Solved

How to migrate windows 2003 domain group Policies from one server to an other?

Posted on 2006-06-13
10
285 Views
Last Modified: 2010-04-18
We have two DC's  "A" and "B", on  "A"  now we not want to decommission it and move everything to "B" step by step,
"A" has the domain policy and I was wondering the proper procedure to move it from server "A" to "B" and if there are another things to change elsewhere in the structure?
Thank you

0
Comment
Question by:CareConnect
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
10 Comments
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16896824
- Install the DNS service on the DC B...  (if it is not already there..)
- transfer FSMO roles to DC B:  http://support.microsoft.com/default.aspx?scid=kb;en-us;q255690
- Enable GC role on DC B and Remove GC role from DC A:  http://support.microsoft.com/?kbid=313994
- Enable the DHCP service on DC B (if you want...and authorize this and create the proper scopes and scope options)
- Install the WINS service (if you want...)
- On TCP/IP settings in your environment, point clients and servers to the DC B server (and remove the DC A IP addresses from the settings...this way no one is using the DC A server for network services)
- Install any printers on DC B...that DC A might be serving for print services.
- Point DC A TCPIP settings to point DNS to the IP adress of DC B...  
-  Run DCPROMO on DC A and choose to remove this server as a domain controller
- You can now remove this server from the domain or leave this server as a domain controller.



0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16896830
Group policies are saved in the domain...and are not linked to a specific domain controller... so, there is no manual transfer here... the GPO's are domain based and will still work even without DC A being in the domain.
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16896844
If you have problems demoting the DC A from the domain, you can follow these instructions to remove the server manually:  http://support.microsoft.com/default.aspx?scid=KB;en-us;Q216498
or
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
0
How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

 

Author Comment

by:CareConnect
ID: 16896908
Hi NJ, most of the migration was done (not by me but my predecessor)
by the sound of it if your say that:
 "Group policies are saved in the domain...and are not linked to a specific domain controller... so, there is no manual transfer here... the GPO's are domain based and will still work even without DC A being in the domain."
If i were to "shut down" server/DC "A" now the server/DC "B" would have the Group policy? just want to confirm.
Thank you.
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16896939
yes... all DC's have the domain group policies..  these are saved in Active Directory and replicated to all DC's in the domain.
0
 

Author Comment

by:CareConnect
ID: 16903681
Hi Nj, I went to MMC console on server "B" and "added" group policy editor, I added "default domain controllers policy" but what showed up after adding it was "default domain controllers policy" [sever_A.Domain.org] How ever I want to have [sever_B.Domain.org] showing witch tell's me that the GP are residing on server "A" still? How can I change that since we want to decommission server "A".
Thank you


0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16903967
Load the Group Policy Management tool on one of your computers:  http://www.microsoft.com/downloads/details.aspx?FamilyID=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&DisplayLang=en

I'm not exactly sure what you are referring to in your last post...  but domain based policies are stored in the domain and not on a particular domain controller.

0
 

Author Comment

by:CareConnect
ID: 16905598
Hi NJ, thank you. I installed the Tool and it works good. I believe that the original "migration" from server "A" was not fully performed and they are still some components of it left in the domain per example in "AD site and Services" [server.A.domain.com] is still the one there and not [server.B.domain.com] and also just under sites -->default first site name-->servers, both A and B are sill there is DC's instead of having server "B" only. That is probably why the Groups policy's still showing [server.A.domain.com].  I am not too too sure if a migration could be re-performed again? or what to do from this point on.
I hope i was able to explain a little better.
Thank you
0
 
LVL 33

Accepted Solution

by:
NJComputerNetworks earned 500 total points
ID: 16905752
go through these steps....  and see what has and what has not been done...

- Install the DNS service on the DC B...  (if it is not already there..)
- transfer FSMO roles to DC B:  http://support.microsoft.com/default.aspx?scid=kb;en-us;q255690
- Enable GC role on DC B and Remove GC role from DC A:  http://support.microsoft.com/?kbid=313994
- Enable the DHCP service on DC B (if you want...and authorize this and create the proper scopes and scope options)
- Install the WINS service (if you want...)
- On TCP/IP settings in your environment, point clients and servers to the DC B server (and remove the DC A IP addresses from the settings...this way no one is using the DC A server for network services)
- Install any printers on DC B...that DC A might be serving for print services.
- Point DC A TCPIP settings to point DNS to the IP adress of DC B...  
-  Run DCPROMO on DC A and choose to remove this server as a domain controller
- You can now remove this server from the domain or leave this server as a domain controller.
0
 

Author Comment

by:CareConnect
ID: 16917153
Ok Great thank you i will try that step by step!!
0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question