Solved

Migrating messy single-DC 2000 domain to squeaky 2003...looking for a strategy

Posted on 2004-04-23
1
463 Views
Last Modified: 2010-04-19
I'm in a pretty small environment where I have one (count 'em) Windows 2000 Domain Controller.  It's working OK, merrily handing down the edicts of management via Group Policy (no old emails for you! Ha!), setting up Office on PC's via AD, doing a yeoman's job of DHCP/DNS, and otherwise slicing bread just fine, thanks.

However....the AD itself is a little messy.  This is a case of a "Test Environment" that, due to lack of resources and time, got pressed into production duty.  Huzzah.  

Specifically, PHB's (Middle Management for non-Dilbert fans) wanted to evaluate Exchange, which is really where this now-tired DC started its existence.  So on went a trial copy of Exchange, and everyone was happy with it...until The Proposal.  Sticker shock is not the word.  Needless to say, we are not at present an Exchange house.  But our domain is.  The 'schema' is extended for Exchange.  Lots of funny attributes, lots of funny-looking accounts.

So fast forward a while, and now we're getting a bit bigger.  The hardware the DC is running on is getting a little wheezy under the strain of all the cool things we've dreamed up for it to do.  And since this now-humble domain will soon stretch across a vast new network of VPN and Frame-Relay lines due to a new corporate partnership, Windows Server 2003 becomes the obvious choice.  

As I write this, a big brown truck is bringing me a shiny new Dell server, and I am pondering how to get my fancy new 2003 domain running, as clean as it can be, "Adding Lightness" as famed engineer Colin Chapman was fond of saying.  

So what's the best approach?

Should I --

1 -- Build the 2003 box as a sole DC 'in parallel', with the same domain name....and somehow get the client workstations to move over to it (including the users' profiles)?  This sounds like LOTS of time on each workstation, and some possible strangeness with the c:\documents and settings\%username% names turning to odd things like fsmith.000 or somesuch.  This makes all sorts of scripts very difficult to use.

2 -- Upgrade the existing 2000 DC to 2003, join the new box to the domain as a DC, let the current domain structure replicate, and then 'retire' the current (by then upgraded) box by means of various command line entrails-readers...this I have fears of making for not the cleanest or nicest domain, but it's something I can concievably do in a weekend and not have to bother users' machines.

3 -- Anybody else got a more elegant solution?

This is something I want to do right.  This new domain is 'for real', and having it right from the start, clean as can be, is important to a large transition for our company from being in one building to being in 10.  I'm not under huge time pressure to get it done, but there are several other projects that can't move forward effectively until this is working...so I have all the time in the world, so long as I hurry up....right?  We've all been there...we're all there all the time, really.

Suggestions?  Been there / done that?  Please, let me know.
0
Comment
Question by:strangefrogg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 16

Accepted Solution

by:
JamesDS earned 321 total points
ID: 10906810
strangefrogg

Right then here we go, hand on it will be a rocky ride...

There isn't anything elegant about this - blame it on PHB and make sure he knows it :)

If you build the new machine on the existing domain, you will get all the crap replicated across. You wont have the programs, but you will have the schema nasties and all the accounts and dodgy GPOs. Not the best solution for you perhaps, but the easiest and least painful. You can do this in a weekend.

If you build a new domain it MUST NOT be te same name as the old as the machines won't migrate any easier and you'll have a whole lot of "duplicate machine and domain name" crap to deal with.

So we are left with the "build a new domain from scratch" solution oh, dear.

Going with this option, I recommend you create a new domain and create a trust between the two, this will allow you to alter the permissions structure on your shared resources to allow members of both domains to access resources hosted on either and therefore means your migration can be a leasurely affair and not a mad weekend of stress and caffiene. You will need to create every account again from scratch, but if you backup the user profiles using the profiles dialog on each workstation (or use moveuser.EXE from the resource kit) you will at least get to keep them. Pay attention to the permissions on the profiles as the reg hives are tied to the old user account and will need to be reset using the "permission to use" settings in the dialog or in the moveuser command.

Consider your DNS and OU design carefully, you will probably not want the same thing again. Use the GPMC.MSC tool to backup your GPOs and take reports of them for creating them again on the new domain.

Make a note of all the services the current DC is running (DNS, DHCP, WINS, QUAKE, etc), install these clean on the new machine and configure them as required. You can then cut over each service individually and still have a backout point if it doesn't go to plan.

Buy a few more question points on EE as you might have an emergency!!

This should get you started, let me now how you get on.
Cheers

JamesDS
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question