Solved

Seamless Server upgrade

Posted on 2003-12-07
7
185 Views
Last Modified: 2010-04-14
Hey Experts,

Check this out....
1. Is there anyway we can disable writing to USB ports on a Windows 2000 PC?

2. Actuall I would appreciate a full procedure in a case when we have a server as a domain controller with all the setup on it. Then we purchase a new server and would like to synchronize the Active Directory(we already did this) and synchronize the existing data to the new server with the existing permissions scheme. I would like to setup such a way that when the users connect the next time to the new server they do not know that they are connecting to the new server. Any comments is greatly appreciated.

thanks
chakra
0
Comment
Question by:chakramandavilli
  • 4
  • 2
7 Comments
 
LVL 10

Expert Comment

by:KingHollis
ID: 9892237
First question: Your best option is to disable the USB ports in BIOS settings. Then, set a BIOS password.

Second question:
1. Does the new server have different hardware?
    - If not, you could just do a backup of the current server and restore it completely to the new one. (Even if there are minor changes, you can sometimes get away with it. On reboot Window will recognize new hardware and install it.) But your best bet is to get similar boxes.
    - Equally, but more costly, you could Ghost the current server and restore it to the new one.

2. Having to replace the domain controller is not a big deal to the users from a logging in standpoint. They won't know the difference. But if your plan is to remove this current server from its role as DC, you could leave it on the domain [demoted] and it could continue to seamlessly serve as a file server with the files and permissions intact. And because you will not have changed the name, any mappings the users have will remain.

3. If you plan to remove the current DC completely off the network, do the restore completely offline and if it takes, there should be no distruption to users' mappings because the SIDs will all match.
0
 

Author Comment

by:chakramandavilli
ID: 9902132
King Holis,
First answer comments:
If I completely disable the USB Ports from the BIOS, means I would not be able to even use any keyboards or mice which are USB. I think the best bet would be to disable the protocol(any Ports!!!) which windows uses to write/read the USB interfacing devices. If you can throw light on any of these would appreciate a lot.

Second answer comments:
We have a new server and nothing is related to the old server hardware wise. Your idea works the best if the servers are identical and the existing Server would be reformatted for another office with a different name. So can you please tell me in a bit detailed stepswise how to migrate the data from the old server to the new one and remove the old server from the network and the users should not have a clue what has happened.

Thanks and regards
chakra
0
 
LVL 10

Expert Comment

by:KingHollis
ID: 9903164
chakra,

Okay, regarding your server issue:

I know this solution works because I just finished recreating it in my lab--whew!

1. Do a full backup of ServerA-- Files, System State, everything.

2. Install a fresh installation on ServerB and name it ServerA. Mirror all settings: IP addresses, partitions, etc. {make note of your shares and permissions} You will have an exact duplicate when you are done so you will be able to compare any discrepancies.

3. Back up the HKLM>HARDWARE & HKLM>SYSTEM registry keys for the new machine.

4. I restored the System State and the Data only (user files and such- not system or boot files), but I would recommend restoring the data first-- then reboot!

5. At this point, you are going to want to boot into Directory Services Restore Mode to restore the System State Data.

6. Boot into Directory Services Restore Mode. This ensures that the directory is offline. In order to do this, during the normal boot menu (Please select the operating system to start) while restarting the computer, notice the message at the bottom of the screen: For troubleshooting and advanced startup options for Windows 2000, press F8. Do so, and then select Directory Services Restore Mode from the Safe Mode and Other Startup Options list.

7. Select the Windows 2000 operating system and logon with the standalone server's local administrator account.

8. When a dialog box warns you that you are in Safe Mode, click OK.

9. When the computer starts (you should see "Safe Mode" on all four corners of the desktop), start the Backup utility (click Start, then Programs, Accessories, System Tools, and Backup).

10. Click the Restore Wizard button to start the restoration process. Click Next.

11. At the Restore Wizard screen, called "What to Restore," expand File, expand the appropriate Media created <date> at <time> entry (probably the most recent one), and then checkmark the System State entry (if you had backed up individual files or folders at the same time you backed up System State, you should also check the drive those files are on). Click Next.

12. Click the Advanced button and select any other options you wish. [*Note: Supposedly, you are able to select the Advanced option to access the Advanced Restore Options dialog box, and then select the checkbox When restoring replicated data sets, mark the restored data as the primary data for all replicas. But, this wasn't present when I did it, so you may have to do an Authoritative Restore as opposed to a Primary Restore.-- I'll show you that in a second.]  

13. Click Finish.

14. When you are prompted to re-start the computer, click No. You are going to first perform an Authoritative Restore of Active Directory objects.

15. Close the Backup utility.

To authoritatively restore Active Directory data, you need to run the Ntdsutil utility after you have non-authoritatively restored the System State data but before you restart the server.

16. Open a command prompt and type NTDSUTIL.

17. At the new prompt type ? so you can see what you are expected to type: Authoritative Restore. Then at the next prompt restore database.

18. When finished, reboot.

Now this is where the work may come in. Because the System State backs up and restores the registry, there were some devices that weren't immediately recognized. In my case I restored the HKLM>HARDWARE registry key and everything was sorted. But you may simply be able to get away with installing drivers for the devices.

My clients with mapped drives logged in and the drives mapped to the shares on the new DC like nothing ever happened. Even DHCP on the DC issued addresses properly!

If you are satisfied with this solution, my recommendation is that you close this question out and repost your USB question elsewhere and see if it generates support from some of the Experts out there. I'd have to do more research to help you with that and as I've already spent a few hours labbing this solution and I'm going to be spending the next few days getting ready to take the 71-299 beta exam, I might not be able to get to it in short order.

Hope this helps.

Best of Luck!
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 10

Accepted Solution

by:
KingHollis earned 125 total points
ID: 10339566
chakra,

Did you get sorted out here? Do you still require assistance?
0
 

Author Comment

by:chakramandavilli
ID: 10340817
But for one issue here. It was much easier for me to do a xcopy command to transfer my data with all the premissions in tact from one server to the other server.

Anyway the case could be closed now.

thanks
chakra
0
 
LVL 10

Expert Comment

by:KingHollis
ID: 10342581
chakra,

Thanks for your consideration and best of luck!
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
We have come a long way with backup and data protection — from backing up to floppies, external drives, CDs, Blu-ray, flash drives, SSD drives, and now to the cloud.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now