Active directory migration sbs2003 to server 2012 R2 Standard
I'm trying to migrate the active directory from a sbs 2003 to a 2012 R2 Standard. I have transfered all the FSMO roles, but when I shut down the sbs 2003 the 2012 server acts like it does not contain the active directory. When I go to the "Active Directory Users and Computers" I can right click on Active Directory Users and Computers and change the domain controller to my 2012 box and it displays all the same containers i would see on the sbs 2003 box (only when the sbs 2003 is on though). There are only 15 users on the sbs 2003 box so the replication should have been almost instant. So why when I turn off the 2003 box does the 2012 act like it does have the active directory.
BY the way i'm testing this all out on a hyper-v box with images of the 2 servers before i actually attempt the real thing so i am NOT worried about losing data.
1 thing to note. I have always in the past had to insert the latest OS server CD to the older server and do adprep, but I was unable to do so on the sbs 2003 with the 2012 r2 cd I get the following error "The image file D:\support\adprep\adprep.e
These are the steps I have taken.
1. Raise domain functional level + forest by going to 2003 on sbs2003 in the “Active Directory Domains and Trust”
2. Attach server 2012 to the sbs server
3. Add roles and features “Active Directory Directory Services”
4. Server 2012 server manager “!”Promote this server to a domain controller
5. .. > Skip DNS > Drop down select sbs2003 server > … Install (2012 Server will RESTART)
6. Transfer FSMO roles. SBS2003 primary dns points to itself and 2012server points to SBS
a. Open Active directory users and computers > right click on domain.local and click change domain controller.
b. Right click on domain.local and click operations masters…
c. Change RID, PDC, and infrastructure and click change.
7. Open Active Directory Domains and Trust > right click on Active Directory Domains and Trust and click domain controller and select 2012.
a. Right click domain.local and click operations master and click change.
8. Open a command prompt in administration view on your new Windows Server 2012 R2 computer enter regsvr32 schmmgmt.dll and hit enter.
9. Run mmc, add Active Directory Schema, right click on active directory schema and change the domain controller to the 2012server.
a. Right click Active Directory Schema > operations master > click change.
b. If it does not work at first wait 3minutes and try again.
Change DNS on 2012 to point to itself
Install DHCP
fsmo-roles-location.jpg
BY the way i'm testing this all out on a hyper-v box with images of the 2 servers before i actually attempt the real thing so i am NOT worried about losing data.
1 thing to note. I have always in the past had to insert the latest OS server CD to the older server and do adprep, but I was unable to do so on the sbs 2003 with the 2012 r2 cd I get the following error "The image file D:\support\adprep\adprep.e
These are the steps I have taken.
1. Raise domain functional level + forest by going to 2003 on sbs2003 in the “Active Directory Domains and Trust”
2. Attach server 2012 to the sbs server
3. Add roles and features “Active Directory Directory Services”
4. Server 2012 server manager “!”Promote this server to a domain controller
5. .. > Skip DNS > Drop down select sbs2003 server > … Install (2012 Server will RESTART)
6. Transfer FSMO roles. SBS2003 primary dns points to itself and 2012server points to SBS
a. Open Active directory users and computers > right click on domain.local and click change domain controller.
b. Right click on domain.local and click operations masters…
c. Change RID, PDC, and infrastructure and click change.
7. Open Active Directory Domains and Trust > right click on Active Directory Domains and Trust and click domain controller and select 2012.
a. Right click domain.local and click operations master and click change.
8. Open a command prompt in administration view on your new Windows Server 2012 R2 computer enter regsvr32 schmmgmt.dll and hit enter.
9. Run mmc, add Active Directory Schema, right click on active directory schema and change the domain controller to the 2012server.
a. Right click Active Directory Schema > operations master > click change.
b. If it does not work at first wait 3minutes and try again.
Change DNS on 2012 to point to itself
Install DHCP
fsmo-roles-location.jpg
ASKER
Yes, it is automatically checked by default. Plus when I go to the "active Directory Sites and Services" > sites > default-First-Site-Name > servers > server2012 > right click ntds settings and see that the box for "global catalog" is checked.
