Migrate existing PDC/DHCP/DNS 2003 server to new 2003 server

Posted on 2005-04-18
Last Modified: 2010-03-18
Currently our network is split between three servers:
- Server1 (2003 Standard): PDC, AD, DNS, DHCP, IIS 6.0 (for OWA), Exchange
- Server2 (2003 Datacenter Edition): Print & File Server
- Server3 (2000 Standard): IIS 5.0 for FTP and Web hosting (Server sits in the DMZ)

I want to add a new server (2003 Standard) to the network, make it the PDC and take the authentication load off of the exchange server. What pitfalls should I watch out for during this process and what is the best way to go about doing this?  I'd like to leave Server1 setup as a BDC but also have the flexibility to add another server to the mix for BDC purposes (not exactly resource hungry with a 100person userbase so they are somewhat cheap).  

I've given 500pts for the question because I'll be asking for a lot of detail in the responses and a bunch of hand holding ( I'm a programmer not a network admin, or so I keep telling my bosses that).  
Question by:CorpulantCoder
    LVL 70

    Accepted Solution


    Just a note first... I know you had no intention of doing it... but it's very important that you don't demote Server1 (that is, don't stop it being a Domain Controller). That kind of thing is completely unsupported by MS and may be impossible to fix if it breaks.

    I notice you only have Exchange acting as DNS, do you want the new server to become a backup for that as well?

    May as well add in the usual, you should take a full backup of your existing DCs before doing this to ensure there is always a way back in the case of serious failure.

    Install the new server and get it online as a Domain Controller. Give it 30 minutes to an hour to ensure it's had a chance to replicate with the domain then check for any errors in the Application, System and Directory Service Event Logs.

    DNS Server

    If you do want to set it up as DNS as well then follow these steps:

    1. Check that the new server uses your existing DNS Server
    2. Ensure the DNS Component is Installed on the Server and that the Service is Started
    3. Open DNS Manager
    4. Expand Forward Lookup Zones
    5. Create a New Zone. This should be Primary Active Directory Integrated. The name should be the same as your current Domain Name (e.g. mydomain.local)
    6. Verify that the new zone is set to Allow Secure Dynamic Updates
    7. Expand Reverse Lookup Zones
    8. Create a New Zone. This should be Primary Active Directory Integrated. The name should be the same as your current Network Range (e.g. 192.168.12.x)
    9. Verify that the new zone is set to Allow Secure Dynamic Updates

    Under each zone you should immediately see all your existing DNS records - including entries like _msdcs. Once again check Event Viewer for errors, including the DNS Log.

    If this completes successfully you can change the server and clients to check DNS information from this server rather than Exchange.

    Global Catalog

    It is advisable to make this server a Global Catalog. Exchange makes heavy use of Global Catalog Servers, so it would be a good idea to leave this role running on Exchange as well.

    To configure this open Active Directory Sites and Services, find your new server, select NTDS Settings and open the Properties. You should see a little tick box for Global Catalog. Tick this for your new server.

    FSMO (Flexible Single Master Operations) Roles

    This is pretty much the last of it, transferring these roles to the new server will leave much less for your Exchange Server to take care of. These steps should cover moving each of them.

    1. Ensure you are logged on as a member of the Schema Admins Group.
    2. Load the NTDS Utility:


    3. To check which server currently has the FSMO roles type the following into NTDSUtil:

    Connect to Server <Name of the new DC>
    Select Operation Target
    List Roles for Connected Server

    This will show you the location of each of the 5 operations roles. They're probably all on the Exchange server at this point.



    To take you back to FSMO Maintenance.

    4. Transfer the Roles to the new server. We're already connected to the right server (Connections part above). These commands perform a online transfer of each of the roles to the new server:

    Transfer RID Master
    Transfer Schema Master
    Transfer Infrastructure Master
    Transfer PDC
    Transfer Domain Naming Master

    Each of those should complete successfully.

    5. Make sure they're in the right place now by checking the roles for the server again:

    Select Operation Target
    List Roles for Connected Server

    You should now see they are all running on your 2003 server. If that all worked correctly type Quit until it lets you out of NTDSUtil.

    As before, check each of the Event Logs for errors to see if anything broke during that and check Exchange is still working without problem.

    That should do it for now, let me know if any of that isn't clear or needs further detail, or just if you run into any problems.



    Author Comment

    Thanks for the great reply.  Should have the new server in house within a week or two.  I'll leave the question unawarded until then so I can pick your brain in case any issues arise.  Thanks again.
    LVL 70

    Expert Comment

    by:Chris Dent

    Pleasure :)

    Author Comment

    Well everything went well and I now have the servers set up as follows:
    Server1 (2003): DNS, WINS, DHCP, AD, Global Catalog, FSMO roles owner
    Server2 (2003): DNS, WINS, AD, Exchange

    The only issue I've run into now is with Active Directory.  In the past, when adding a new user I would go to AD, add them, and in the process a mailbox would be created for them.  I can still do this via AD on the Server2 but attempting to do so on Server1 leaves me with no exchange interface.  Is there something I missed during setup or is this the way things should be? Will I always have to go back to the Exchange server to administer a user's mailbox settings or is it possible to do it from any server with AD configured? Thanks.
    LVL 70

    Expert Comment

    by:Chris Dent

    All you need is to add the Exchange system tools on Server1, they have all the plug-in's that allow you to add and administer mailboxes.


    Author Comment

    Well everything is up and running smoothly. Thanks for the help Chris.
    LVL 70

    Expert Comment

    by:Chris Dent

    Pleasure, glad it's all working :)

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now