Solved

Migrating from Windows 2000 to Windows 2003 with new hardware

Posted on 2004-09-16
9
197 Views
Last Modified: 2010-04-19
I will be migrating 2 DC's that are running Windows 2000 to Windows 2003 and replacing the hardware (new servers) at the same time.  I need to keep the same server names and I also need to transfer to the new servers the DHCP database that currently exists and about 10 print drivers that reside on one of the DC's.  What I need is step by step instructions to accomplish this from start to finish.  These 2 DC's replicate with other DC's in other sites. How do  I transfer that or will that transfer by itself when AD replicates.  I know how to transfer the FSMO roles..  Thanks in advance.
0
Comment
Question by:wayy2be
  • 4
  • 4
9 Comments
 
LVL 3

Expert Comment

by:kelo501
Comment Utility
I dont have your whole answer but here are a few things to think over.

1 the printer drivers from 2000 may not work with 2003.  Check the vendors web sites for 2003 drivers.  This is due to a change in how 2003 lets drivers talk to the system.  In short drives will not be allowed direct access to the kernel any more.

2 2003 will alow you to change the server name after promoted or you could use 3rd party tools like SID changer.

3 The DHCP config will not replicate via active directory.  I am guessing you are set up with a lot of reservation and thats why you want to move it.  If that is correct I can give you some help on importing the reservation.

Step by step migration instruction is quite a request, I am a consultant and migrate servers in about every way you can think of but no two are the same.

If you need step by step maybe just maybe you should consider a consultant.

kelo501
0
 

Author Comment

by:wayy2be
Comment Utility
I need a gernal step by step outline, not down to the letter. All my print drivers are compat with W2003.  Why would I want to change the name of the DC? I will just demote DC1 and replace it with the new DC1. I know DHCP will not replicate via AD, thats not what I said.  I was referring to Sites & Services.  I don't need a consultant, just a general outline on what the best practices are for this type of migration.  But thanks for your input nevertheless.
0
 
LVL 51

Expert Comment

by:Netman66
Comment Utility
You mention that these DCs are in one site that replicates with other sites.  My first question is this: are ANY of the other DCs in the Forest running Windows 2003?

If so, then the Schema is already extended and you should be good to go.  If not, you'll need to get buy-in from the powers above to extend the 2000 Schema to accept the 2003 servers as DCs.

Advise and I will assist.
0
 

Author Comment

by:wayy2be
Comment Utility
Yes there are DC's in the forest that are running 2003.  What I plan on doing is running domainprep in my child domain and then bringing the 2003 DC's online.  What I will probably do is bring the 2003 DC's up alongside of the 2 W2k DC's and then transfer the fsmo roles over to the new DC's. Or I can transfer DC1's fsmo roles to DC2, demote DC1.  Then add a 2003 DC with the same name, DC1, and then transfer the fsmo roles back to the new DC1. What is the best way?  Will I need to re-establish trusts again with the main domain and will I need to set up sites and services again so replication occurs correctly?  Like I said I need an outline, not necessarily step by step to the letter, but an outline.  Thanks for your help.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
Comment Utility
You have the right idea.

I would do the following:

1)  Determine which DC holds your domain-wide roles.  If the roles are spread out, pick a server to host them all and move roles.  Make sure it is also a Global Catalog.
2)  Move whatever data you need to off the DC you are going to demote.
3)  Demote the DC you are going to remove.
4)  Wait overnight for Active Directory replication to reach the other DCs in the other sites - this will make sure the other DCs know that you are 1 DC short.
5)  Check AD to make sure the servername is no longer in the Domain Controllers OU and has simply been moved out into either the Computers OU or other.
6)  Remove it from the Domain (place it into a Workgroup).  Give AD time to replicate the computer account deletion so you can use the name again.

7)  Run ADPREP /domainprep on your domain from the remaining DC.
8)  Build your 2003 box and patch it fully as well as update completely all the drivers.  Use the same name as the DC you removed.
9)  Run DCPROMO and join your Domain as an additional DC in the domain tree.
10)  Give time for AD to replicate and settle down - this is important since your latency to remote sites is going to be high.  AD must be converged before you start moving roles around.
11)  Transfer the roles to your new server.  Make sure it's also a Global Catalog.  WAIT for replication.
12)  Move data over while you are waiting for replication.  I would say overnight would be safe.
13)  Check Event Logs and look around to make sure that everything is as you expect it should be in AD.  Run DCDIAG and NETDIAG to see if there are any issues you can't see in Log files.

14)  DCPROMO the other DC and remove it from the domain.  WAIT - the computer account will take time to completely remove itself from the Domain before you can re-use it.
15)  Add your second new DC as you did your first.  Make it a GC also.


You should be done now with the exception of running some reports with DCDIAG and NETDIAG to make absolutely sure there are no problems.

The key to success here is to think about what you what to do and move carefully.  Time is something you NEED to take here.  Replication is going to be your worst enemy if you RUSH this.  Make absolutely sure that the old servernames are completely gone from AD before you begin to use them again.  I shouldn't need to tell you that you'll have to install Server 2003 OFF the network in order to install it using the same names.  Make sure you have the server's NIC plugged into a hub or switch while you are OFF the production network - this will allow you to install the OS properly.

Good luck and more importantly, have fun while you are learning.


0
 

Author Comment

by:wayy2be
Comment Utility
Great :)  But will I need to setup trusts and replication partners in Sites & Services?  What is the best way to go, bring up the DC's with a new name alongside the current DC's or demote and bring the new DC's online with the same name?
0
 
LVL 51

Expert Comment

by:Netman66
Comment Utility
When you add the new machines using DCPROMO, they should add themselves to the correct Site as long as there are Sites and Subnets defined - which I think there should be since this is all working with 2000 now.

Trusts are automatic - you will not need to create any - unless you already have an External Trust to a different Forest (I say not likely).

Renaming a DC is supposed to be seamless with Server 2003 using a new renaming tool.  Myself, I don't like renaming Domain Controllers in AD, especially when there are remote sites with large latency - it's just asking for issues.

Follow the steps above as they suit your scenario and you should be fine.

0
 

Author Comment

by:wayy2be
Comment Utility
Sorry for the delay in response.  In reference to renaming DC's, I was referring to taking the old DC down and replacing that DC with new hardware and using the same name.  Would this cause any issues?
0
 
LVL 51

Expert Comment

by:Netman66
Comment Utility
I think I covered that in the first post.

If you follow the steps (and tailor to your scenario) you should be fine.

0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
Learn about cloud computing and its benefits for small business owners.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now