
>> When responding to posts, please "Reply to Group" via your newsreader
>so
>> that others may learn and benefit from your issue.
>>
>> =====================================================================
>>
>> --------------------
>> >Newsgroups: microsoft.public.windows.server.migration
>> >From: v-amanwa@xxxxxxxxxxxxxxxxxxxx (Amanda Wang [MSFT])
>> >Organization: Microsoft
>> >Date: Thu, 05 May 2005 08:00:31 GMT
>> >Subject: RE: W2K DC Migrate To New Hardware
>> >X-Tomcat-NG: microsoft.public.windows.server.migration
>> >MIME-Version: 1.0
>> >Content-Type: text/plain
>> >Content-Transfer-Encoding: 7bit
>> >
>> >From: "BC" <bcharlton@xxxxxxxxxxxxxxx>
>> >Newsgroups: microsoft.public.windows.server.migration
>> >Subject: Re: W2K DC Migrate To New Hardware
>> >Date: 4 May 2005 01:03:59 -0700
>> >
>> >Thanks for the response Amanda. I think you are right. As we only
>> >have two DCs on the network right now, I think it makes sense to
>> >install a spare DC. Means that when I demote the server I am
>> >replacing, at least I've got 2 DCs and 2 DNS going for failsafe.
>> >
>> >I have a couple of questions. It seems that we currently only have
>one
>> >Global Catalog server on the network. This is the root DC that I am
>> >looking to replace. I take it this is bad?! Is it possible to run
>> >more than one GC on our network? What are the implications for our
>> >Exchange 2K box? At present, if the root DC (and GC) is down,
>Exchange
>> >2K doesn't function. Can I run GC on the same box as Exhcange 2K
>(it
>> >is already a DC).
>> >
>> >I figure my best option is to have another DC on the network, split
>> >FSMO roles between DCs and perhaps have GC running on each DC other
>> >than the Exchange box.
>> >
>> >Thanks for the advice.
>> >
>> >BC
>> >====================================================================
>> >
>> >When responding to posts, please "Reply to Group" via your
>newsreader so
>> >that others may learn and benefit from your issue.
>> >
>>
>>=====================================================================
>> >
>> >--------------------
>> >>X-Tomcat-ID: 82580962
>> >>References: <1115152486.010768.120390@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
>> >>MIME-Version: 1.0
>> >>Content-Type: text/plain
>> >>Content-Transfer-Encoding: 7bit
>> >>From: v-amanwa@xxxxxxxxxxxxxxxxxxxx (Amanda Wang [MSFT])
>> >>Organization: Microsoft
>> >>Date: Wed, 04 May 2005 04:56:17 GMT
>> >>Subject: RE: W2K DC Migrate To New Hardware
>> >>X-Tomcat-NG: microsoft.public.windows.server.migration
>> >>Message-ID: <#IXniWGUFHA.3052@xxxxxxxxxxxxxxxxxxxxx>
>> >>Newsgroups: microsoft.public.windows.server.migration
>> >>Lines: 125
>> >>Path: TK2MSFTNGXA01.phx.gbl
>> >>Xref: TK2MSFTNGXA01.phx.gbl
>microsoft.public.windows.server.migration:9991
>> >>NNTP-Posting-Host: TOMCATIMPORT1 10.201.218.122
>> >>
>> >>Hello,
>> >>
>> >>Thanks for your post.
>> >>
>> >>I understand you want to move an existing W2K DC to new hardware
>and
>> >retain
>> >>the same name and IP address to save manually editing DNS entries
>on
>> >>clients. If I misunderstood, please feel free to let me know.
>> >>
>> >>Your plan seems good and according to your description, I would
>give you
>> >>some more suggestions as following:
>> >>
>> >>You can refer to the following article to move win2k to anther
>server.
>> >>However, I suggest you back up your system first and do a test
>during a
>> >>non-business time.
>> >>
>> >>How to move a Windows 2000 installation to different hardware
>> >>http://support.microsoft.com/?kbid=249694
>> >>
>> >>If we only have one new server, please use the steps in KB 249694
>to
>> >backup
>> >>the original server, connect the new machine in another subnet and
>> restore
>> >>the system to the new box to test if it can function correctly.
>> >>
>> >>Alternatively, if you have two new servers, you can use the
>following
>> >steps
>> >>to achieve your goal:
>> >>
>> >>The original server is Server 1, I called two new servers NewSrv1
>and
>> >>NewSrv2. I assume you want to use NewSrv1 to replace Server1
>> >>
>> >> 1. Add NewSrv2 to the current domain and promote it to be an
>> additional
>> >>DC for Server1; install AD-integrated DNS on NewSrv2. During this
>period,
>> >>AD and DNS information will be automatically replicated to NewSrv2.
>> >>
>> >> 2. Transfer FSMO role from Server1 to NewSrv2.
>> >> 3. Backup Server1 to a tape in case you need to restore the
>system to
>> >>Server1.
>> >> 4. Demote Server1 and then take it offline.
>> >> 5. Run NewSrv2 for a period of time for test to make sure there
>is no
>> >>problem.
>> >> 6. On machine NewSrv1, change computer name from NewSrv1 to
>Server1,
>> >>change the IP and then add NewSrv1 to the network.
