Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal
Solved
How to replace a primary Windows 2000 DC with a new Windows 2003 server?
Posted on 2006-11-27
We have a LAN with serveral servers. There are two domain controllers on the network: Server A is primary domain controller with Windows 2000 installed on it and as well as DHCP and DNS server. Server B is another domain controller with Windows 2003 Standard and MS Exchange 2003 running on it. I think AD is Windows 2000 AD not Windows 2003 because Server A was the first DC of Active Directory.
I'd like to get rid of Server A because of lower configuration and upgrade Active Directory to Windows 2003. We've purchased a robust Server C and have Windows 2003 installed. I'd like to have this new Server C become primary domain controller and transfer sheme master server from Server A to Server C. How can I replace Server A with this new Server C? Anything else I have to transfer from Server A? How will I do on Server A?
Thanks in advance!
Wilson
I'd like to get rid of Server A because of lower configuration and upgrade Active Directory to Windows 2003. We've purchased a robust Server C and have Windows 2003 installed. I'd like to have this new Server C become primary domain controller and transfer sheme master server from Server A to Server C. How can I replace Server A with this new Server C? Anything else I have to transfer from Server A? How will I do on Server A?
Thanks in advance!
Wilson
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
7
4-
4
17 Comments
can be done quite easily with a clean install of the new server
**Note - If introducing a 2003 R2 Server into the network as a DC you will need to run the ADPREP tools from the second cd
\CMPNENTS\R2\ADPREP
you can also download here
http://www.microsoft.com/downloads/details.aspx?familyid=5B73CF03-84DD-480F-98F9-526EC09E9BA8&displaylang=en
this boosts the schema up to cope with R2 functionality
http://www.microsoft.com/windowsserver2003/r2/whatsnewinr2.mspx
1) Promote your new machine as an additional domain controller in an already existing domain - this will allow AD to replicate to the new server
2) Make sure DNS is AD integrated on your old DC to allow all DNS replications also
3) Transfer the FSMO roles to the new server
http://www.petri.co.il/transferring_fsmo_roles.htm
http://support.microsoft.com/default.aspx?scid=kb;en-us;255690
4) Make the new DC a Global Catalog under Sites and Services
http://support.microsoft.com/?kbid=313994
5) Deactivate DHCP on the old DC (if used) and recreate the scope on the new DC, note if you have a fairly complex or Large DHCP scheme you may want to export and import the database
http://support.microsoft.com/kb/325473/
6) Run DCDIAG to make sure all is well and replication is fine
7) Demote the old DC if you dont intend to keep it as a backup
8) Recreate Shares etc on the new server
9) Reinstall printers and share them etc....
this will allow you to have the complete AD directory on the new DC and clients will barely be aware of any changes
**Note - If introducing a 2003 R2 Server into the network as a DC you will need to run the ADPREP tools from the second cd
\CMPNENTS\R2\ADPREP
you can also download here
http://www.microsoft.com/downloads/details.aspx?familyid=5B73CF03-84DD-480F-98F9-526EC09E9BA8&displaylang=en
this boosts the schema up to cope with R2 functionality
http://www.microsoft.com/windowsserver2003/r2/whatsnewinr2.mspx
1) Promote your new machine as an additional domain controller in an already existing domain - this will allow AD to replicate to the new server
2) Make sure DNS is AD integrated on your old DC to allow all DNS replications also
3) Transfer the FSMO roles to the new server
http://www.petri.co.il/transferring_fsmo_roles.htm
http://support.microsoft.com/default.aspx?scid=kb;en-us;255690
4) Make the new DC a Global Catalog under Sites and Services
http://support.microsoft.com/?kbid=313994
5) Deactivate DHCP on the old DC (if used) and recreate the scope on the new DC, note if you have a fairly complex or Large DHCP scheme you may want to export and import the database
http://support.microsoft.com/kb/325473/
6) Run DCDIAG to make sure all is well and replication is fine
7) Demote the old DC if you dont intend to keep it as a backup
8) Recreate Shares etc on the new server
9) Reinstall printers and share them etc....
this will allow you to have the complete AD directory on the new DC and clients will barely be aware of any changes
If your 2003 Exchange server is a DC (which you stated) then AD is up to 2003 specs.
If you're adding an R2 server, then what Jay states needs to be done with respect to adprep for R2 extensions.
Now, since the forest is already 2003, if the server you have now is NOT R2, then simply DCPROMO it, transfer the roles (5 of them) and make it a GC. DO NOT rush to remove the old one just yet because Exchange relies heavily on the GC role so you want to be certain the new server has time to build it and advertise.
Other than that, there is nothing much left to deal with.
Keep in mind - DO NOT change the role of the Exchange server now - DO NOT demote it or (if not a DC) promote it or you will break Exchange.
If you're adding an R2 server, then what Jay states needs to be done with respect to adprep for R2 extensions.
