We help IT Professionals succeed at work.

Moving: Old Win2k3 DC to new hardware

certpros
certpros asked
on
557 Views
Last Modified: 2010-03-18
Our Environment:

1 x Windows 2003 Server stnd. edition:
Role:  Domain Controller, File Server, Print Server
Name: DCSERVER2K3

1 x Windows 2003 Server stnd. edition
Role:  Exchange 2003 Server
Name: EXCHANGE

This is what is happening:  We are compelely replacing DCSERVER2K3 as it currently has a Raid Container Parity Problem.. All 5 Drives are blinking amber and green with a predictive failure even though 2 of the drives were replaced.  Somehow the container with the problem infected all 5 drives now and they are not working optimally.  We decided to order a brand new server so that we can maintain the active directory environment without taking our users away from their work.  We live on uptime and we must have maximum uptime.  We want to know how we go about making the new server our new Domain Controller, as well as having the Exchange server work properly with it.  Can our new server have a different name?  Do we have to run any prep tools for our exchange server to see it?  Also we will want to completely redo this old server and give it a smaller role as sort of a fail over DC Server.

I just need help with the steps to take as our new server was expedited from Dell and will arive tomorrow morning.

Thank you all in advance!
Comment
Watch Question

Director of IT & Infrastructure
CERTIFIED EXPERT
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
Lee W, MVPTechnology and Business Process Advisor
CERTIFIED EXPERT
Most Valuable Expert 2013

Commented:
Check you Event logs to ensure AD is running appropriately.  Address any issues before attempting to add another DC - or you'll likely fail to add the second DC.

The new server will likely have Windows 2003 R2 on it.  In which case, you need to run ADPREP from the Second CD.  Reference:
Extending Your Active Directory Schema for New Features in Windows Server 2003 R2
http://www.microsoft.com/downloads/details.aspx?familyid=5B73CF03-84DD-480F-98F9-526EC09E9BA8&displaylang=en

Once that's done, just make it a DC by running DCPROMO from the command line.  The new server should have a different name from the old server.  Then you need to transfer the FSMO roles and make it a global catalog server as well.  Reference:
How can I transfer some or all of the FSMO Roles from one DC to another?
http://www.petri.co.il/transferring_fsmo_roles.htm

How To Create or Move a Global Catalog in Windows 2000
http://support.microsoft.com/?kbid=313994

Make sure the new server also runs DNS (An AD integrated DNS is best, but it non-AD integrated can work as well).

How to move a DHCP database from a computer that is running Windows NT Server 4.0, Windows 2000, or Windows Server 2003 to a computer that is running Windows Server 2003
http://support.microsoft.com/?id=325473

How can I move a DHCP database from one server to another?
http://www.windowsitpro.com/Article/ArticleID/13473/13473.html

How can I move DNS from one Windows 2000 Server to another Windows 2000 Server?
(Two Related if going 2000 to 2003 - read both before moving)
http://www.jsifaq.com/subG/TIP3300/rh3357.htm
http://www.jsifaq.com/SUBN/tip6700/rh6731.htm


FINAL WORDS (well probably not, but for this comment).
BACKUP - run a system state and information store backup before adding the new server

Once you THINK you have the new server setup, let it run over night to ensure all replication that needed to take place, took place.  CHECK YOUR EVENT LOGS the next day.  Then turn off the existing DC - DO NOT FORMAT, REINSTALL, OR OTHERWISE DESTROY IT.  If there's something wrong with the "migrated" setup, then you can always turn it back on and troubleshoot - unless you format it, then you're really in trouble.  You'll especially want to test exchange after you migrate things.  Also, MAKE SURE YOU KNOW HOW DNS needs to be setup - too many people think they do, only they don't and then they have problems.  (Don't mean to offend you on this, but based on posts here, I'd say 4 out of 5 people who say they have DNS correct - DON'T).  For more info on DNS, you can reference links I have here:
http://www.lwcomputing.com/tips/static/dns.asp

Author

Commented:
Thank you, this is the information I was looking for!  I am going to check all the links move forward with the project and then I will reward you points right after the project is complete because I might still need your assistance.  I appreciate all of your help.

- Brandon
Lee W, MVPTechnology and Business Process Advisor
CERTIFIED EXPERT
Most Valuable Expert 2013

Commented:
Note: some of the links talk more specifically about 2000 - but 2003 is USUALLY substantially similar.

Author

Commented:
regarding: -->  5. Force replication via Active Directory Sites and Services.

Are you sure I am going to have to use this step?  I thought that once you promoted the server to become a domain controller that it was automatically entered in as a site.  I guess I will find this out once I get to the role transfer portion of the project.
Lee W, MVPTechnology and Business Process Advisor
CERTIFIED EXPERT
Most Valuable Expert 2013

Commented:
I don't like forcing replication - which is why I said leave it on over night.
Joseph HornseyDirector of IT & Infrastructure
CERTIFIED EXPERT

Commented:
Brandon,

Regarding step 5, you'll want to force replication and then check your event logs to make sure there are no issues.  Give it a good hour or so.

Regarding Sites in general, the server will be automatically added to the site based on its IP address.  Remember that a site is simply an Active Directory object which represents a phyiscal network segment.  Active Directory uses these to determine whether or not devices on the network are on the same LAN or have WAN links between them.  If you're in a single LAN environment, it's not that important.  If you're in a WAN environment, it's pretty critical.

