Solved

How to migrate windows 2003 domain group Policies from one server to an other?

Posted on 2006-06-13
10
248 Views
Last Modified: 2010-04-18
We have two DC's  "A" and "B", on  "A"  now we not want to decommission it and move everything to "B" step by step,
"A" has the domain policy and I was wondering the proper procedure to move it from server "A" to "B" and if there are another things to change elsewhere in the structure?
Thank you

0
Comment
Question by:CareConnect
  • 6
  • 4
10 Comments
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16896824
- Install the DNS service on the DC B...  (if it is not already there..)
- transfer FSMO roles to DC B:  http://support.microsoft.com/default.aspx?scid=kb;en-us;q255690
- Enable GC role on DC B and Remove GC role from DC A:  http://support.microsoft.com/?kbid=313994
- Enable the DHCP service on DC B (if you want...and authorize this and create the proper scopes and scope options)
- Install the WINS service (if you want...)
- On TCP/IP settings in your environment, point clients and servers to the DC B server (and remove the DC A IP addresses from the settings...this way no one is using the DC A server for network services)
- Install any printers on DC B...that DC A might be serving for print services.
- Point DC A TCPIP settings to point DNS to the IP adress of DC B...  
-  Run DCPROMO on DC A and choose to remove this server as a domain controller
- You can now remove this server from the domain or leave this server as a domain controller.



0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16896830
Group policies are saved in the domain...and are not linked to a specific domain controller... so, there is no manual transfer here... the GPO's are domain based and will still work even without DC A being in the domain.
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16896844
If you have problems demoting the DC A from the domain, you can follow these instructions to remove the server manually:  http://support.microsoft.com/default.aspx?scid=KB;en-us;Q216498
or
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
0
 

Author Comment

by:CareConnect
ID: 16896908
Hi NJ, most of the migration was done (not by me but my predecessor)
by the sound of it if your say that:
 "Group policies are saved in the domain...and are not linked to a specific domain controller... so, there is no manual transfer here... the GPO's are domain based and will still work even without DC A being in the domain."
If i were to "shut down" server/DC "A" now the server/DC "B" would have the Group policy? just want to confirm.
Thank you.
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16896939
yes... all DC's have the domain group policies..  these are saved in Active Directory and replicated to all DC's in the domain.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:CareConnect
ID: 16903681
Hi Nj, I went to MMC console on server "B" and "added" group policy editor, I added "default domain controllers policy" but what showed up after adding it was "default domain controllers policy" [sever_A.Domain.org] How ever I want to have [sever_B.Domain.org] showing witch tell's me that the GP are residing on server "A" still? How can I change that since we want to decommission server "A".
Thank you


0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16903967
Load the Group Policy Management tool on one of your computers:  http://www.microsoft.com/downloads/details.aspx?FamilyID=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&DisplayLang=en

I'm not exactly sure what you are referring to in your last post...  but domain based policies are stored in the domain and not on a particular domain controller.

0
 

Author Comment

by:CareConnect
ID: 16905598
Hi NJ, thank you. I installed the Tool and it works good. I believe that the original "migration" from server "A" was not fully performed and they are still some components of it left in the domain per example in "AD site and Services" [server.A.domain.com] is still the one there and not [server.B.domain.com] and also just under sites -->default first site name-->servers, both A and B are sill there is DC's instead of having server "B" only. That is probably why the Groups policy's still showing [server.A.domain.com].  I am not too too sure if a migration could be re-performed again? or what to do from this point on.
I hope i was able to explain a little better.
Thank you
0
 
LVL 33

Accepted Solution

by:
NJComputerNetworks earned 500 total points
ID: 16905752
go through these steps....  and see what has and what has not been done...

- Install the DNS service on the DC B...  (if it is not already there..)
- transfer FSMO roles to DC B:  http://support.microsoft.com/default.aspx?scid=kb;en-us;q255690
- Enable GC role on DC B and Remove GC role from DC A:  http://support.microsoft.com/?kbid=313994
- Enable the DHCP service on DC B (if you want...and authorize this and create the proper scopes and scope options)
- Install the WINS service (if you want...)
- On TCP/IP settings in your environment, point clients and servers to the DC B server (and remove the DC A IP addresses from the settings...this way no one is using the DC A server for network services)
- Install any printers on DC B...that DC A might be serving for print services.
- Point DC A TCPIP settings to point DNS to the IP adress of DC B...  
-  Run DCPROMO on DC A and choose to remove this server as a domain controller
- You can now remove this server from the domain or leave this server as a domain controller.
0
 

Author Comment

by:CareConnect
ID: 16917153
Ok Great thank you i will try that step by step!!
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now