Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Introduced '03 Standard and '03 Standard R2 Domain Controller into our network

Posted on 2007-04-11
4
Medium Priority
?
368 Views
Last Modified: 2010-04-20
I recently introduced a Windows 2003 domain controller on to our network. Let's pretend that my 2000 domain controller I retired was named "dc2000", and my 2003 domain controllers I introduced into my network are called; "2003dc1" and "2003dc2". Before introducing the 2003 domain controller(s) on to my network I followed this kb to take the proper steps in introducing a '03 DC into a 2000 native mode network: http://support.microsoft.com/?id=325379. I transferred all FSMO roles from the "2000dc" DC  to the new "2003dc1" server. I moved dns, and dhcp to "2003dc1". I de-promoted the "2000dc" from being a DC. I removed it from the network, and re-imaged it with Windows Server 2003 R2. I ran an adprep.exe /forestprep to prepare the domain controller for the upgrade.  I ran it on the server that is the schema operations manager with the Adprep tool that comes on the R2 product CD in the \Cmpnents\r2\adprep directory. After this was complete I promoted "2003dc2" to a DC.

Now that I have established the history of how I got to this point I am getting ready to raise the Forest and Domain Functional level to Windows 2003. I am not getting any relevant errors in event viewer on my DC's. I was doing some research to look for any possible issues before I raise the Domain and Forest Functional levels. I noticed a couple of things that I wanted to verify I could delete or edit with the correct domain controller.
In ASDI edit when I right click on my domain and then left click on properties and  then scroll down in my attribute editor, I see that my "domainreplica" is being listed as my old 2000 DC named "2000dc". I believe this should be the "2003dc1" server. Can I edit this to the "2003dc1" server or what is your recommendation? In Active Directory Domain and Trusts when I scroll down to "Sites", "Services", and "Netservices" I see that the "2003DC1" is listed by IP address. The "2000DC" is listed by name in "Netservices" as well. I want to verify that I can simply delete the "2000dc" entry. I also would like to know if this is normal that the old 2000 server was left in these places. If it is not normal please give me a suggestion why this could have not been removed.

Thanks in advance.
0
Comment
Question by:Natldiag
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 13

Accepted Solution

by:
strongline earned 1000 total points
ID: 18893293
follow  support.microsoft.com/kb/216498 to see if you have anything to delete about 2000dc. don't remove anything else.

 if all event logs are clean, and repadmin /showrepl * is clean, I won't worry too much.
0
 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 1000 total points
ID: 18893302
First thing:  Did you make your first 2003 server a Global Catalog?

Next, when you DCPROMO the server you need to go into AD Sites and Services and delete the old server from there.

Next, remove all entries from DNS (Forward and Reverse zones) for the old servername.

Lastly, it may be necessary to do a Metadata cleanup if the old DC wasn't cleanly DCPROMO'd.
http://support.microsoft.com/kb/216498/en-us

BTW: You didn't need to run Adprep after the first 2003 server was added.  It needed to be run on the old 2000 DC before you added it.  
0
 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 1000 total points
ID: 18893312
Sorry, I think I misread something.  You used the R2 Adprep - which is fine if your original 2003 DC was not an R2 build.

0
 

Author Comment

by:Natldiag
ID: 18908508
I followed the kb article; "support.microsoft.com/kb/216498", and made sure that everything was successful when I ran the repadmin /showrepl command. When attempting a metadata cleanup I verified that the retired doman controller was not present. Since I am content that the old domain controller was removed completely, I went ahead and raised my domain and forest functional level. Thank you both for the feedback.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question