Please review my migration plan for moving Forest from W2K to W2K3
- From: "Bill-MT" <BillMT@xxxxxxxxxxxxxx>
- Date: Wed, 22 Jun 2005 12:11:06 -0700
My Steps to Migrate W2K forest to W2K3
=======================================
1) Notify Desktop Coordinators of SMB/CIFS - SMB signing issue. Unless
someone reports a problem with this no change is necessary. If there is a
problem (with say the SAMBA servers in our network), may need to DISABLE smb
service signing in Domain Controllers Policy. (see step 16 below).
2) Make sure all DCs are Windows 2000 sp4 - done. (three in Root domain,
four in User domain)
3) Verify replication throughout the forest. Use 2003 version of REPADMIN,
so first install 2003 member server with tools. Verify Largest Delta in
column (see appropriate KB notes).
4) Remove non-existent W2K DCs - those were previously Demoted but are still
referenced by some AD tools and by NetIQ tool even though they no longer have
NTDS data listed in AD Sites & Services tool. (see KB216498)
5) Remove any non-existent external trusts via AD domains & trusts tool.
6) Use HEALTHCHECK (on W2K3 support tools) and DCDIAG to test SYSVOL/FRS
replication.
7) Use DCDIAG or NETDOM to check FSMO roles.
a. When building replacement for current Schema/DomainName/RootPDC
machine, make sure Domain Naming master is a GC.
b. Keep Domain Naming and Schema master together.
c. Keep RID and PDC together.
8) Use REPADMIN to check inbound replication
9) Find out what to do with DNS scavenging.
(scavenging option is currently not-set on any of the MS-DNS servers).
10) Distributed Link Tracking - how can I tell if we are using this?
11) Do SYSTEM STATE backups on all DCs before proceeding.
12) Run InetOrgPersonPrevent.ldf _BEFORE_ w2k3 ADPREP.
--> CRITICAL. - wait for replication.
a. this is necessary because Exchange 2000 was added to W2K forest/domain
without first doing InetOrg fix.
b. should this be done "after hours" because of replication load issues
on DCs or
Exchange servers?
13) Run adprep /forestprep on SCHEMA master - wait for replication.
(login as SCHEMA ADMIN)
a. Ignore 1153 errors if they occur.
b. Verify changes have replicated.
c. Look for mangled LDAPDisplayNames (should not be mangled if
InetOrgPersonPrevent.ldf done first).
d. Assuming adprep runs without interruptions, anything to worry about
here?
14) Run adprep /domainprep on INFRASTRUCTURE master - wait for replication.
(login as DOMAIN ADMIN).
a. Must be done on BOTH (Root and User) domain infrastructure masters.
- wait for replication.
b. Done just once on each INFRASTRUCTURE master.
c. Can upgrade member servers anytime (not part of forest upgrade).
d. Assuming adprep runs without interruptions, anything to worry about
here?
15) After ADPREP run and all changes replicated.
a. PROMOTE a NEW W2K3sp1 member server then MOVE the following Roles.
- First DC must have following roles:
Domain Naming & PDC of Forest Root (must also be a GC for
Dom Name master role).
- And remember - First DC in user domain must be the PDC of that
domain.
b. Install any newly required hotfixes
(check windows update again now that machine is DC).
c. Any problems using the Promotion (DCPromo) method
rather than Upgrade method? {I don't like upgrades}.
16) If SMB-signing an issue - disable SMB service signing
after first W2K3 DC introduced.
a. can be done via Domain Controller policy.
17) Verify health of upgrade by checking - DC replication and server event
logs.
a. IGNORE event id: 1913
18) Install w2k3 adminpak.msi and suptools.msi on each new W2K3sp1 server.
19) Make new system state/drive backups after each server promotion & role
move.
20) Perform off-line defragmentation
- 24hours after SIS event ID 1966 shows completion. (optional).
21) Check DLT service to see if disabled on new server.
- Will this break anything, how can I tell if my forest uses DLT
objects?
22) Perform off-line defrag 60+ days after upgrade (optional).
23) Keep Forest at functional level zero -
because running Exchange 2000 - Recipient Update Service issues.
a. Remember to change SERVERS designated as recipient update server as
new DCs are added & old ones removed.
24) Raise Domain functional levels after all domain DCs are running W2K3sp1.
a. Any Exchange Server 2000 issues with raising domain functional levels?
25) Anything I've forgotten here?
Note: this migration plan was build using KBs referenced in KB555040
(common mistakes when upgrading) and KB325379 (how to upgrade).
--
Bill
.
- Follow-Ups:
- RE: Please review my migration plan for moving Forest from W2K to W2K3
- From: Frances [MSFT]
- RE: Please review my migration plan for moving Forest from W2K to W2K3
- Prev by Date: Re: Encrypted files inaccessible after migration
- Next by Date: Password Export Server
- Previous by thread: MS Project Template for Migration fro Netware to 2003
- Next by thread: RE: Please review my migration plan for moving Forest from W2K to W2K3
- Index(es):
Relevant Pages
|