Now, since the forest is already 2003, if the server you have now is NOT R2, then simply DCPROMO it, transfer the roles (5 of them) and make it a GC. DO NOT rush to remove the old one just yet because Exchange relies heavily on the GC role so you want to be certain the new server has time to build it and advertise.
Other than that, there is nothing much left to deal with.
Keep in mind - DO NOT change the role of the Exchange server now - DO NOT demote it or (if not a DC) promote it or you will break Exchange.
Jay_Jay70:
Thanks for your prompt and valuable reply. The awnser is quite useful.
I've checked AD and noticed that Domain Function Level remains Windows 2000 native and Forest Function level is Windows 2000. Is that the purpose I need to run ADPREP tools?
I only have one DNS server on Server 1 with Windows 2000, the first lower-configuration server I'd like to get rid of. There are several zones in Forward Lookup Zones. All of them are Primary Standard. How can I check that DNS server is Active Directory intergrated?
I will setup Server 3 with Windows 2003 R2 and install DNS on that. How can I replicate DNS information with primary DNS on Server 1?
Netman66:
Thank you very much for your comment and reminding.
Wilson
Thanks for your prompt and valuable reply. The awnser is quite useful.
I've checked AD and noticed that Domain Function Level remains Windows 2000 native and Forest Function level is Windows 2000. Is that the purpose I need to run ADPREP tools?
I only have one DNS server on Server 1 with Windows 2000, the first lower-configuration server I'd like to get rid of. There are several zones in Forward Lookup Zones. All of them are Primary Standard. How can I check that DNS server is Active Directory intergrated?
I will setup Server 3 with Windows 2003 R2 and install DNS on that. How can I replicate DNS information with primary DNS on Server 1?
Netman66:
Thank you very much for your comment and reminding.
Wilson
Functional levels have nothing to do with Adprep for R2. You run Adprep to extend the Schema for the new R2 features.
If you expand each DNS zone, then right-click and select Properties you'll see if they're AD Integrated (and be able to change them) there.
Once the zones are AD Integrated and accept Dynamic Updates, then simply installing DNS on the server should be all that's necessary. If replication and DNS are functioning properly the zones will automatically create and populate using Replication.
If you expand each DNS zone, then right-click and select Properties you'll see if they're AD Integrated (and be able to change them) there.
Once the zones are AD Integrated and accept Dynamic Updates, then simply installing DNS on the server should be all that's necessary. If replication and DNS are functioning properly the zones will automatically create and populate using Replication.
Thanks a lot Netman66,
I've checked all zones in Forward Lookup Zones and all of the are Primary Standard including our local domain xyz.local and a reverse zone 172.20.0.x matches domain xyz.local is AD Intergrated. Is that possible to transer Primary Standard to AD Ingrated? Otherwise, do I need to create a new zone?
TIA,
Wilson
I've checked all zones in Forward Lookup Zones and all of the are Primary Standard including our local domain xyz.local and a reverse zone 172.20.0.x matches domain xyz.local is AD Intergrated. Is that possible to transer Primary Standard to AD Ingrated? Otherwise, do I need to create a new zone?
TIA,
Wilson
You don't need to transfer - just go into the Properties of the zone and press the button for Change on the zone type. At this point you can select Active Directory Integrated - nothing to it.
Thanks a lot!
If I setup secondary DNS on new Server 3 which running Windows 2003/R2. Is that possible it become primary DNS server if I get rid of current primary DNS server Server 1 which is primary DC, glabal catalog and FSMO role server? For sure I will get rid of it after I successfully transfer glabal catalog and FSMO role to the new Server 3.
If I setup secondary DNS on new Server 3 which running Windows 2003/R2. Is that possible it become primary DNS server if I get rid of current primary DNS server Server 1 which is primary DC, glabal catalog and FSMO role server? For sure I will get rid of it after I successfully transfer glabal catalog and FSMO role to the new Server 3.
There are no such things as Primary and Secondary once the zone is AD Integrated - they all contain the same info and are updated via replication. You can have a Preferred and Secondary DNS server - but that relates totally to your preference.
You can make it Authoritative fairly easily by changing the SOA record to the new server. You can then make it the Preferred server via DHCP.
If you want to remove the original server, that's easy to do. Simply uninstall DNS and restart. Everything should get removed from DNS cleanly provided the two servers can communicate properly.
You can make it Authoritative fairly easily by changing the SOA record to the new server. You can then make it the Preferred server via DHCP.
If you want to remove the original server, that's easy to do. Simply uninstall DNS and restart. Everything should get removed from DNS cleanly provided the two servers can communicate properly.
Thanks guys. I've splited points already. Glad and peasured I got answers from Top 2 Pro.
I haven't planed with http://www.experts-exchange.com for a quite while.
I haven't planed with http://www.experts-exchange.com for a quite while.
Featured Post
Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.
One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Learn about cloud computing and its benefits for small business owners.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Suggested Courses
Course of the Month12 days, 13 hours left to enroll
650 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.