>> >> 7. Promote it to be an additional DC for NewSrv2; install
>> AD-integrated
>> >>DNS on Server1. During this period, AD and DNS information will be
>> >>automatically replicated to Server1.
>> >>
>> >> 8. Transfer FSMO role from NewSrv2 to Server1
>> >>
>> >>You now use NewSrv1 to replace Server1, AD and DNS information have
>been
>> >>migrated to the new hardware. This method is more secure and
>smooth.
>> >>
>> >>HTH!
>> >>
>> >>Thanks & Regards
>> >>
>> >>Amanda Wang [MSFT]
>> >>
>> >>Microsoft Online Partner Support
>> >>
>> >>Get Secure! - www.microsoft.com/security
>> >>
>>
>>>====================================================================
>> >>
>> >>When responding to posts, please "Reply to Group" via your
>newsreader so
>> >>that others may learn and benefit from your issue.
>> >>
>>
>>>=====================================================================
>> >>
>> >>--------------------
>> >>>From: bcharlton@xxxxxxxxxxxxxxx
>> >>>Newsgroups: microsoft.public.windows.server.migration
>> >>>Subject: W2K DC Migrate To New Hardware
>> >>>Date: 3 May 2005 13:34:46 -0700
>> >>>Organization: http://groups.google.com
>> >>>Lines: 53
>> >>>Message-ID:
><1115152486.010768.120390@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
>> >>>NNTP-Posting-Host: 81.156.202.178
>> >>>Mime-Version: 1.0
>> >>>Content-Type: text/plain; charset="iso-8859-1"
>> >>>X-Trace: posting.google.com 1115152492 9495 127.0.0.1 (3 May 2005
>> >20:34:52
>> >>GMT)
>> >>>X-Complaints-To: groups-abuse@xxxxxxxxxx
>> >>>NNTP-Posting-Date: Tue, 3 May 2005 20:34:52 +0000 (UTC)
>> >>>User-Agent: G2/0.2
>> >>>Complaints-To: groups-abuse@xxxxxxxxxx
>> >>>Injection-Info: f14g2000cwb.googlegroups.com;
>> posting-host=81.156.202.178;
>> >>> posting-account=3lUg1A0AAABR2Y2mblrtDMME0F56cA1o
>> >>>Path:
>>
>>>TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-o
n
>> l
>> >i
>>
>>>ne.de!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!postnews.google.com
!
>> f
>> >1
>> >>4g2000cwb.googlegroups.com!not-for-mail
>> >>>Xref: TK2MSFTNGXA01.phx.gbl
>> microsoft.public.windows.server.migration:9985
>> >>>X-Tomcat-NG: microsoft.public.windows.server.migration
>> >>>
>> >>>Hi
>> >>>
>> >>>
>> >>>I wonder if someone can help me please? Anyone know of a best
>> >>>practice method of moving an existing W2K DC to new hardware.
>Ideally
>> >>>I'd like to retain the same name and IP address to save manually
>> >>>editing DNS entries on clients.
>> >>>
>> >>>
>> >>>Our current setup:
>> >>>
>> >>>
>> >>>Server1 - W2K DC, Exchange 2K, secondary DNS, WINS
>> >>>
>> >>>
>> >>>Server2 - W2K DC, All FMSO roles, Global Catalog, Primary DNS,
>WINS.
>> >>>This was the first DC in the domain and is thus root DC.
>> >>>
>> >>>
>> >>>The server I need to move to new hardware is Server2.
>> >>>
>> >>>
>> >>>My initial plan is as follows:
>> >>>
>> >>>
>> >>>Install W2K Server on a spare server. Run dcpromo.exe and promote
>to
>> >>>DC. Move all FMSO roles and GC from Server2 to this spare server.
>> >>>
>> >>>
>> >>>Backup Server2. Run dcpromo.exe and demote DC to member server.
>> >>>Rename machine and remove from domain.
>> >>>
>> >>>
>> >>>Install W2K on brand spanking new machine. Call it Server2 with
>the
>> >>>same IP address. Run dcpromo.exe and promote to DC. Move all
>FMSO
>> >>>roles and GC from spare server to new server2. Install DNS (and
>> >>>replciate with server1), install WINS (and replicate with
>server1).
>> >>>
>> >>>
>> >>>Demote spare server to member server and remove from domain.
>> >>>
>> >>>
>> >>>Will this work? Any hitches anyone can see?
>> >>>
>> >>>
>> >>>Advice would be greatly appreciated.
>> >>>
>> >>>
>> >>>Cheers
>> >>>
>> >>>
>> >>>BC
>> >>>
>> >>>
>> >>
>> >>
>> >
>
.
- Follow-Ups:
- Re: W2K DC Migrate To New Hardware
- From: BC
- Re: W2K DC Migrate To New Hardware
- References:
- W2K DC Migrate To New Hardware
- From: bcharlton
- Re: W2K DC Migrate To New Hardware
- From: BC
- W2K DC Migrate To New Hardware
- Prev by Date: ADMT v2 questions
- Next by Date: RE: Netware -> MS2003 migration --- MSDSS / FMU log file manipulat
- Previous by thread: Re: W2K DC Migrate To New Hardware
- Next by thread: Re: W2K DC Migrate To New Hardware
- Index(es):
Relevant Pages
|
Loading
