migrate from w2k server to win 2003 server

I got fiew servers w2k all 500.2195 with service pack 4, one file server that contain the global catalogue and is a dc and dns print server and dhcp , another one that is a dc and secondary dns and sql2000 on it.
got others stand alone servers in the domain one is domino 6.0 one is isa2000 ect... all the same level with service pack 4.

i got and other domain (external) that as a thrust with this domain.

i just bouth a new server that will become the new file server (bigger) and it came with windows 2003 standard and i think it will be a good thing to move to windows 2003 server.

should i upgrade my existing file server to win 2003 first and make my new server a dc after and move de GC to it ect... or else?

need advice on what is the easiest way to do this and how to.

i have read a lot on it but to many diferent approch and i need the easiest one.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


As you mentioned there are a few different ways to accomplish this domain controller upgrade.  I would suggest just adding the new windows 2003 server into the domain and promote it as a domain controller.  Because Windows 2000 and Windows 2003 are verys similar server systems they work just fine on the same domain.  Once you have it setup as a domain controller then you can transfer the roles that the windows 2000 domain controller is taking care of right now.  Then you can demote the win2k domain controller and you will be left with just your new domain controller.  (The only thing I am unsure of is how the domino server will feel about a win2003 server.  I am not familiar with Domino servers)  Here are the steps:

1.  Connect the new server to the network.  Make sure that the new server's DNS settings are pointing at the current win2k dc.
2.  Add the new win2003 server to the domain, like you would add any computer to the domain.
3.  Once you are on the domain login with a user that has domain admin rights on the Win2003 server.
4.  Run dcpromo from the RUN box on the win2003 server.  This will promote the server to be an additional domain controller in the domain.
5.  Add DNS to the win2003 server through add/remove programs – windows components.  The DNS should replicate from the other domain controllers if using Active-directory DNS.
7.  Change the NIC DNS to point to itself now.
8.  Move the DHCP role - http://support.microsoft.com/kb/325473/en-us
9.  Transfer all of the FMSO roles to the new win2003 server.  http://support.microsoft.com/kb/255690/en-us
10.  Move your files and printers to the new server
11.  Make sure that replication has been successful.  You can manual force a replication too.  I can’t put my hand on the website explaining it at the moment.
12.  Once you are sure that all server functions have been transferred from the old win2k file server then you can demote that file server.  Just run dcpromo on the win2k server and follow the instructions.  

I hope this helps.  Please let us know if you have any questions


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RosebelAuthor Commented:
ok thanks
no need to do adprep /forestprep  ?
Good call!  Sorry I forgot that step.  Yes it is neccessary to prepare the 2000 domain for the first windows 2003 domain controller.  When your doing it usually you remember these things, but just writing it out it is easy to forget what to do.  Here is a site to help with this - http://support.microsoft.com/kb/325379/en-us
Announcing the Winners!

The results are in for the 15th Annual Expert Awards! Congratulations to the winners, and thank you to everyone who participated in the nominations. We are so grateful for the valuable contributions experts make on a daily basis. Click to read more about this year’s recipients!

RosebelAuthor Commented:
okay but i got an issue or i dont understand one part of it

To determine the operating system and the service pack revision level of Active Directory domain controllers in an Active Directory domain, install the Windows Server 2003 version of Repadmin.exe on a Windows XP Professional or Windows Server 2003 member computer in the forest, and then run the following repadmin command against a domain controller in each domain in the forest:

>repadmin /showattr name of the domain controller that is in the target domain ncobj:domain: /filter:"(&(objectCategory=computer)(primaryGroupID=516))" /subtree /atts:operatingSystem,operatingSystemVersion,operatingSystemServicePack

DN: CN=NA-DC-01,organizational unit=Domain Controllers,DC=company,DC=com
1> operatingSystem: Windows Server 2003
1> operatingSystemVersion: 5.2 (3718)
DN: CN=NA-DC-02,organizational unit=Domain Controllers,DC=company,DC=com
1> operatingSystem: Windows 2000 Server
1> operatingSystemVersion: 5.0 (2195)
1> operatingSystemServicePack: Service Pack 1

i tried this command but got a win32 error 8419
(repadmin /showattr name of the domain controller that is in the target domain ncobj:domain: /filter:"(&(objectCategory=computer)(primaryGroupID=516))" /subtree /atts:operatingSystem,operatingSystemVersion,operatingSystemServicePack)

can you explain me the corect syntax or how to do it right i think i missed something there.

This step to to verify all your domain controllers are the correct OS and service pack level.  This works best for large domains that you need to check this on many domain controllers.  All you need to do is make sure that all your windows 2000 domain controllers have service pack 4 installed.  You can physically check this by right clicking on my computer and checking the general tab.
RosebelAuthor Commented:
ok then they are all up to date with sp4 on it.

so i gest i can go with the adprep /forestprep?

any other step or things to check for ?

Have you made a backup of your system yet?  That would probably be the most important thing you can do incase anything goes wrong.
RosebelAuthor Commented:
shure will do!

is there anyone how made changes on servers without backup? lolllll
RosebelAuthor Commented:
ok one last thing!

can this be all done live without disturbing the users?
Most of the steps will not disturb the users because you are working only on the new Win2003 server.  I am not certain on the FSMO roles transfers or the adprep.  I haven't done that in awhile and I can't remember if it will cause network disruption.  It is usually safer to notify your users that you will be working on the system and it MIGHT go down for a few moments.  If it does go down it would only be for a few minutes or so.  It might be not enough for anyone to even notice.  Also, if you move the dhcp server there will probably be a few minutes when that is down that might effect users.  And of course if you move the printers and files they will be down until you can redirect the users.
You probaly know that this is a BIG change in the network.  The chances of you accomplishing ALL of this without disturbing the network users at all is probably not likely.  Your optimal situation would be if you could get everyone off of the system during a convenient time and perform the upgrade knowing that you are not going to be distrubing anyone.  However, if you have to do it with users still on you should be pretty much OK for most of the steps.  Have Fun! =)
RosebelAuthor Commented:
that is what i tough too

many tks!

ill let you know how it went
OK great.  Please do.
Keith AlabasterEnterprise ArchitectCommented:
moving fsmo roles will not affect the users.
RosebelAuthor Commented:
ok i did the adprep /forestprep and the adprep /domainprep all said succesfull.

is there a way to make shure it was done right other then the successfull after the command?

do i need to do it on every member DC?

do i need to do it on my external domain that as a thrust with this one?

Keith AlabasterEnterprise ArchitectCommented:
No, running it once on a DC makes the AD aware of the new classes etc available under the 2003 AD.
No, you only run ti once for the AD being upgraded. External trusts do not need this to be run., However, it is quite likely that the trust will need to be broken and then restablished after the upgrade.

You can check all is OK with netdom (from the resource kit) to make sure replication has taken place around all of the DC's.
RosebelAuthor Commented:
tks a lot everything when perfect.

in w2k3 for the group policies i can't ad any template is that normal?
RosebelAuthor Commented:
Also the Event Viewer can only display the security evt application and other are Red X on it and it's say access denied.

when i demote the w2k3 server i can open all events but after promot it i can't .

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.