ASKER
I also unchecked the global catalog for the SBS2003 server thinking this might help my problem.
Run repadmin /showrepl on the 2012 server and make sure replication is successful. Also run net share on that server and make sure the SYSVOL and NETLOGON shares are listed.
ASKER
uploaded a picture of the repadmin /showrepl results. Right now the 2012 server is pointing to itself for the primary dns and alternate dns is pointing to the sbs2003 server.
Net share only list 3 share names C$, IPC$, and ADMIN$
resultsDNSproblem.png
Net share only list 3 share names C$, IPC$, and ADMIN$
resultsDNSproblem.png
ASKER
I guess looking at other servers and articles I can just share the C:\windows\sysvol\sysvol folder for "Sysvol" share and the "Netlogon" share just needs to point to the C:\windows\sysvol\sysvol\d
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
On the SBS 2003 the sysvol and netlogon show up.
I just reconfigured the DNS on the sbs 2003 by removing the alternate dns pointing to the 2012 server (The primary DNS server is still pointed to itself) and flushed the dns.
Then configured the 2012 to point the primary dns to the sbs 2003 and removed the alternate dns on it.
Ok i will NOT manually create it. Almost did.
I just reconfigured the DNS on the sbs 2003 by removing the alternate dns pointing to the 2012 server (The primary DNS server is still pointed to itself) and flushed the dns.
Then configured the 2012 to point the primary dns to the sbs 2003 and removed the alternate dns on it.
Ok i will NOT manually create it. Almost did.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
All successful! Is that it?
Maybe. We've at least gotten AD replication working, but you should check to see whether there are SYSVOL and NETLOGON shares on the 2012 server before we wrap it up.
ASKER
The shares are not there :(
Restart the File Replication Service on the 2012 server, wait a few minutes, and check for the shares again. If they're still not there, check the File Replication Service event logs for errors.
We may end up needing to perform a non-authoritative restore of SYSVOL on the 2012 server, but don't do that just yet.
We may end up needing to perform a non-authoritative restore of SYSVOL on the 2012 server, but don't do that just yet.
ASKER
typing "net share" only gives me the 3x I had before and does not show sysvol or netlogon.
ASKER
I'm going to reboot the server to make sure.
OK, let me know how it looks after the reboot.
ASKER
Still only showing same 3x shares after reboot. NO sysvol or netlogon share.
Restart the File Replication Service on the SBS 2003 server, just to make sure it's in good shape. Check the FRS event log on that server for errors a few minutes after restarting the service. If you see any, post them here.
If there aren't any errors in the SBS 2003 server's FRS event log and its SYSVOL and NETLOGON shares still look good, go ahead and perform the Nonauthoritative restore procedure in the KB article I linked above. Note that this procedure should be performed on the 2012 server, not the SBS 2003 server.
If there aren't any errors in the SBS 2003 server's FRS event log and its SYSVOL and NETLOGON shares still look good, go ahead and perform the Nonauthoritative restore procedure in the KB article I linked above. Note that this procedure should be performed on the 2012 server, not the SBS 2003 server.
ASKER
Ah, I did not check the event logs on the SBS 2003 server. You are right it does have a journal wrap error.
Event Type: Error
Event Source: NtFrs
Event Category: None
Event ID: 13568
Date: 6/10/2014
Time: 1:41:08 PM
User: N/A
Computer: SERVER
Description:
The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.
Replica set name is : "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"
Replica root path is : "c:\windows\sysvol\domain"
Replica root volume is : "\\.\C:"
A Replica set hits JRNL_WRAP_ERROR when the record that it is trying to read from the NTFS USN journal is not found. This can occur because of one of the following reasons.
[1] Volume "\\.\C:" has been formatted.
[2] The NTFS USN journal on volume "\\.\C:" has been deleted.
[3] The NTFS USN journal on volume "\\.\C:" has been truncated. Chkdsk can truncate the journal if it finds corrupt entries at the end of the journal.
[4] File Replication Service was not running on this computer for a long time.
