Complex W2K3 Domain Controller Setup

Ok, I have probably made this issue more complex than it needs to be, but I like my thinking on it.  I currently have a windows 2000 server domain controller that hosts and controls about 200 employees.  Now I am creating a W2K3 domain controller on the side with the exact same settings as the 2000 controller.  You may ask, "Why don't you just upgrade your 2000 controller to a 2003 controller". Well there are a few reasons, but simply put our 2000 controller has problems and I just want to completely rebuild the domain.  Now I have already placed all user accounts on the W2K3 controller.  Here is where it gets tricky.  When I decide to remove the Windows 2000 controller off the network all those users will no longer be able to access any network resources, but those users will still be setup to login into the XXXX.net domain.  If I immediately add the new domain controller with the user accounts setup will the client machine be able to login correctly or not.  I don't think they will be because their machine accounts will not be on the new domain controller.  Do I need to add those machine accounts manually????  Or should I disconnect them from the domain then reconnect them to the new controller.  Also what about domain profiles.  If I disconnect a machine from the domain do I lose those individual domain profiles??  Some detailed steps to solve this issue would surely be helpful.  Thanks
icarus2256Asked:
Who is Participating?
 
robrandonCommented:
Check out the Active Directory Migration Tool.  I believe it will help with a lot of your problems.

http://www.windowsnetworking.com/kbase/WindowsTips/Windows2000/AdminTips/ActiveDirectory/ActiveDirectoryMigrationToolADMT.html

0
 
2hypeCommented:
You would have to remove the computer accounts from the old domain and re-add them to the new domain controller.  You would also have to restup ther user profiles.  All permissions would have to be re-added because your SID's will all be diffrent even though you used the same username.

The easiest way would be to do the following

You could also just place your 2003 server on your existing domain.  Add it as a second domain controller.  That way it will replicate all the Active Directory.  Next you would transfer all the FSMO Roles from the W2k Server and Give them to the 2003 Server.  You would make the 2003 the Global cataloge server.

You would then use a tool to copy all the users profile data to the new domain controller.  You would need a tool to copy the permissions over as well.  (If you just copy and paste all the permissions will default to inherit)

Once your done that you can remove the W2k server.  Rename the windows 2003 server to the same name as the W2k Server that way all the users mapped drives, and printers shares will be the same
0
 
2hypeCommented:
Copy FIles over and keep existing permissions
http://support.microsoft.com/default.aspx?scid=kb;en-us;310316

Transfer FSMO Roles
http://support.microsoft.com/kb/324801

To get there profiles to work, You will probally have to have them all create a new profile, and copy there settings into there new ones (Copy Favorites, Desktop, My Docs, etc...)
0
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

 
icarus2256Author Commented:
Here is the thing.  I don't want most of the dc to be the same.  I want to completely re-setup all printers and users.  The one big thing I want the same is the user's profiles.  I am want to start from scratch should I disconnect all computers from the current dc then reconnect them to the new dc??
0
 
2hypeCommented:
I would disconnect them and reconnect them into the domain that way the register with the new DC's Active Directory.

To get there profiles to work, You will probally have to have them all create a new profile, and copy there settings into there new ones (Copy Favorites, Desktop, My Docs, etc...)
Due to the fact that all your security ID's changed.
0
 
CoccoBillCommented:
Your domain restructure scenario complete with step-by-step directions for user, group and workstation migration is covered in the Server 2003 Deployment Kit in section Designing and Deploying Directory and Security Services:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/cead3dc3-4920-4b7a-b6fe-6111d44110b3.mspx
0
 
icarus2256Author Commented:
Does ADMT provide the ability to copy profiles from one domain to another/??????
0
 
CoccoBillCommented:
Yes it does, that's also covered in the deployment kit. If you rejoin the workstations to the new domain manually, you can use the moveuser utility in the 2003 resource kit tools to allow your users to use the old profiles.
http://www.microsoft.com/downloads/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.