Solved

Remote Office Win2k DC Migration

Posted on 2006-07-12
21
226 Views
Last Modified: 2010-03-18
To all,
I am having a difficult time deciding what to do in a remote office. This remote office has the following:

1 Windows 2000 Server Domain Controller (which does all DNS and file/print sharing)
20 Client computers

For a long time this remote office operated independently, but we have recently connected the site via 512kbps VSAT, so the site is now a subnet in our cooperate network. This is important as we are rolling-out Exchange 2003 and resolution to our corporate domain is pre-requisite.

The problem now is this Windows 2000 DC is on a different domain then the cooperate network. I am not sure of the best method to migrate this remote site into the corporate Windows Server 2003 domain is.

Should I change domains on the Win2k Server and use ADMTv2 to migrate the accounts?
(Note: b/c there are so few accounts at the remote site….migrating them is not that big of a deal. Their permissions are all going to change anyway, I can simply recreate them on the corporate DC if that is easer).

Should I bring in a new Win2k3 DC and demote the existing Win2k Server?

What’s the best solution with the least impact to the users? Also what effect will this migration have on the 512kbps connection back to corporate?

Thanks for the help in advanced
0
Comment
Question by:moistowelet
  • 11
  • 9
21 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17095443
whichever route you take with this you are going to impact your users, if you want quick any easy with minimal down time and least cost

demote the 2k server after hours, give it a clean, upgrade to 2003, promote as an additional DC in your current domain, recreate the accounts in AD and let the replicate accross overnight, should take you max of 3 or 4 hours and come morning, noone will even know - the most time consuming bit will be rejoining the clients to a new domain
0
 

Author Comment

by:moistowelet
ID: 17096142
Just so I understand:

1) Your saying demote the existing Win2k Server
2) Upgrade the OS to Win2k3
3) Promote it as a DC for the remote office subnet (mean while in the corporate office create the users in their own OU in AD)
4) Allow replication

Is this correct?


Question:

What would you recommend without upgrading the OS of the existing Server? The spec of the old system are weak. I have the option to bring in a new Win2k3 Server.

Thanks very much
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17097515
yep thats pretty much it......if you have the option of a new clean install with a new server then hell yes!
0
 

Author Comment

by:moistowelet
ID: 17103643
I guess my question/what I am asking is if I have a clean Win2k3 Server brought into this site what would be my order of operations?

1)Demote the Win2k Server
2)Promote the Win2k3 Server
3)Recreate AD accounts
4)Allow replication
5)Point client computers to new Domain and DNS server

?

Thanks
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17104603
if you have a brand new install...the it doesnt need to be configured in conjunction with your current 2000 machine if that makes sense

create your user accounts
promote your new 2003 DC into the correct Domain and allow replication
Demote the 2000 box
run like a maniac and run the network ID wizard on the clients to join to new domain
wallah.....
0
 

Author Comment

by:moistowelet
ID: 17130909
Thank for the reply,
(I think better in terms of steps so let me see if I have this correct)

At the Remote office location
1)      dcpromo a the new Win2k3 box into the corporate domain
2)      allow replication (what about DNS? The Win2k box currently acts as the DNS server.)
3)      Demote the current Win2k DC (then do I rejoin the Win2k server to the new DC as a member server? Remember, the current Win2k server also acts as a file server)
4)      Add all client computers to the new Domain

At the Corporate location:
1)      Add new domain to AD sites and services
2)      Create AD user accounts from remote site
3)      ???

Is that it? Is there anything else that needs to be done at the corporate site?

Thanks for your help and sorry for the late reply (I was on vacation). I will award the points soon.
0
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 500 total points
ID: 17134583
at remote

1) yes
2) if you install DNS prior to promotion (you should) and make your current zones AD integrated, they will replicate with AD updates
3) yep - demoting simple removes AD nothing else
4) yes

at corp
1) add the domain controller into a new site
2) this should be done as probably your first step as it can take a little while to do depending on users....

thats basically it really.......a word of advice, add your 2003 DC first, you dont want to get stuck where you may have a problem with connectivity or something that goes wrong, and then have everyone down until resolved...... make sure you get your 2003 setup and replicating, then take your next steps

i only just got back from vacation as well so all is well, not stressed on points, lets get this up and going before you award any :)
0
 

Author Comment

by:moistowelet
ID: 17141892
Thanks very much for the positive feedback!
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17143522
no problem, good luck
0
 

Author Comment

by:moistowelet
ID: 17269998
Jay Jay70,
sorry for the long lag in activity...I am just now onsite to perform this migration. I had a question:

How will the client computers (at this remote location) know which DC to join (aka how will they know to join the new....not the one at the main office)?


Thanks for keeping up with this

0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17270018
heya mate!

you still have to manually add the clients to the new domain, then the domain membership handles the rest, or have i missed something here!
0
 

Author Comment

by:moistowelet
ID: 17273573
Jay Jay70,
I understand I will have to add the clients manually....my question more so centers around which DC they register to (the new DC at this location as apposed to the DC at corporate). When I run DCPROMO the option I am choosing is "Additional Domain controller for an existing domain".

So, I just want to make sure my clients at this location register to the DC in this location.

Does that make sense?

Thanks for the help!
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17275622
my bad :) yes, you have to setup sites within AD, it will control localised authentication

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/adsrv.mspx
0
 

Author Comment

by:moistowelet
ID: 17281728
Jay Jay70
I ran the DCPROMO on the new server today everything went well, no errors and the new server was ID'ed into the right site in AD sites and services. So I am pretty happy with everything on that front. However, I have noticed two things that maybe you can clear up for me:
1) in Admin tools I see all the new AD options but I don't see DNS....was it suppose to install with DCPROMO?
2) my upload/download speeds seem to be a lot slower. Internet and RDP seem fast, like normal. But uploading or downloading is crawling. Could this be related?

Thanks for everything.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17283941
glad things are well, because its an additional DC, its not a part of the wizard for DNS, you simply install DNS from add remove programs and it will populate itself

i cant see how AD would be relating to upload and download speeds, unless its a lot of replicating traffic. do you have any monitoring tools?
0
 

Author Comment

by:moistowelet
ID: 17288727
Jay Jay70,
Thanks for the reply

ok, I can understand that...but let me ask:
is there any reason I can't leave DNS running on the old Win2k DC? I am going to demote it in a few days, so will that change its DNS information? Let me know what you think, because I would like to leave DNS on this Win2k Server.


Regarding the bandwidth, I ran some traps on the ciscos and the AD replication was really heavy on the bandwidth, once that was complete it went back to normal.

Thanks again
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17292640
no halm in having that additional DNS server at all, actually its much better to do this

bandwidth is all good now?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17540598
Thankyou!
0
 

Author Comment

by:moistowelet
ID: 17542641
sorry for the late responce.....Thanks for your help!
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17542726
No Probems at all
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Resolve DNS query failed errors for Exchange
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now