pgamez
asked on
Windows 2003 migration help
I recently went from a windows NT domain and upgraded it to windows 2003 active directory.
Step taken.
1. upgraded nt BDC to windows 2003 and installed active directory with DNS
2. Installed a new windows 2003 server and added it to the to domain with the Add additional domain control to domain option
Here is my problem, I used the NTDSUTIL utility to transfer FSMO roles to the additional domain controller. In order for me to run the login script I have to have the upgraded BDC running. When I remove the upgraded BDC from the network I can log into the domain but can't run the login script.
Can someone please tell me what I need to so in order to run the login script of the number 2 server from above without having the upgraded bdc on the domain.
thanks
Step taken.
1. upgraded nt BDC to windows 2003 and installed active directory with DNS
2. Installed a new windows 2003 server and added it to the to domain with the Add additional domain control to domain option
Here is my problem, I used the NTDSUTIL utility to transfer FSMO roles to the additional domain controller. In order for me to run the login script I have to have the upgraded BDC running. When I remove the upgraded BDC from the network I can log into the domain but can't run the login script.
Can someone please tell me what I need to so in order to run the login script of the number 2 server from above without having the upgraded bdc on the domain.
thanks
ASKER
I get the following when I type net share
Share name Resource Remark
__________________________
IPC$ Remote IPC
ADMIN$ C:\WINDOWS REMOTE ADMIN
E$ E$ DEFAULT SHARE
C$ C$ DEFAULT SHARE
NETLOGON C:\WINDOWS\SYSVOL\sysvol\r
SYSVOL C:\WINDOWS\SYSVOL\sysvol LOGON SERVER SHARE
Share name Resource Remark
__________________________
IPC$ Remote IPC
ADMIN$ C:\WINDOWS REMOTE ADMIN
E$ E$ DEFAULT SHARE
C$ C$ DEFAULT SHARE
NETLOGON C:\WINDOWS\SYSVOL\sysvol\r
SYSVOL C:\WINDOWS\SYSVOL\sysvol LOGON SERVER SHARE
Are the netlogon shares in sync? Do you have the same files on both machines?
Also is the additional server a GC?
Also is the additional server a GC?
ASKER
What's a GC?
Not sure if the netlogon shares are in sync or not? is there a way to find out?
Right now the other server is offline.
thanks,
Not sure if the netlogon shares are in sync or not? is there a way to find out?
Right now the other server is offline.
thanks,
On the additional server is there files in the \\server\netlogon share?
A GC is a Global Catalog server. You generally need a GC to be able to login to the domain (Above and beyond FSMO).
To configure a GC go to AD Sites and Services
Expand your site, then expand the servers.
Expand your server and Right click NTDS settings and select properties
Check the Global Catalog box and click OK.
A GC is a Global Catalog server. You generally need a GC to be able to login to the domain (Above and beyond FSMO).
To configure a GC go to AD Sites and Services
Expand your site, then expand the servers.
Expand your server and Right click NTDS settings and select properties
Check the Global Catalog box and click OK.
ASKER
the Global catalog is checked in AD sites and services
Under servers there are two servers
server 1 which was the upgraded one
and server 2 which is the main one that I want to use. Server 2 has global catalog selected.
yes to files being in the server netlogon sharenetlog
Under servers there are two servers
server 1 which was the upgraded one
and server 2 which is the main one that I want to use. Server 2 has global catalog selected.
yes to files being in the server netlogon sharenetlog
Try this.... May help.
Make sure you have no drive mappings manually (Disconnect them)
Logoff your machine, wait a for a minute then log on..... You may have NIC card initilaizing after the system boot (in GPO you can disable that by fast boot)
Secondly, try to see if you can have the script edited without checking group membership (in the event you are using ifmember) just have it run a net use and map a drive and see if this works. (assuming you are running bat files)
Make sure you have no drive mappings manually (Disconnect them)
Logoff your machine, wait a for a minute then log on..... You may have NIC card initilaizing after the system boot (in GPO you can disable that by fast boot)
Secondly, try to see if you can have the script edited without checking group membership (in the event you are using ifmember) just have it run a net use and map a drive and see if this works. (assuming you are running bat files)
ASKER
I think there maybe something else that I have not done or the FMSO roles did not configure properly. I removed the server from the rest of the network and placed it in a hub. I also placed my pc on the same hub and try connecting to it. I went to network neighborhood and tried to access the server I was not able to see it. When I placed it back on the hub where the backup pc that I upgraded to 2003 I am able to gain access to the server.
after doing a transfer (schema, domain naming master, pdc, rid, infrastructure) should I have re-ran dcpromo on the server?
thanks,
after doing a transfer (schema, domain naming master, pdc, rid, infrastructure) should I have re-ran dcpromo on the server?
thanks,
re-running DCpromo will remove the DC from the Domain if there are other DC's. If it's the only DC, then it's going to remove the domain.
ASKER
Any suggestions on what I need to do? I am lost here.
ASKER
Seems that I have found the solution, for some weird reason I had to disjoing the domain and rejoin the domain. After I did this I was able to log into the domain and run the login script. My new question is, when I migrated the workstations and users into this domain the username works fine but the computer doesn't seem to be part of the domain. Do I have to go to everyone's pc dijoin them from the domain and rejoin them into the domain.
thanks,
thanks,
To migrate a workstation to the domain is the same as manually adding it to the domain. A reboot is required for changed to take effect.
