Solved

How to migrate windows 2003 domain group Policies from one server to an other?

Posted on 2006-06-13
10
265 Views
Last Modified: 2010-04-18
We have two DC's  "A" and "B", on  "A"  now we not want to decommission it and move everything to "B" step by step,
"A" has the domain policy and I was wondering the proper procedure to move it from server "A" to "B" and if there are another things to change elsewhere in the structure?
Thank you

0
Comment
Question by:CareConnect
  • 6
  • 4
10 Comments
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16896824
- Install the DNS service on the DC B...  (if it is not already there..)
- transfer FSMO roles to DC B:  http://support.microsoft.com/default.aspx?scid=kb;en-us;q255690
- Enable GC role on DC B and Remove GC role from DC A:  http://support.microsoft.com/?kbid=313994
- Enable the DHCP service on DC B (if you want...and authorize this and create the proper scopes and scope options)
- Install the WINS service (if you want...)
- On TCP/IP settings in your environment, point clients and servers to the DC B server (and remove the DC A IP addresses from the settings...this way no one is using the DC A server for network services)
- Install any printers on DC B...that DC A might be serving for print services.
- Point DC A TCPIP settings to point DNS to the IP adress of DC B...  
-  Run DCPROMO on DC A and choose to remove this server as a domain controller
- You can now remove this server from the domain or leave this server as a domain controller.



0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16896830
Group policies are saved in the domain...and are not linked to a specific domain controller... so, there is no manual transfer here... the GPO's are domain based and will still work even without DC A being in the domain.
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16896844
If you have problems demoting the DC A from the domain, you can follow these instructions to remove the server manually:  http://support.microsoft.com/default.aspx?scid=KB;en-us;Q216498
or
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 

Author Comment

by:CareConnect
ID: 16896908
Hi NJ, most of the migration was done (not by me but my predecessor)
by the sound of it if your say that:
 "Group policies are saved in the domain...and are not linked to a specific domain controller... so, there is no manual transfer here... the GPO's are domain based and will still work even without DC A being in the domain."
If i were to "shut down" server/DC "A" now the server/DC "B" would have the Group policy? just want to confirm.
Thank you.
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16896939
yes... all DC's have the domain group policies..  these are saved in Active Directory and replicated to all DC's in the domain.
0
 

Author Comment

by:CareConnect
ID: 16903681
Hi Nj, I went to MMC console on server "B" and "added" group policy editor, I added "default domain controllers policy" but what showed up after adding it was "default domain controllers policy" [sever_A.Domain.org] How ever I want to have [sever_B.Domain.org] showing witch tell's me that the GP are residing on server "A" still? How can I change that since we want to decommission server "A".
Thank you


0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16903967
Load the Group Policy Management tool on one of your computers:  http://www.microsoft.com/downloads/details.aspx?FamilyID=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&DisplayLang=en

I'm not exactly sure what you are referring to in your last post...  but domain based policies are stored in the domain and not on a particular domain controller.

0
 

Author Comment

by:CareConnect
ID: 16905598
Hi NJ, thank you. I installed the Tool and it works good. I believe that the original "migration" from server "A" was not fully performed and they are still some components of it left in the domain per example in "AD site and Services" [server.A.domain.com] is still the one there and not [server.B.domain.com] and also just under sites -->default first site name-->servers, both A and B are sill there is DC's instead of having server "B" only. That is probably why the Groups policy's still showing [server.A.domain.com].  I am not too too sure if a migration could be re-performed again? or what to do from this point on.
I hope i was able to explain a little better.
Thank you
0
 
LVL 33

Accepted Solution

by:
NJComputerNetworks earned 500 total points
ID: 16905752
go through these steps....  and see what has and what has not been done...

- Install the DNS service on the DC B...  (if it is not already there..)
- transfer FSMO roles to DC B:  http://support.microsoft.com/default.aspx?scid=kb;en-us;q255690
- Enable GC role on DC B and Remove GC role from DC A:  http://support.microsoft.com/?kbid=313994
- Enable the DHCP service on DC B (if you want...and authorize this and create the proper scopes and scope options)
- Install the WINS service (if you want...)
- On TCP/IP settings in your environment, point clients and servers to the DC B server (and remove the DC A IP addresses from the settings...this way no one is using the DC A server for network services)
- Install any printers on DC B...that DC A might be serving for print services.
- Point DC A TCPIP settings to point DNS to the IP adress of DC B...  
-  Run DCPROMO on DC A and choose to remove this server as a domain controller
- You can now remove this server from the domain or leave this server as a domain controller.
0
 

Author Comment

by:CareConnect
ID: 16917153
Ok Great thank you i will try that step by step!!
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Trust one-way issue 2 58
SolarWind and DNS Server 12 81
Best practices power settings GPO Win 10 4 96
Enterprise Mode 4 30
by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question