qsnow
asked on
Best practices for upgrading from 2000 AD to a 2003 AD environment
We are about to go through an Active Directory upgrade from W2k AD to W2k3 AD. I've read various documents from Microsoft and gone through the checklists as far as verifying current replication is happening correctly, DNS resolution, etc. Here is a brief summary of our environment followed by some key questions that we would like to advice on (best practices and/or real-world upgrade experiences instead of MS's document experience) :-)
Company itself - 2 main data center sites with approx 20 remote sites. DCs exist only at the main sites.
5 DCs in total all running Windows 2000 SP4.
1 DC in the parent (w2k.pardomain.com)
2 DCs in south data center site (sdc1.childdom.pardomain.c
2 DCs in north data center site (ndc1.childdom.pardomain.c
Currently in AD/Sites we have two main sites setup a North and South (ndcx assigned to North, sdcx, w2k assigned to South).
DNS is running on all DCs.
DHCP is running on (w2k for the South region) and (ndc1 for the North region)
We have new hardware for all 5 DCs and the end result is that we will have all DCs on the new hardware with the same computer names and IP Addresses.
Various questions we have are:
1. What would be considered the best practice for upgrading our domain. Do we need to do an actual server OS upgrade or can we just prepare the domain for 2003AD, install 2003 on the new servers and dcpromo them in followed by dcpromo'ing the old 2000AD servers out?
2. Once we have w2k upgraded, in the interim we will have a mixed configuration (2003AD and 2000AD) while we are working on converting the others servers, should we expect any DNS related issues in regards to clients resolving internal resources? (other than a server being offline, obviously)
3. For DHCP, is it possible to export the current 2000 DHCP configuration and import that into 2003 DHCP?
4. For DNS, (same as 3.) is it possible to export/import from 2000 to 2003
Company itself - 2 main data center sites with approx 20 remote sites. DCs exist only at the main sites.
5 DCs in total all running Windows 2000 SP4.
1 DC in the parent (w2k.pardomain.com)
2 DCs in south data center site (sdc1.childdom.pardomain.c
2 DCs in north data center site (ndc1.childdom.pardomain.c
Currently in AD/Sites we have two main sites setup a North and South (ndcx assigned to North, sdcx, w2k assigned to South).
DNS is running on all DCs.
DHCP is running on (w2k for the South region) and (ndc1 for the North region)
We have new hardware for all 5 DCs and the end result is that we will have all DCs on the new hardware with the same computer names and IP Addresses.
Various questions we have are:
1. What would be considered the best practice for upgrading our domain. Do we need to do an actual server OS upgrade or can we just prepare the domain for 2003AD, install 2003 on the new servers and dcpromo them in followed by dcpromo'ing the old 2000AD servers out?
2. Once we have w2k upgraded, in the interim we will have a mixed configuration (2003AD and 2000AD) while we are working on converting the others servers, should we expect any DNS related issues in regards to clients resolving internal resources? (other than a server being offline, obviously)
3. For DHCP, is it possible to export the current 2000 DHCP configuration and import that into 2003 DHCP?
4. For DNS, (same as 3.) is it possible to export/import from 2000 to 2003
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Leew,
Thanks for the fast/excellent reply. A couple of followup's just to make sure I'm clear -- clarity is a good thing :-)
So, our process would be something like:
1. On w2k.pardomain.com
Adprep /forestprep
Adprep /domainprep
2. Wait for replication and verify replication happened
3. DCPromo 2003 server that is on new hardware into the pardomain.com
<unsure point - do we also need to run Adprep /domainprep on the child domain (sdc1.childdom.pardomain.c
4. DCPromo (demote) server (sdc2.childdomain.pardomai
5. DCPromo 2003 server that is on new hardware with sdc2 naming convention and IP Address into the (childdom.pardomain.com domain)
6+. Repeat of 4 and 5 to get all the DCs replaced/upgraded.
Does this sound like a correct procedure? Any gotchas you can think of in this situation? All of our DNS is AD Integrated already, so I assume once a 2003 server is introduced and DCPromo'd in, it should replicate all the DNS from the other servers.
