Solved

Adding a Win2003 DC to a Win2000 domain

Posted on 2006-06-09
8
448 Views
Last Modified: 2008-02-01
Hi All,
I have a small network of about 10 clients and a single Win2000 DC.  I just bought a new server loaded with Win2003 to replace the existing Win2000 server.  The existing server is just a simple fileserver in addition to being the DC, it doesn't do anything fancy.

My proposed order of operations is as follows:
1. Connect Win2003 server to the existing Win2000 domain
2. Promote the Win2003 server to a DC
2.5 Do anything necessary to make AD realize that it's now a Win2003 domain and that the Win2003 server should be the "master" of everything
3. Demote the Win2000 server to a member server
4. Copy all data from the Win2000 server to the Win2003 server
5. Recreate the shares on the new server and update the login scripts to change all user mapped drives to the matching shares on the new server.
6. Reboot all clients and verify that they can access the shares on the new server.
7. Remove the Win2000 server from the network
7. Reboot all clients again and verify that they can still login to the domain and access their data on the 2003 server.

First of all, I believe I have to do something with domainprep/forestprep to the 2000 domain before it will accept a 2003 DC.

Second, after I have added the 2003 server as a DC, will everything automatically recognize it as the schema master and all that stuff?

Please let me know your thoughts as to my plan of attack and anything I may have left out.  I just want to make sure I'm not going to break anything when I remove the existing DC.  My goal is to make this transition fairly transparent to the client PCs.  They should still be able to login with their current domain accounts, and access shares on the new server.
0
Comment
Question by:FWeston
  • 3
  • 2
8 Comments
 
LVL 33

Accepted Solution

by:
NJComputerNetworks earned 125 total points
ID: 16870553
a.  Run adprep first from the 2003CD.  Run it on your existing 2000 DC.

Syntax
Adprep {/forestprep | /domainprep | /gpprep}

Notes

• When you upgrade Windows 2000 Server to Windows Server 2003 without a service pack installed, prepare the forest using adprep /forestprep and prepare each domain using adprep /domainprep. Adprep /domainprep prepares the domain for upgrade and adds inheritable access control entries (ACEs) to the Group Policy objects (GPOs) in the SYSVOL shared folder, which causes domain-wide replication to occur. The amount of replication traffic that is generated by this operation might affect network conditions adversely.
 
• When you upgrade Windows 2000 Server to Windows Server 2003 with Service Pack 1 (SP1), prepare the forest using adprep /forestprep and prepare each domain using adprep /domainprep. Adprep /domainprep in Windows Server 2003 with SP1 does not add inheritable ACEs to the GPOs in the SYSVOL shared folder and does not cause domain-wide replication to occur.

When network conditions are optimal or if a full synchronization of the SYSVOL share will not affect network bandwidth adversely, run adprep /domainprep /gpprep to add the inheritable ACEs to the GPOs in the SYSVOL shared folder.
 

Top of page
Parameters
/forestprep

Prepares a Windows 2000 forest for an upgrade to a Windows server 2003 forest.

/domainprep

Prepares a Windows 2000 domain for an upgrade to a Windows server 2003 domain.

/domainprep /gpprep

Available only when you prepare a Windows 2000 domain for an upgrade to a Windows Server 2003 SP1 domain.

Adds inheritable ACEs to the GPOs that are located in the SYSVOL shared folder, and synchronizes the SYSVOL shared folder among the domain controllers in the domain.


You will not need to run it on the 2003 box.  Once run, you can bring up the 2003 box and DCPROMO just fine.

1. Connect Win2003 server to the existing Win2000 domain
2. Promote the Win2003 server to a DC (run DCPROMO on the windows 2003 server)
2.5 Do anything necessary to make AD realize that it's now a Win2003 domain and that the Win2003 server should be the "master" of everything
-- After running DCPROMO, your domain will be upgraded to Windows 2003.  But you will have to add the DNS service to the Windows 2003 server (add/remove programs).  (Then you will have to point your clients and servers to use this new DNS server...and remove the old DNS server IP addresses that point to the old window 2000 server.)

--You will have to enable the global catalog serice on this window s2003 server: http://www.microsoft.com/windows2000/en/advanced/help/default.asp?url=/windows2000/en/advanced/help/DSSite_enable_GC_server.htm

-- you will have to transfer the FSMO roles to this windows 2003 server:  http://support.microsoft.com/default.aspx?scid=kb;en-us;q255690

- if you are using window DHCP...make sure that you enable this service on the new server and disable this on the old windows 2000 server.

3. Demote the Win2000 server to a member server - run DCPROMO and choose to remove this server as DC
4. Copy all data from the Win2000 server to the Win2003 server -  Robocopy command is good for this as it will copy security as well as the data.  xcopy is also a good choice for this.
5. Recreate the shares on the new server and update the login scripts to change all user mapped drives to the matching shares on the new server.
6. Reboot all clients and verify that they can access the shares on the new server.
7. Remove the Win2000 server from the network...  remove this server from the domain first and the remove the server.
7. Reboot all clients again and verify that they can still login to the domain and access their data on the 2003 server


- seems like a good plan.







0
 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 125 total points
ID: 16870594
I will add my process list next to NJ's - this isnt to take away anything from his answer - so if his does the trick then leave mine out of the acceptance

can be done quite easily with a clean install of the new server

**Note - If introducing a 2003 R2 Server into the network as a DC you will need to run the ADPREP tools from the second cd

\CMPNENTS\R2\ADPREP

you can also download here
http://www.microsoft.com/downloads/details.aspx?familyid=5B73CF03-84DD-480F-98F9-526EC09E9BA8&displaylang=en

this boosts the schema up to cope with R2 functionality
http://www.microsoft.com/windowsserver2003/r2/whatsnewinr2.mspx

1) Promote your new machine as an additional domain controller in an already existing domain - this will allow AD to replicate to the new server
2) Make sure DNS is AD integrated on your old DC to allow all DNS replications also
3) Transfer the FSMO roles to the new server
http://www.petri.co.il/transferring_fsmo_roles.htm
http://support.microsoft.com/default.aspx?scid=kb;en-us;255690
4) Make the new DC a Global Catalog under Sites and Services
http://support.microsoft.com/?kbid=313994
5) Deactivate DHCP on the old DC (if used) and recreate the scope on the new DC, note if you have a fairly complex or Large DHCP scheme you may want to export and import the database
http://support.microsoft.com/kb/325473/
6) Run DCDIAG to make sure all is well and replication is fine
7) Demote the old DC if you dont intend to keep it as a backup
8) Recreate Shares etc on the new server
9) Reinstall printers and share them etc....


this will allow you to have the complete AD directory on the new DC and clients will barely be aware of any changes
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16870621
off topic--- Evening NJ :), hope things are well

jay
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16870708
(morning here...  hi.  All is cool...  watching the soccer games?)
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16870743
ah late here, its 12.45am, havent been following as yet, waiting for the big ones to start :)
0
 
LVL 3

Author Comment

by:FWeston
ID: 16872387
Thanks guys, the global catalog/etc stuff is what I was looking for.  I'm going to be doing this tomorrow, so I'll award points then provided things work out ok!
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now