[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 228
  • Last Modified:

2003 Domain Migration

Currently running a Windows 2000 Native domain environment with a total 7 DCs in my organization. The very first DC, lets call it DC1, running Windows Server 2000 SP4, was the very first server to be promoted in the forest and it holds all of the FSMO roles. I have just built a 2003 Server SP2 and I am looking to transfer all the FSMO roles from DC1 to the 2003 server and eventually bring all the other servers up to the 2003 domain level.

My question is what is the best way to go about starting this process. Will i be introducing any DNS or DHCP conflicts if I go ahead and promote the first 2003 Server to a DC into this existing 2000 domain. Do I need to transfer the roles as soon as I promote this DC or do I have some time. I have already had to run the adprep /forestprep and /domainprep switches in order to run the DFS tools in the R2 version. Will I need to run these again if the schema has already been updated. TIA
0
beargonefishing
Asked:
beargonefishing
2 Solutions
 
nightmare2Commented:
You don't have to run forestprep and domainprep again.
Run dcpromo on your 2003 server.
I guess you use active directory integrated DNS zones.
They will replicate to the new DC.
No conflict there as long as you don't use overlapping DHCP scopes (if you install DHCP on the new DC of course)
There is no hurry to transfer the FSMO roles.
Do it if you plan to retire your old DC.
When all your DCs have been upgraded to 2003, you can switch to 2003 native mode.
0
 
mukul_dCommented:
Hello,

I don't think there will be any conflicts introduced in the migration as long as you carry out the migration methodically.

Try not to transfer all the FSMO roles all at once, but rather do it one at a time and on different servers if possible. Later on you can consolidate the FSMO roles if needed.
0
 
KCTSCommented:
You only need to run forestprep once in the forest. DomainPrep needs to be run once in each domain.
Once you have prepared the forest, tou can just ass the new 2003 machine as you would a 2000 machine. ie:

Install Windows 2003 on the new machine

Assign the new computer an IP address and subnet mask on the existing network
Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally an existing domain controller)

Join the new machine to the existing domain as a member server

If you have not already done so then If the new Windows 2003 server is the R2 version and the existing set-up is not then you need to run Adprep  from CD2 of the R2 disks on the existing Domain controller. Adprep is in the \CMPNENTS\R2\ foder on CD2. Allow time for AD to replicate.

From the command line promote the new machine to a domain controller with the DCPROMO command from the command line Select Additional Domain Controller in an existing Domain

Once Active Directory is installed then to make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Assuming that you were using Active Directory Integrated DNS on the first Domain Controller, DNS will have replicated to the new domain controller along with Active Directory.

If you install DHCP on the server create and active a scope which does not conflict with any existing DHCP scopes or static IPs and then authorise DHCP.

You can move the FSMO roles as and when you like, transfer the roles see http://www.petri.co.il/transferring_fsmo_roles.htm

Once all the DCs on the domain are 2003 DCs then you can raise the Domain Functional Level, once all the DCs in the forest are 2003 then you can raise the Forest Functional Level. These operations can be done with Active Directory Domains and Trusts.


0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
beargonefishingDirector of Network InfrastructureAuthor Commented:
I am running AD integrated DNS zones, sorry left that part out. So should I just leave DHCP on the old DC (2000 one) since it will still be a DC in the domain and just transfer the FSMO roles to the new DC (2003 one). Also, can both of the DC's serve as global catalogs without causing any conflicts. Would that just provide some redundacy.
0
 
nightmare2Commented:
You can leave the DHCP on the old server.
It's a good practice to have at least 2 GC.
If you plan to upgrade the old DC to 2003 you don't need to transfer the FSMO roles.
And it's better not to have all of them on the same DC.
0
 
beargonefishingDirector of Network InfrastructureAuthor Commented:
What is the most effective setup to stagger the roles between the two servers
0
 
nightmare2Commented:
This article will help you in your planning: http://www.petri.co.il/planning_fsmo_roles_in_ad.htm
0
 
beargonefishingDirector of Network InfrastructureAuthor Commented:
good info. Since my ultimate goal is to migrate the entire domain to 2003 should i go ahead and move the roles to the 2003 server or just leave them on the 2000 until i am ready to upgrade that server to 2003.
0
 
nightmare2Commented:
There is no problem to leave them on the old server.
Even after the upgrade.
0
 
beargonefishingDirector of Network InfrastructureAuthor Commented:
one more question, preciate all the help. so a global catalog server running 2000 and one running 2003 can coincide with no issues at the same physical site.
0
 
nightmare2Commented:
Sure. Until you raise the domain functional level at which point you can't use Windows 2000 DCs anymore, Windows 2000 et 2003 DCs will coexist without problem.
You won't be able to use the Windows 2003 functional level's new features that's all.
0

Featured Post

Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now