Re: Migrate 2003 domain to 2008 domain
- From: KC <KC@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 13 Mar 2009 09:02:02 -0700
Yeah. That would definitely simplify the whole migration process. Thank you
for pointing it out. I thought you can basically run the prep on any DC.
After further thought, you actually run the prep on the schema master role
holder DC. Got it!!!
Thank you.
KC
"Isaac Oben [MCITP,MCSE]" wrote:
Hello KC,.
Why don't you just move the fsmo roles from one dc1 to dc2 after after step
2?Why run the prep to a dc that you are about to demote first?
--
Isaac Oben [MCTIP:EA, MCSE]
"KC" <KC@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:76B2D155-FD65-477F-8FD8-A220E0A1C686@xxxxxxxxxxxxxxxx
Thank you Isaac. I just wanted to confirm it can be done. With that, the
procedure will be slightly different from what I had earlier. Hiopefully,
I
get it right this time.
1) Install Win2003 SP3 and all latest patches on all Win2003 DC.
2) Run repadmin /showrepl, dcdiag, and netdiag on DC. Check any DC for
errors.
3) Run adprep /forestprep, then adprep /domain /gpprep on FSMO role
holder.
4) Run adprep /rodprep if you want to deploy read-only DC.
5) Allow all updates to replicate and check for errors.
6) Assume there is another DC with DNS and GC on the domain. Move the FSMO
to the other Win2003 DC using AD snap-in MMC.
7) Disconnect network cable on the Win2003 DC (the one where you moved
FSMO
from). Verify name resolution and every service/application/role are all
functioning as expected.
8) If everything works, reconnect and allow replication to occur. Then,
start demotion.
9) Verify everything still works. Shut off the DC. Remove any entry
referencing to that old DC (DNS, computer name, etc.)
10) Join the Win2008 server to the domain with the IP of the old DC.
11) Add the AD DS with DNS and GC on Win2008.
12) Verify updates are replicating across using repadmin, dcdiag and
netdiag.
13) Verify the name resolution works from clients.
14) Move FSMO from Win2003 DC to Win2008 DC using AD Snap-in.
15) Check for errors after replication.
16) Repeat step 7 through 13 for the other Win2003 DC.
Am I missing anything? Thank you for checking.
Thanks,
KC
"Isaac Oben [MCITP,MCSE]" wrote:
Helo KC,
You can reuse IP addresses of seized domain controllers. Just make sure
you
have cleaned dns of old records. My last post was just to give you an
easy
way to for configuring fixed ip addresses.
--
Isaac Oben [MCTIP:EA, MCSE]
"KC" <KC@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:EFF692F2-C6CE-488E-AC60-5F8255E3C732@xxxxxxxxxxxxxxxx
Hello. So, it is basically not a recommended approach to reuse the IP
address
of the seized domain controller even it is being replaced with a new
box,
new
name and all. Am I correct? Thank you.
"Isaac Oben [MCITP,MCSE]" wrote:
Hello KC,
You can use a simple script in powershell or vbscript to accomplished
this.
--
Isaac Oben [MCTIP:EA, MCSE]
"KC" <KC@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:05D5D1CE-17B4-4B16-B69C-678AC31C7785@xxxxxxxxxxxxxxxx
Hi Meinolf, thank you for the response. If the environment has over
thousand
of clients, changing the DNS settings per client might not be very
practical
if you have limited staff. Is there a way where you still do the
replacement
with new server hardware and with new server name but you reuse the
old
IP
address for DNS sake? Thanks again.
"Meinolf Weber [MVP-DS]" wrote:
Hello KC,
See inline
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties,
and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Thank you Isaac for the quick response. If I understood you
correctly,
the migration procedures/steps should be as follows:
1) Install Win2003 SP1 or SP2 on all three Win2003 DCs.
SP2 and all latest patches to make sure the OS is complete for the
upgrade
to 2008.
2) Run repadmin /showrepl, dcdiag and netdiag on the DC then
check
for
any
error.
