Solved

How to migrate windows 2003 domain group Policies from one server to an other?

Posted on 2006-06-13
10
280 Views
Last Modified: 2010-04-18
We have two DC's  "A" and "B", on  "A"  now we not want to decommission it and move everything to "B" step by step,
"A" has the domain policy and I was wondering the proper procedure to move it from server "A" to "B" and if there are another things to change elsewhere in the structure?
Thank you

0
Comment
Question by:CareConnect
  • 6
  • 4
10 Comments
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16896824
- Install the DNS service on the DC B...  (if it is not already there..)
- transfer FSMO roles to DC B:  http://support.microsoft.com/default.aspx?scid=kb;en-us;q255690
- Enable GC role on DC B and Remove GC role from DC A:  http://support.microsoft.com/?kbid=313994
- Enable the DHCP service on DC B (if you want...and authorize this and create the proper scopes and scope options)
- Install the WINS service (if you want...)
- On TCP/IP settings in your environment, point clients and servers to the DC B server (and remove the DC A IP addresses from the settings...this way no one is using the DC A server for network services)
- Install any printers on DC B...that DC A might be serving for print services.
- Point DC A TCPIP settings to point DNS to the IP adress of DC B...  
-  Run DCPROMO on DC A and choose to remove this server as a domain controller
- You can now remove this server from the domain or leave this server as a domain controller.



0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16896830
Group policies are saved in the domain...and are not linked to a specific domain controller... so, there is no manual transfer here... the GPO's are domain based and will still work even without DC A being in the domain.
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16896844
If you have problems demoting the DC A from the domain, you can follow these instructions to remove the server manually:  http://support.microsoft.com/default.aspx?scid=KB;en-us;Q216498
or
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:CareConnect
ID: 16896908
Hi NJ, most of the migration was done (not by me but my predecessor)
by the sound of it if your say that:
 "Group policies are saved in the domain...and are not linked to a specific domain controller... so, there is no manual transfer here... the GPO's are domain based and will still work even without DC A being in the domain."
If i were to "shut down" server/DC "A" now the server/DC "B" would have the Group policy? just want to confirm.
Thank you.
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16896939
yes... all DC's have the domain group policies..  these are saved in Active Directory and replicated to all DC's in the domain.
0
 

Author Comment

by:CareConnect
ID: 16903681
Hi Nj, I went to MMC console on server "B" and "added" group policy editor, I added "default domain controllers policy" but what showed up after adding it was "default domain controllers policy" [sever_A.Domain.org] How ever I want to have [sever_B.Domain.org] showing witch tell's me that the GP are residing on server "A" still? How can I change that since we want to decommission server "A".
Thank you


0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16903967
Load the Group Policy Management tool on one of your computers:  http://www.microsoft.com/downloads/details.aspx?FamilyID=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&DisplayLang=en

I'm not exactly sure what you are referring to in your last post...  but domain based policies are stored in the domain and not on a particular domain controller.

0
 

Author Comment

by:CareConnect
ID: 16905598
Hi NJ, thank you. I installed the Tool and it works good. I believe that the original "migration" from server "A" was not fully performed and they are still some components of it left in the domain per example in "AD site and Services" [server.A.domain.com] is still the one there and not [server.B.domain.com] and also just under sites -->default first site name-->servers, both A and B are sill there is DC's instead of having server "B" only. That is probably why the Groups policy's still showing [server.A.domain.com].  I am not too too sure if a migration could be re-performed again? or what to do from this point on.
I hope i was able to explain a little better.
Thank you
0
 
LVL 33

Accepted Solution

by:
NJComputerNetworks earned 500 total points
ID: 16905752
go through these steps....  and see what has and what has not been done...

- Install the DNS service on the DC B...  (if it is not already there..)
- transfer FSMO roles to DC B:  http://support.microsoft.com/default.aspx?scid=kb;en-us;q255690
- Enable GC role on DC B and Remove GC role from DC A:  http://support.microsoft.com/?kbid=313994
- Enable the DHCP service on DC B (if you want...and authorize this and create the proper scopes and scope options)
- Install the WINS service (if you want...)
- On TCP/IP settings in your environment, point clients and servers to the DC B server (and remove the DC A IP addresses from the settings...this way no one is using the DC A server for network services)
- Install any printers on DC B...that DC A might be serving for print services.
- Point DC A TCPIP settings to point DNS to the IP adress of DC B...  
-  Run DCPROMO on DC A and choose to remove this server as a domain controller
- You can now remove this server from the domain or leave this server as a domain controller.
0
 

Author Comment

by:CareConnect
ID: 16917153
Ok Great thank you i will try that step by step!!
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question