Seamless Server upgrade

Hey Experts,

Check this out....
1. Is there anyway we can disable writing to USB ports on a Windows 2000 PC?

2. Actuall I would appreciate a full procedure in a case when we have a server as a domain controller with all the setup on it. Then we purchase a new server and would like to synchronize the Active Directory(we already did this) and synchronize the existing data to the new server with the existing permissions scheme. I would like to setup such a way that when the users connect the next time to the new server they do not know that they are connecting to the new server. Any comments is greatly appreciated.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

First question: Your best option is to disable the USB ports in BIOS settings. Then, set a BIOS password.

Second question:
1. Does the new server have different hardware?
    - If not, you could just do a backup of the current server and restore it completely to the new one. (Even if there are minor changes, you can sometimes get away with it. On reboot Window will recognize new hardware and install it.) But your best bet is to get similar boxes.
    - Equally, but more costly, you could Ghost the current server and restore it to the new one.

2. Having to replace the domain controller is not a big deal to the users from a logging in standpoint. They won't know the difference. But if your plan is to remove this current server from its role as DC, you could leave it on the domain [demoted] and it could continue to seamlessly serve as a file server with the files and permissions intact. And because you will not have changed the name, any mappings the users have will remain.

3. If you plan to remove the current DC completely off the network, do the restore completely offline and if it takes, there should be no distruption to users' mappings because the SIDs will all match.
chakramandavilliAuthor Commented:
King Holis,
First answer comments:
If I completely disable the USB Ports from the BIOS, means I would not be able to even use any keyboards or mice which are USB. I think the best bet would be to disable the protocol(any Ports!!!) which windows uses to write/read the USB interfacing devices. If you can throw light on any of these would appreciate a lot.

Second answer comments:
We have a new server and nothing is related to the old server hardware wise. Your idea works the best if the servers are identical and the existing Server would be reformatted for another office with a different name. So can you please tell me in a bit detailed stepswise how to migrate the data from the old server to the new one and remove the old server from the network and the users should not have a clue what has happened.

Thanks and regards

Okay, regarding your server issue:

I know this solution works because I just finished recreating it in my lab--whew!

1. Do a full backup of ServerA-- Files, System State, everything.

2. Install a fresh installation on ServerB and name it ServerA. Mirror all settings: IP addresses, partitions, etc. {make note of your shares and permissions} You will have an exact duplicate when you are done so you will be able to compare any discrepancies.

3. Back up the HKLM>HARDWARE & HKLM>SYSTEM registry keys for the new machine.

4. I restored the System State and the Data only (user files and such- not system or boot files), but I would recommend restoring the data first-- then reboot!

5. At this point, you are going to want to boot into Directory Services Restore Mode to restore the System State Data.

6. Boot into Directory Services Restore Mode. This ensures that the directory is offline. In order to do this, during the normal boot menu (Please select the operating system to start) while restarting the computer, notice the message at the bottom of the screen: For troubleshooting and advanced startup options for Windows 2000, press F8. Do so, and then select Directory Services Restore Mode from the Safe Mode and Other Startup Options list.

7. Select the Windows 2000 operating system and logon with the standalone server's local administrator account.

8. When a dialog box warns you that you are in Safe Mode, click OK.

9. When the computer starts (you should see "Safe Mode" on all four corners of the desktop), start the Backup utility (click Start, then Programs, Accessories, System Tools, and Backup).

10. Click the Restore Wizard button to start the restoration process. Click Next.

11. At the Restore Wizard screen, called "What to Restore," expand File, expand the appropriate Media created <date> at <time> entry (probably the most recent one), and then checkmark the System State entry (if you had backed up individual files or folders at the same time you backed up System State, you should also check the drive those files are on). Click Next.

12. Click the Advanced button and select any other options you wish. [*Note: Supposedly, you are able to select the Advanced option to access the Advanced Restore Options dialog box, and then select the checkbox When restoring replicated data sets, mark the restored data as the primary data for all replicas. But, this wasn't present when I did it, so you may have to do an Authoritative Restore as opposed to a Primary Restore.-- I'll show you that in a second.]  

13. Click Finish.

14. When you are prompted to re-start the computer, click No. You are going to first perform an Authoritative Restore of Active Directory objects.

15. Close the Backup utility.

To authoritatively restore Active Directory data, you need to run the Ntdsutil utility after you have non-authoritatively restored the System State data but before you restart the server.

16. Open a command prompt and type NTDSUTIL.

17. At the new prompt type ? so you can see what you are expected to type: Authoritative Restore. Then at the next prompt restore database.

18. When finished, reboot.

Now this is where the work may come in. Because the System State backs up and restores the registry, there were some devices that weren't immediately recognized. In my case I restored the HKLM>HARDWARE registry key and everything was sorted. But you may simply be able to get away with installing drivers for the devices.

My clients with mapped drives logged in and the drives mapped to the shares on the new DC like nothing ever happened. Even DHCP on the DC issued addresses properly!

If you are satisfied with this solution, my recommendation is that you close this question out and repost your USB question elsewhere and see if it generates support from some of the Experts out there. I'd have to do more research to help you with that and as I've already spent a few hours labbing this solution and I'm going to be spending the next few days getting ready to take the 71-299 beta exam, I might not be able to get to it in short order.

Hope this helps.

Best of Luck!
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.


Did you get sorted out here? Do you still require assistance?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
chakramandavilliAuthor Commented:
But for one issue here. It was much easier for me to do a xcopy command to transfer my data with all the premissions in tact from one server to the other server.

Anyway the case could be closed now.


Thanks for your consideration and best of luck!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.