Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to migrate windows 2003 domain group Policies from one server to an other?

Posted on 2006-06-13
10
Medium Priority
?
291 Views
Last Modified: 2010-04-18
We have two DC's  "A" and "B", on  "A"  now we not want to decommission it and move everything to "B" step by step,
"A" has the domain policy and I was wondering the proper procedure to move it from server "A" to "B" and if there are another things to change elsewhere in the structure?
Thank you

0
Comment
Question by:CareConnect
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
10 Comments
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16896824
- Install the DNS service on the DC B...  (if it is not already there..)
- transfer FSMO roles to DC B:  http://support.microsoft.com/default.aspx?scid=kb;en-us;q255690
- Enable GC role on DC B and Remove GC role from DC A:  http://support.microsoft.com/?kbid=313994
- Enable the DHCP service on DC B (if you want...and authorize this and create the proper scopes and scope options)
- Install the WINS service (if you want...)
- On TCP/IP settings in your environment, point clients and servers to the DC B server (and remove the DC A IP addresses from the settings...this way no one is using the DC A server for network services)
- Install any printers on DC B...that DC A might be serving for print services.
- Point DC A TCPIP settings to point DNS to the IP adress of DC B...  
-  Run DCPROMO on DC A and choose to remove this server as a domain controller
- You can now remove this server from the domain or leave this server as a domain controller.



0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16896830
Group policies are saved in the domain...and are not linked to a specific domain controller... so, there is no manual transfer here... the GPO's are domain based and will still work even without DC A being in the domain.
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16896844
If you have problems demoting the DC A from the domain, you can follow these instructions to remove the server manually:  http://support.microsoft.com/default.aspx?scid=KB;en-us;Q216498
or
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:CareConnect
ID: 16896908
Hi NJ, most of the migration was done (not by me but my predecessor)
by the sound of it if your say that:
 "Group policies are saved in the domain...and are not linked to a specific domain controller... so, there is no manual transfer here... the GPO's are domain based and will still work even without DC A being in the domain."
If i were to "shut down" server/DC "A" now the server/DC "B" would have the Group policy? just want to confirm.
Thank you.
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16896939
yes... all DC's have the domain group policies..  these are saved in Active Directory and replicated to all DC's in the domain.
0
 

Author Comment

by:CareConnect
ID: 16903681
Hi Nj, I went to MMC console on server "B" and "added" group policy editor, I added "default domain controllers policy" but what showed up after adding it was "default domain controllers policy" [sever_A.Domain.org] How ever I want to have [sever_B.Domain.org] showing witch tell's me that the GP are residing on server "A" still? How can I change that since we want to decommission server "A".
Thank you


0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16903967
Load the Group Policy Management tool on one of your computers:  http://www.microsoft.com/downloads/details.aspx?FamilyID=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&DisplayLang=en

I'm not exactly sure what you are referring to in your last post...  but domain based policies are stored in the domain and not on a particular domain controller.

0
 

Author Comment

by:CareConnect
ID: 16905598
Hi NJ, thank you. I installed the Tool and it works good. I believe that the original "migration" from server "A" was not fully performed and they are still some components of it left in the domain per example in "AD site and Services" [server.A.domain.com] is still the one there and not [server.B.domain.com] and also just under sites -->default first site name-->servers, both A and B are sill there is DC's instead of having server "B" only. That is probably why the Groups policy's still showing [server.A.domain.com].  I am not too too sure if a migration could be re-performed again? or what to do from this point on.
I hope i was able to explain a little better.
Thank you
0
 
LVL 33

Accepted Solution

by:
NJComputerNetworks earned 2000 total points
ID: 16905752
go through these steps....  and see what has and what has not been done...

- Install the DNS service on the DC B...  (if it is not already there..)
- transfer FSMO roles to DC B:  http://support.microsoft.com/default.aspx?scid=kb;en-us;q255690
- Enable GC role on DC B and Remove GC role from DC A:  http://support.microsoft.com/?kbid=313994
- Enable the DHCP service on DC B (if you want...and authorize this and create the proper scopes and scope options)
- Install the WINS service (if you want...)
- On TCP/IP settings in your environment, point clients and servers to the DC B server (and remove the DC A IP addresses from the settings...this way no one is using the DC A server for network services)
- Install any printers on DC B...that DC A might be serving for print services.
- Point DC A TCPIP settings to point DNS to the IP adress of DC B...  
-  Run DCPROMO on DC A and choose to remove this server as a domain controller
- You can now remove this server from the domain or leave this server as a domain controller.
0
 

Author Comment

by:CareConnect
ID: 16917153
Ok Great thank you i will try that step by step!!
0

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question