Check any DC for errors.
3) Run adprep.exe /domainprep /gpprep then run adprep.exe
/rodcprep
on
the
infrastructure master role holder DC.
You have to start with adprep /forestprep and then /domainprep,
/gpprep
is
not needed when upgrading from 2003 (you can run it if you like).
Also
run
adprep /rodcprep to prepare for Read-only domain controllers, maybe
you
like
to have them in the future and so this is done. If you have split
the
FSMO
roles you have to choose the correct FSMO DC, thats fine.
4) Run adprep.exe /forestprep on the schema master role holder
DC.
See above.
5) Join the two new Win2008 servers on the domain as member
server.
Ok, make sure to point the preferred DNS only to one acting DC/DNS
server
until replication after promoting later is done.
6) Add the AD DS role without DNS server and GC on to the two
Win2008
servers.
Why? Do it direct during promotion, no problem and all is
replicated
complete
AD, DNS and GC.
7) Verify all DC replications are fully functional and check for
any
error.
To use netdiag on 2008 you have to copy the netdiag.exe from 2003
to
the
2008 windows\system32 folder, not included as the others. Works
also
without
any problem on 2008.
8) Add DNS server and GC to the newly Win2008 servers.
See above.
9) Move AD-integrated DNS zones to the newly created partitions
on
the
new
Win2008 servers.
See above.
10) Change the client's DNS entry on LAN settings to point to the
new
Win2008 DCs one client at a time and make sure the name
resolution
is
working. Check the DNS event log.
Ok.
11) Use the NTDSUTIL to move the forestwide OM roles to one of
the
Win2008 DC.
You can also use the AD management consoles.
http://support.microsoft.com/kb/324801
12) Use the NTDSUTIL to move the domainwide OM roles to the
Win2008
DC
chosen on step (11).
You can also use the AD management consoles.
http://support.microsoft.com/kb/324801
13) Run dcpromo to demote the two old Win2003 DCs.
WAIT until you have really tested all functionality for some days.
For
the
test just remove the network cable form the old DC's so that all
must
run
with the new ones. If every service/application/role is working as
expected,
reconnect, let them replicate again, check replication and then
start
with
demotion.
14) Use ADSIEdit from Win2008 DC to retire "phantom" domain
controller.
If demotion is succesful, you have only to remove the old DC names
from
AD
sites and services. Also DNS has to be cleaned up from the old
servers
and
record's.
15) Turn off the two Win2003 servers.
After demotion the servers will move in AD UC to the computers
container,
so you have to delete them there if you will not longer use the
servers
as
member servers in the domain.
Thanks again.
KC
- References:
- Re: Migrate 2003 domain to 2008 domain
- From: KC
- Re: Migrate 2003 domain to 2008 domain
- From: Isaac Oben [MCITP,MCSE]
- Re: Migrate 2003 domain to 2008 domain
- From: KC
- Re: Migrate 2003 domain to 2008 domain
- From: Meinolf Weber [MVP-DS]
- Re: Migrate 2003 domain to 2008 domain
- From: KC
- Re: Migrate 2003 domain to 2008 domain
- From: Isaac Oben [MCITP,MCSE]
- Re: Migrate 2003 domain to 2008 domain
- From: KC
- Re: Migrate 2003 domain to 2008 domain
- From: Isaac Oben [MCITP,MCSE]
- Re: Migrate 2003 domain to 2008 domain
- From: KC
- Re: Migrate 2003 domain to 2008 domain
- From: Isaac Oben [MCITP,MCSE]
- Re: Migrate 2003 domain to 2008 domain
- Prev by Date: Re: Migrate 2003 domain to 2008 domain
- Next by Date: Re: Migrate 2003 domain to 2008 domain
- Previous by thread: Re: Migrate 2003 domain to 2008 domain
- Next by thread: Re: Migrate 2003 domain to 2008 domain
- Index(es):
Relevant Pages
|