[5] File Replication Service could not keep up with the rate of Disk IO activity on "\\.\C:".
Setting the "Enable Journal Wrap Automatic Restore" registry parameter to 1 will cause the following recovery steps to be taken to automatically recover from this error state.
[1] At the first poll, which will occur in 5 minutes, this computer will be deleted from the replica set. If you do not want to wait 5 minutes, then run "net stop ntfrs" followed by "net start ntfrs" to restart the File Replication Service.
[2] At the poll following the deletion this computer will be re-added to the replica set. The re-addition will trigger a full tree sync for the replica set.
WARNING: During the recovery process data in the replica tree may be unavailable. You should reset the registry parameter described above to 0 to prevent automatic recovery from making the data unexpectedly unavailable if this error condition occurs again.
To change this registry parameter, run regedit.
Click on Start, Run and type regedit.
Expand HKEY_LOCAL_MACHINE.
Click down the key path:
"System\CurrentControlSet\
Double click on the value name
"Enable Journal Wrap Automatic Restore"
and update the value.
If the value name is not present you may add it with the New->DWORD Value function under the Edit Menu item. Type the value name exactly as shown above.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: NtFrs
Event Category: None
Event ID: 13568
Date: 6/10/2014
Time: 1:41:08 PM
User: N/A
Computer: SERVER
Description:
The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.
Replica set name is : "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"
Replica root path is : "c:\windows\sysvol\domain"
Replica root volume is : "\\.\C:"
A Replica set hits JRNL_WRAP_ERROR when the record that it is trying to read from the NTFS USN journal is not found. This can occur because of one of the following reasons.
[1] Volume "\\.\C:" has been formatted.
[2] The NTFS USN journal on volume "\\.\C:" has been deleted.
[3] The NTFS USN journal on volume "\\.\C:" has been truncated. Chkdsk can truncate the journal if it finds corrupt entries at the end of the journal.
[4] File Replication Service was not running on this computer for a long time.
[5] File Replication Service could not keep up with the rate of Disk IO activity on "\\.\C:".
Setting the "Enable Journal Wrap Automatic Restore" registry parameter to 1 will cause the following recovery steps to be taken to automatically recover from this error state.
[1] At the first poll, which will occur in 5 minutes, this computer will be deleted from the replica set. If you do not want to wait 5 minutes, then run "net stop ntfrs" followed by "net start ntfrs" to restart the File Replication Service.
[2] At the poll following the deletion this computer will be re-added to the replica set. The re-addition will trigger a full tree sync for the replica set.
WARNING: During the recovery process data in the replica tree may be unavailable. You should reset the registry parameter described above to 0 to prevent automatic recovery from making the data unexpectedly unavailable if this error condition occurs again.
To change this registry parameter, run regedit.
Click on Start, Run and type regedit.
Expand HKEY_LOCAL_MACHINE.
Click down the key path:
"System\CurrentControlSet\
Double click on the value name
"Enable Journal Wrap Automatic Restore"
and update the value.
If the value name is not present you may add it with the New->DWORD Value function under the Edit Menu item. Type the value name exactly as shown above.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Awesome the sysvol and netlogon are on the 2012 server.
Excellent! It sounds like everything is in order now.
ASKER
So that was the problem i had to begin with was the journal wrap? So I guess before i start the migration process i need to edit that registry to reset it D4 for authoritative and then began the process and it will be a lot smoother?
Absolutely. Clearing that journal wrap before performing the migration in the production environment will definitely speed things along.
ASKER
Thank you so much for all your help.
You're welcome!
ASKER
Very thorough. Helped me from beginning of the problem to completion.
Excellent Support. After reading this issue, I checked my Event Logs for the Journal Wrap Error, and sure enough, that was my problem. Did an authoritative FRS restore on the Server 2003 server, and had the new server replicate now, and started seeing SYSVOL and NETLOGIN start to transfer immediately.
This is correct; adprep is automatically run if needed during the promotion process in 2012 and above. Did you remember to make the 2012 DC a global catalog server during the promotion (or in AD Sites and Services afterward)?