If you're in a WAN environment and have more questions about sites, post back and I'll do my best to answer them.

<-=+=->
Joseph HornseyDirector of IT & Infrastructure
CERTIFIED EXPERT

Commented:
I disagree with Lee... I think forcing replication is an excellent way of forcing problems to come to the surface.  Keep in mind, though, that this is just my opinion and that is all.  

Lee's absolutely right that you won't want to rush things.  You need to wait about 24 hours or so between steps 6 and 7 on my list so that things have time to gel - your global catalogs have fully replicated, AD has replicated multiple times, etc.  Keep in mind that when I listed those things, my assumption was that you would research each step before implementing them.  Please make sure you do that.

Another thing that Lee is dead on about - most people screw up DNS.  Active Directory is completely dependent on DNS.  It's easy to set up and it's easy to configure, but most people do not take the time to make sure it's done correctly.  Check out the links on his page; they're good.

<-=+=->

 

Author

Commented:
Another Quick question:

Since I am going to reformat and redo the old server, should I demote the server and remove it from the domain first in order to clear it from the system?

Another question is: since I have backup tapes would it be better to make this new server a secondary DC and use the tape backup to restore the system state of the server and continue to use that server as the Master role DC?

- Brandon

Author

Commented:
-->  Since I am going to reformat and redo the old server, should I demote the server and remove it from the domain first in order to clear it from the system?

I mean once all the migration and role changes are completed....

- Brandon
Lee W, MVPTechnology and Business Process Advisor
CERTIFIED EXPERT
Most Valuable Expert 2013

Commented:
The LAST step, once EVERYTHING has been checked out working ok, run DCPROMO on the original server and DEMOTE it.  Do NOT remove it from the domain without running DCPROMO first.
Expert of the Year 2007
Expert of the Year 2006

Commented:
Only thing I would add is that Exchange gets hooked on to a specific server and doesn't go looking for another server for 35 minutes or more. Therefore you will need to factor in downtime for Exchange - even if this simply a reboot to force Exchange to use another domain controller.

Simon.
Joseph HornseyDirector of IT & Infrastructure
CERTIFIED EXPERT

Commented:
--> Since I am going to reformat and redo the old server, should I demote the server and remove it from the domain first in order to clear it from the system?

Yes.  Always demote it first.  That's a clean removal from AD.  Otherwise, you'll have to do some nasty ADSI Edit or LDP work.  Also, transfer the FSMOs prior to the demotion (although DCPromo should do this automatically).  See below for info.

--> Since I have backup tapes would it be better to make this new server a secondary DC and use the tape backup to restore the system state of the server and continue to use that server as the Master role DC?

No. Avoid doing a system state restore and just reinstall the old server with a fresh OS.

Keep in mind that there is no "master" DC in an Active Directory environment (other than the FSMOs, which are a unique case).  In NT 4.0, you had the Primary Domain Controller (PDC) and Backup Domain Controllers (BDC).  The PDC was the only DC that had a writeable copy of the database whereas the BDCs all had read-only copies.  Therefore, for replication purposes, the PDC was the master as all changes had to be written there and then replicated out to the BDCs.

In a Windows 2000 or Windows 2003 Active Directory environment, each domain controller contains a writeable copy of the directory database.  There is no PDC (strictly speaking) and there are no BDCs.  It is a multi-master replication model as changes can be written to any of the domain controllers.

The exceptions to this are the Flexible Single Master Operation roles (aka FSMOs).  There are five domain/forest functions which must be carried out by a single DC in each forest and/or domain.  You'll want to transfer these roles to the new DC before you demote the old DC.  Here's a link (this talks about transferring and seizing... do the transfer thing; the seizing thing is only as a last resort):

http://support.microsoft.com/kb/223787

Hope this helps.

<-=+=->

Joseph HornseyDirector of IT & Infrastructure
CERTIFIED EXPERT

Commented:
Regarding Exchange -

If it's a problem (which it shouldn't be), then just restart the System Attendant service.  That will restart the other relevant services and force Exchange to find the new server.  It shouldn't be an issue, though.

<-=+=->

Author

Commented:
Thank you all for your help in this matter, the server from Dell will arrive tomorrow.

Since my second domain controller wont be R2 is it really smart to upgrade the active directory using the R2 Schema extentions with ADPREP?

I am hoping the R2 thing goes well.. I believe I will only be able to run the R2 ADPREP after I do the DCPROMO and right after I transfer the roles... This is how I see it from the instruction sheet on this link: http://www.microsoft.com/downloads/details.aspx?familyid=5B73CF03-84DD-480F-98F9-526EC09E9BA8&displaylang=en 

It says: To apply Windows Server 2003 R2 Schema extentions to the Active Directory schema
1. Insert the second Windows Server 2003 R2 Installation disc in the CD drive of the domain controller that holds the schema master operations role (also known as flexible single master operations (FSMO)).
2. Log on to the computer as a member of the Schema Admins group.
3. Click Start, point to ALL Programs, point to Accessories, and then click Command Promt.
4At teh command prompt, type the following commands, substituting the drive letter of the CD Drive for Drive:
drive:
cd \cmpnents\R2\adprep
Joseph HornseyDirector of IT & Infrastructure
CERTIFIED EXPERT

Commented:
If you're not going to deploy R2, then I wouldn't do the extensions yet.  Instead, just follow the steps that I originally outlined, taking the other comments into consideration.

Good luck with it and if you run into any problems, post back!

<-=+=->

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions