• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 166
  • Last Modified:

Windows 2000 - replacing domain controller

Looking at the best method of  windows 2000 server replacement.  The question is, current platform windows 2000 server running as domain controller. Want to replace with new server running windows 2003 - need to keep server name \domain the same and transfer active directory. Network in question has over 200 workstations running XP. Want options as to best method of completing the changeover with the least problems. Aware of using third temporary server to transfer roles as one option but would like other options.

1 Solution
Chris DentPowerShell DeveloperCommented:

For the least problems the use of a temporary server is highly recommended (although I realise you want other options). If an inplace upgrade fails then you would have to restore AD from backup and start again. The potential for client connectivity problems or general domain problems in that scenario is high. Of course if the backup fails to recover then the domain is lost as well.

Alternatively, if you can live without the same server name (everything remaining the same) then the following procedure would work:

1. Perform from the Windows 2003 CD run the following on your current Domain Controller:

ADPrep /forestprep
ADPrep /domainprep

These prepare Active Directory for the 2003 Server by expanding the schema.

2. Build and add the Windows 2003 Server. Use DCPromo to make it a Domain Controller

3. Transfer the FSMO Roles onto the Windows 2003 Server and make it a Global Catalog

4. Set-up DNS and any other network services on the Windows 2003 Server, ensure that clients and any other servers are pointing at them.

5. Turn off the old server and confirm that everything works correctly (run for a few days with that server down).

6. Turn the old server back on and run DCPromo again to remove it from the domain.

The only difference between this and the temporary server method are repeating the procedure, building a server back onto the old server name. Is there any particular reason the old server name is required?
I agree with Chris-dent, that although a temporary server is not the most time economical thing...it is certainly going to allow for a MUCH cleaner upgrade, and will enable you to use the same DC name (even though, I also want to understand why computer name matters....if you are sharing files, just change the server UNC path in login scripts etc).

I would install 2000 on the new server and then promote it to the PDC.  After the new box is the PDC force sync to make sure that your old and new server are in sync.  Then just upgrade the new box running 2000 to 2003 :)
iamgodAuthor Commented:
thanks for comments , chris dent , rustrpage and tmwisy. Keeping the same server name is not essential but it can overcome some issues. The home folder path for each account needs to be changed if using a different server name, also virus scanners reference server by name.  Essentially, the transfer of computer and user accounts and related shares between servers (methods of)  is what i really want looking at exploring.
I'll leave question open for a few more days and then i award points.
Chris DentPowerShell DeveloperCommented:

The Computer and User accounts will travel with the Domain Controller role, the FSMO roles would have to be reassigned prior to decommisioning the old server of course though.

The Shares are a little more difficult, but depending on the number of them probably wouldn't take long to recreate.

For Files there are programs such as Robocopy (part of the Server Resource Kit) that will allow you to copy and preserve permissions on files and folders between servers. You can find a command reference for that one at http://www.ss64.com/nt/robocopy.html.

As far as I remember the Folder Path for the computer accounts can be changed in one step by selecting all accounts and altering that, however, if the path isn't based around an environmental variable like %username% that can be more difficult.

I don't have an answer for the AV Software, it depends which it is and what kind of management for it you have in place.

Even with all of the above I still recommend adding a second server to the domain, nice and safe.

Featured Post

2018 Annual Membership Survey

Here at Experts Exchange, we strive to give members the best experience. Help us improve the site by taking this survey today! (Bonus: Be entered to win a great tech prize for participating!)

Tackle projects and never again get stuck behind a technical roadblock.
Join Now