How to import/export Active Directory?

Posted on 2007-10-01
Medium Priority
Last Modified: 2008-05-31
I am currently installing Windows Server 2003 R2 Standard Edition on a new machine.  I need to export my entire Active Directory from the old machine that is running Windows Server 2003 Standard, and import it into the New Machine running Server 2003 R2 Standard.  How can I do this without recreating every user and setting?
Question by:JFrusci
  • 3
  • 3

Expert Comment

ID: 19991594
If you make the new server a domain controller Active Directory will replicate everything to the new server.

Author Comment

ID: 19991666
If I make it a domain controller, wont I have to give it the name of my domain?  By giving it the same domain name that already exists, wont there be a conflict when both servers are on the network?

Expert Comment

ID: 19991681
Ok. I see, so you are changing domains?
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why


Author Comment

ID: 19991721
Well we want to keep the same domain name as well as giving the new server the same name as the old one
LVL 70

Accepted Solution

KCTS earned 2000 total points
ID: 19991962
Don't give the server the same name a the old one - its unessessary and just complicates matters. Proceed as follows instead:

Install Windows 2003R2 on the new machine WITH A DIFFERENT NAME

Assign the new computer an IP address and subnet mask on the existing network

Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller)

Join the new machine to the existing domain as a member server

As the new Windows 2003 server is the R2 version and the existing set-up is not then you need to run Adprep  from CD2 of the R2 disks on the existing Domain controller. Take CD2 from the R2 disks place in in the existing DC and run Adprep form the \CMPNENTS\R2\ folder on CD2
You need to run AdPrep /forestprep and then AdPrep /domainprep.

From the command line promote the new machine to a domain controller with the DCPROMO command from the command line Select Additional Domain Controller in an existing Domain

Once Active Directory is installed then to make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Assuming that you were using Active Directory Integrated DNS on the first Domain Controller, Inststall DNS on the new Domain controller and DNS will replicated to the new domain controller along with Active Directory.

If you are using DHCP you should spread this across the domain controllers, In a simple single domain this is easiest done by Setting up DHCP on the second Domain controller and using a scope on the same network that does not overlap with the existing scope on the other Domain Controller. Dont forget to set the default gateway (router) and DNS Servers. Talking of which all the clients (and the domain controllers themselves) need to have their Preferred DNS server set to one domain controller, and the Alternate DNS to the other, that way if one of the DNS Servers fails, the clients will automatically use the other.

Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and DHCP. and the domain could function for a while at least should any one of them fail. It is normally recommended that you have at least 2 DCs to provide resiliance.

If you really want to remove the old DC then first transfer all the FSMO roles: See http://www.petri.co.il/transferring_fsmo_roles.htm

Made the other DC a global catalog (if you have not already done so). Go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

If the Old DC is running DHCP:
Install DHCP on the new DC, set up the scope and authorise it. remove DHCP from the old DC.

DNS: Make sure that all of your clients are set to use the new DC as their Preferred DNS server (either by static entries or DHCP options)

Power down to old DC and make sure that all is well, once satisfied power on the old DC again, then run DCPROMO for remove it's domain controller status. If you want to remove the machine from the domain then you can do so one it's DC role has been removed

NOW and ONLY NOW should you rename the new DC if you cannot bear to live with the new name: see http://www.petri.co.il/windows_2003_domain_controller_rename.htm


Expert Comment

ID: 19992102
That is a very detailed layout of exactly what you need to do. Thanks KCTS.

Author Comment

ID: 19992503
Thank You...this is much appreciated

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question