Initially you mentioned you upgraded the NT4 domain to 2003. So this wouldn't really be considered a migration, but more of an upgrade. With this method, you shouldn't have had to do anything to the clients.
If you had an NT4 domain and setup a new 2003 AD domain then migrated the users/machines with a migration tool such as ADMT that would be considered a migration.
Which method did you use.
If you had an NT4 domain and setup a new 2003 AD domain then migrated the users/machines with a migration tool such as ADMT that would be considered a migration.
Which method did you use.
ASKER
I had an NT 4 system (bdc) which I upgraded to 2003 then installed a new 2003 server as an additional domain. Removed the bdc from the network and just kept the new server 2003 running. I used the ntdsutil to transfer FMSO roles to the 2003 server from the upgraded bdc.
ASKER
still having problems with some systems, I have a couple of 2000 systems as well as xp with all of the service packs. I am trying to login into the new domain and a couple of them can not see the new domain. While the other ones can? Checked DNS settings and they are correct any one have any ideas?
than ks
than ks
You have to start with basics... from the offending desktops:
Can you ping the IP of the DC?
Can you ping the name of the DC?
Can you ping the IP of the DC?
Can you ping the name of the DC?
ASKER
I can the IP address but not the name of the DC. I've also noticed that on occassion the login script does not run from one of the pc's that's login into t he new DC.
thanks
thanks
ASKER
I don't know if this also helps but I placed 3 systems on their own switch as well as the dc server and removed them from the rest of the network. I was able to ping the DC and IP address as well as join the domain. As soon as I connect the swith or the DC to the rest of the network I am unable to ping it etc. Do I need to contact our ISP and inform them of the new server? Our ISP currently host's our DNS settings for outside of the network.
So ultimately all your clients should be pointing to your DC for DNS. The DNS server should be configured with a forwarder to the ISP's DNS.
ASKER
I don't remember if I did that or not, is there a way of checking it out and installing the option.
thanks,
thanks,
Well on the clients are configured in the TCP/IP properties.
Load Control Panel and select Network connections
Double Click the NIC and select properties
In the "This connection uses the following items", select TCP/IP and select properties
In the Gernal TAB you configure the IP address and the DNS server. The DNS server address should be the ip of your DC.
If you are using DHCP, then it is a little different. You need to configure that in the DHCP scope.
On the DC to set the forwarder...
Load the Administrative tools
Load the DNS MMC
right click the server and select properties
Select the Forwarders TAB
Add the ISP DNS server to the "Selected domain's forwarder IP address list".
This way the clients will always go to the DC for DNS. If the client wants to connect externally, the DC's DNS server will redirect them to the external DNS server for resolution.
Load Control Panel and select Network connections
Double Click the NIC and select properties
In the "This connection uses the following items", select TCP/IP and select properties
In the Gernal TAB you configure the IP address and the DNS server. The DNS server address should be the ip of your DC.
If you are using DHCP, then it is a little different. You need to configure that in the DHCP scope.
On the DC to set the forwarder...
Load the Administrative tools
Load the DNS MMC
right click the server and select properties
Select the Forwarders TAB
Add the ISP DNS server to the "Selected domain's forwarder IP address list".
This way the clients will always go to the DC for DNS. If the client wants to connect externally, the DC's DNS server will redirect them to the external DNS server for resolution.
ASKER
I've done the first part on the local pc's and have just setup the settings per your instructions on the DC to set the fowarder. Will let you know what happens.
thanks
thanks
Also if you are not using WINS, you might need to configure the dns suffix on the clients. Load the TCP/IP settings and select Advanced and select the DNS TAB
Enter your domain name (rockville.hcmg.net\) in the DNS suffix for this connection.
Enter your domain name (rockville.hcmg.net\) in the DNS suffix for this connection.
ASKER
THANKs for the info, I ran a dcdiag on the server and this is the results that I got
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\HC
Starting test: Connectivity
HCMGPRIME's server GUID DNS name could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(38b0dcaa-4aa2-408e-bde8-8
couldn't be resolved, the server name (hcmgprime.rockville.hcmg.
resolved to the IP address (10.1.0.23) and was pingable. Check that
the IP address is registered correctly with the DNS server.
......................... HCMGPRIME failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\HC
Skipping all tests, because server HCMGPRIME is
not responding to directory service requests
Running enterprise tests on : rockville.hcmg.net
Starting test: Intersite
......................... rockville.hcmg.net passed test Intersite
Starting test: FsmoCheck
......................... rockville.hcmg.net passed test FsmoCheck
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\HC
Starting test: Connectivity
HCMGPRIME's server GUID DNS name could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(38b0dcaa-4aa2-408e-bde8-8
couldn't be resolved, the server name (hcmgprime.rockville.hcmg.
resolved to the IP address (10.1.0.23) and was pingable. Check that
the IP address is registered correctly with the DNS server.
......................... HCMGPRIME failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\HC
Skipping all tests, because server HCMGPRIME is
not responding to directory service requests
Running enterprise tests on : rockville.hcmg.net
Starting test: Intersite
......................... rockville.hcmg.net passed test Intersite
Starting test: FsmoCheck
......................... rockville.hcmg.net passed test FsmoCheck
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thank you very much for all of your help. Our PC's are now connecting to the new server.
Take one BDC offline and leave it off incase you need to backout of the upgrade.
Next you upgrade the Nt4 PDC to 2003.
Anyhow, sounds like your problem is with the sysvol.
What do you see when you type net share from a command prompt on the additional DC?