Complex W2K3 Domain Controller Setup
Ok, I have probably made this issue more complex than it needs to be, but I like my thinking on it. I currently have a windows 2000 server domain controller that hosts and controls about 200 employees. Now I am creating a W2K3 domain controller on the side with the exact same settings as the 2000 controller. You may ask, "Why don't you just upgrade your 2000 controller to a 2003 controller". Well there are a few reasons, but simply put our 2000 controller has problems and I just want to completely rebuild the domain. Now I have already placed all user accounts on the W2K3 controller. Here is where it gets tricky. When I decide to remove the Windows 2000 controller off the network all those users will no longer be able to access any network resources, but those users will still be setup to login into the XXXX.net domain. If I immediately add the new domain controller with the user accounts setup will the client machine be able to login correctly or not. I don't think they will be because their machine accounts will not be on the new domain controller. Do I need to add those machine accounts manually???? Or should I disconnect them from the domain then reconnect them to the new controller. Also what about domain profiles. If I disconnect a machine from the domain do I lose those individual domain profiles?? Some detailed steps to solve this issue would surely be helpful. Thanks
Copy FIles over and keep existing permissions
http://support.microsoft.com/default.aspx?scid=kb;en-us;310316
Transfer FSMO Roles
http://support.microsoft.com/kb/324801
To get there profiles to work, You will probally have to have them all create a new profile, and copy there settings into there new ones (Copy Favorites, Desktop, My Docs, etc...)
http://support.microsoft.com/default.aspx?scid=kb;en-us;310316
Transfer FSMO Roles
http://support.microsoft.com/kb/324801
To get there profiles to work, You will probally have to have them all create a new profile, and copy there settings into there new ones (Copy Favorites, Desktop, My Docs, etc...)
ASKER
Here is the thing. I don't want most of the dc to be the same. I want to completely re-setup all printers and users. The one big thing I want the same is the user's profiles. I am want to start from scratch should I disconnect all computers from the current dc then reconnect them to the new dc??
I would disconnect them and reconnect them into the domain that way the register with the new DC's Active Directory.
To get there profiles to work, You will probally have to have them all create a new profile, and copy there settings into there new ones (Copy Favorites, Desktop, My Docs, etc...)
Due to the fact that all your security ID's changed.
To get there profiles to work, You will probally have to have them all create a new profile, and copy there settings into there new ones (Copy Favorites, Desktop, My Docs, etc...)
Due to the fact that all your security ID's changed.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Your domain restructure scenario complete with step-by-step directions for user, group and workstation migration is covered in the Server 2003 Deployment Kit in section Designing and Deploying Directory and Security Services:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/cead3dc3-4920-4b7a-b6fe-6111d44110b3.mspx
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/cead3dc3-4920-4b7a-b6fe-6111d44110b3.mspx
ASKER
Does ADMT provide the ability to copy profiles from one domain to another/??????
Yes it does, that's also covered in the deployment kit. If you rejoin the workstations to the new domain manually, you can use the moveuser utility in the 2003 resource kit tools to allow your users to use the old profiles.
http://www.microsoft.com/downloads/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en
http://www.microsoft.com/downloads/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en
The easiest way would be to do the following
You could also just place your 2003 server on your existing domain. Add it as a second domain controller. That way it will replicate all the Active Directory. Next you would transfer all the FSMO Roles from the W2k Server and Give them to the 2003 Server. You would make the 2003 the Global cataloge server.
You would then use a tool to copy all the users profile data to the new domain controller. You would need a tool to copy the permissions over as well. (If you just copy and paste all the permissions will default to inherit)
Once your done that you can remove the W2k server. Rename the windows 2003 server to the same name as the W2k Server that way all the users mapped drives, and printers shares will be the same