Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Seamless Server upgrade

Posted on 2003-12-07
Medium Priority
Last Modified: 2010-04-14
Hey Experts,

Check this out....
1. Is there anyway we can disable writing to USB ports on a Windows 2000 PC?

2. Actuall I would appreciate a full procedure in a case when we have a server as a domain controller with all the setup on it. Then we purchase a new server and would like to synchronize the Active Directory(we already did this) and synchronize the existing data to the new server with the existing permissions scheme. I would like to setup such a way that when the users connect the next time to the new server they do not know that they are connecting to the new server. Any comments is greatly appreciated.

Question by:chakramandavilli
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
LVL 10

Expert Comment

ID: 9892237
First question: Your best option is to disable the USB ports in BIOS settings. Then, set a BIOS password.

Second question:
1. Does the new server have different hardware?
    - If not, you could just do a backup of the current server and restore it completely to the new one. (Even if there are minor changes, you can sometimes get away with it. On reboot Window will recognize new hardware and install it.) But your best bet is to get similar boxes.
    - Equally, but more costly, you could Ghost the current server and restore it to the new one.

2. Having to replace the domain controller is not a big deal to the users from a logging in standpoint. They won't know the difference. But if your plan is to remove this current server from its role as DC, you could leave it on the domain [demoted] and it could continue to seamlessly serve as a file server with the files and permissions intact. And because you will not have changed the name, any mappings the users have will remain.

3. If you plan to remove the current DC completely off the network, do the restore completely offline and if it takes, there should be no distruption to users' mappings because the SIDs will all match.

Author Comment

ID: 9902132
King Holis,
First answer comments:
If I completely disable the USB Ports from the BIOS, means I would not be able to even use any keyboards or mice which are USB. I think the best bet would be to disable the protocol(any Ports!!!) which windows uses to write/read the USB interfacing devices. If you can throw light on any of these would appreciate a lot.

Second answer comments:
We have a new server and nothing is related to the old server hardware wise. Your idea works the best if the servers are identical and the existing Server would be reformatted for another office with a different name. So can you please tell me in a bit detailed stepswise how to migrate the data from the old server to the new one and remove the old server from the network and the users should not have a clue what has happened.

Thanks and regards
LVL 10

Expert Comment

ID: 9903164

Okay, regarding your server issue:

I know this solution works because I just finished recreating it in my lab--whew!

1. Do a full backup of ServerA-- Files, System State, everything.

2. Install a fresh installation on ServerB and name it ServerA. Mirror all settings: IP addresses, partitions, etc. {make note of your shares and permissions} You will have an exact duplicate when you are done so you will be able to compare any discrepancies.

3. Back up the HKLM>HARDWARE & HKLM>SYSTEM registry keys for the new machine.

4. I restored the System State and the Data only (user files and such- not system or boot files), but I would recommend restoring the data first-- then reboot!

5. At this point, you are going to want to boot into Directory Services Restore Mode to restore the System State Data.

6. Boot into Directory Services Restore Mode. This ensures that the directory is offline. In order to do this, during the normal boot menu (Please select the operating system to start) while restarting the computer, notice the message at the bottom of the screen: For troubleshooting and advanced startup options for Windows 2000, press F8. Do so, and then select Directory Services Restore Mode from the Safe Mode and Other Startup Options list.

7. Select the Windows 2000 operating system and logon with the standalone server's local administrator account.

8. When a dialog box warns you that you are in Safe Mode, click OK.

9. When the computer starts (you should see "Safe Mode" on all four corners of the desktop), start the Backup utility (click Start, then Programs, Accessories, System Tools, and Backup).

10. Click the Restore Wizard button to start the restoration process. Click Next.

11. At the Restore Wizard screen, called "What to Restore," expand File, expand the appropriate Media created <date> at <time> entry (probably the most recent one), and then checkmark the System State entry (if you had backed up individual files or folders at the same time you backed up System State, you should also check the drive those files are on). Click Next.

12. Click the Advanced button and select any other options you wish. [*Note: Supposedly, you are able to select the Advanced option to access the Advanced Restore Options dialog box, and then select the checkbox When restoring replicated data sets, mark the restored data as the primary data for all replicas. But, this wasn't present when I did it, so you may have to do an Authoritative Restore as opposed to a Primary Restore.-- I'll show you that in a second.]  

13. Click Finish.

14. When you are prompted to re-start the computer, click No. You are going to first perform an Authoritative Restore of Active Directory objects.

15. Close the Backup utility.

To authoritatively restore Active Directory data, you need to run the Ntdsutil utility after you have non-authoritatively restored the System State data but before you restart the server.

16. Open a command prompt and type NTDSUTIL.

17. At the new prompt type ? so you can see what you are expected to type: Authoritative Restore. Then at the next prompt restore database.

18. When finished, reboot.

Now this is where the work may come in. Because the System State backs up and restores the registry, there were some devices that weren't immediately recognized. In my case I restored the HKLM>HARDWARE registry key and everything was sorted. But you may simply be able to get away with installing drivers for the devices.

My clients with mapped drives logged in and the drives mapped to the shares on the new DC like nothing ever happened. Even DHCP on the DC issued addresses properly!

If you are satisfied with this solution, my recommendation is that you close this question out and repost your USB question elsewhere and see if it generates support from some of the Experts out there. I'd have to do more research to help you with that and as I've already spent a few hours labbing this solution and I'm going to be spending the next few days getting ready to take the 71-299 beta exam, I might not be able to get to it in short order.

Hope this helps.

Best of Luck!
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

LVL 10

Accepted Solution

KingHollis earned 375 total points
ID: 10339566

Did you get sorted out here? Do you still require assistance?

Author Comment

ID: 10340817
But for one issue here. It was much easier for me to do a xcopy command to transfer my data with all the premissions in tact from one server to the other server.

Anyway the case could be closed now.

LVL 10

Expert Comment

ID: 10342581

Thanks for your consideration and best of luck!

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question