Thanks for the fast/excellent reply. A couple of followup's just to make sure I'm clear -- clarity is a good thing :-)
So, our process would be something like:
1. On w2k.pardomain.com
Adprep /forestprep
Adprep /domainprep
2. Wait for replication and verify replication happened
3. DCPromo 2003 server that is on new hardware into the pardomain.com
<unsure point - do we also need to run Adprep /domainprep on the child domain (sdc1.childdom.pardomain.c
4. DCPromo (demote) server (sdc2.childdomain.pardomai
5. DCPromo 2003 server that is on new hardware with sdc2 naming convention and IP Address into the (childdom.pardomain.com domain)
6+. Repeat of 4 and 5 to get all the DCs replaced/upgraded.
Does this sound like a correct procedure? Any gotchas you can think of in this situation? All of our DNS is AD Integrated already, so I assume once a 2003 server is introduced and DCPromo'd in, it should replicate all the DNS from the other servers.
ASKER
Sorry, one more - The last link you posted talked about R2 schema -- our new controllers will be R2. We are safe just running the adprep from the R2, correct? That will do the prep we need for 2003AD in general along with the R2 additions, correct?
You need to run ADPREP 3 times on an existing DC - twice (forest and domain) from the 2003 CD, and once from disk 2 of the R2 set, following the instructions I posted. (Running it more than that won't hurt - or help, so if you're not sure, just run it again). But note, there are TWO ADPREP programs.
I would run ADPREP on each domain to ensure they are up to date. As I said, it won't hurt anything.
at step 4, I wouldn't demote right away - I'd turn off for a week or two - JUST TO BE CERTAIN. Make sure after everything is working, you turn it back on and PROPERLY remove it from the domain, but I wouldn't demote it RIGHT AWAY.
Always, the best thing to do is setup a small test network and test it. I can tell you what I experienced, but if nothing went wrong for me, there's no certainty you'll be doing EXACTLY the same things EVERYWHERE I did. Test it. Get familiar with the process, then do it in production.
I would run ADPREP on each domain to ensure they are up to date. As I said, it won't hurt anything.
at step 4, I wouldn't demote right away - I'd turn off for a week or two - JUST TO BE CERTAIN. Make sure after everything is working, you turn it back on and PROPERLY remove it from the domain, but I wouldn't demote it RIGHT AWAY.
Always, the best thing to do is setup a small test network and test it. I can tell you what I experienced, but if nothing went wrong for me, there's no certainty you'll be doing EXACTLY the same things EVERYWHERE I did. Test it. Get familiar with the process, then do it in production.
ASKER
For our situation, I don't know that we can avoid demoting during this process, since we need the computer names for the new DCs on new hardware to match the names of the old -- if we tried to bring an old machine online in a week with the same name and demote, I'd suspect a slew of issues.
These are just DCs, right? Why do you need the same computer names?
In my opinion, trying to preserve computer names is one of the biggest headaches an admin can have and in a well designed (and appropriately funded) network, there is little need for it.
In my opinion, trying to preserve computer names is one of the biggest headaches an admin can have and in a well designed (and appropriately funded) network, there is little need for it.
ASKER
Yes, they are mainly just DCs (dhcp, dns services as well)... We have various 3rd party .NET apps as well as 3rd party vendor programs that may be using FQDN to pull information from our certain AD servers. IP Address wise, since these machines are running DHCP and DNS, that would be an issue as well having to change all of our routers forwarders, and such.. so at a minimum, IP Address 'must' remain the same for the new roles of these machines.
http://support.microsoft.com/?id=325473
How can I move a DHCP database from one server to another?
http://www.windowsitpro.com/Article/ArticleID/13473/13473.html
How can I move DNS from one Windows 2000 Server to another Windows 2000 Server?
(Two Related if going 2000 to 2003 - read both before moving)
http://www.jsifaq.com/subG/TIP3300/rh3357.htm
http://www.jsifaq.com/SUBN/tip6700/rh6731.htm