New PDC on Windows 2003

Hi,
Windows 2000 Network, 1 PDC, 1 BDC. We are planning to upgrade the PDC server to Windows 2003. I prefer a clean install of OS and import the AD information and make this server again PDC. Please describe any expert hands, what are the procedures to do this task.
Is it a problem to have a Windows 2003 PDC and a Windows 2000 BDC coexist?

Thanks for a detailed guide

Regards
LVL 5
BasheerptAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pete LongTechnical ConsultantCommented:
Hello Basheerpt,
New Domain Controller

First DON?T consider using a cloning tool like Norton/Symantec Ghost to make an image of the server, this is fraught with pitfalls!
Consider keeping the old Domain Controller running, having two domain controllers build redundancy/Fault tolerance into your network.

1.      Build the new server in the live environment, put on all the relevant service packs (remember MS service packs are inclusive, SP2 includes SP1 etc) and join the server to the domain (You Must have the rights to do this)
2.      Promote the New server to a domain controller by running DCPromo (The server MUST be able to see DNS or it will fail) to run DC Promo Click Start >Run >type ?dcpromo? {enter}
3.      When the server has finished and rebooted, you need to make the decision on weather to keep the old Domain Controller (I would say yes) If you do then your job is finished.
4.      You will now need to ?seize? the FSMO roles there are 5 FSMO roles which are

?      Schema master - Forest-wide and one per forest.
?      Domain naming master - Forest-wide and one per forest.
?      RID master - Domain-specific and one for each domain.
?      PDC - PDC Emulator is domain-specific and one for each domain.
?      Infrastructure master - Domain-specific and one for each domain.
5.      To do this you need to use the ?ntdsutil? tool

To move the FSMO roles from one computer to another, you can use two different methods. The first method is a transfer and is the method that is recommended. You can use the first method if both computers are running. Use the second method if the FSMO roles holder is offline. The second method requires you to use the Ntdsutil.exe tool to seize the roles.

Note Only seize the FSMO roles to the remaining Active Directory domain controllers if you are removing the FSMO role holder from the domain or forest.

To seize or transfer the FSMO roles by using Ntdsutil, follow these steps:
1.      On any domain controller, click Start, click Run, type ntdsutil in the Open box, and then click OK.

Note Microsoft recommends that you use the domain controller that is taking the FSMO roles.
2.      Type roles, and then press ENTER.

To see a list of available commands at any of the prompts in the Ntdsutil tool, type ?, and then press ENTER.
3.      Type connections, and then press ENTER.
4.      Type connect to server servername, where servername is the name of the server you want to use, and then press ENTER.
5.      At the server connections: prompt, type q, and then press ENTER again.
6.      Type seize role, where role is the role you want to seize. For a list of roles that you can seize, type ? at the Fsmo maintenance: prompt, and then press ENTER, or consult the list of roles at the beginning of this article. For example, to seize the RID Master role, you would type seize rid master. The one exception is for the PDC Emulator role, whose syntax would be "seize pdc" and not "seize pdc emulator".

Note All five roles need to be in the forest. If the first domain controller is out of the forest then seize all roles. Determine which roles are to be on which remaining domain controllers so that all five roles are not on only one server.

Microsoft recommends that you only seize all roles when the other domain controller is not returning to the domain, otherwise fix the broken domain controller with the roles.

If the original domain controller with the FSMO roles is still online, transfer the roles. Type transfer role.
7.      After you seize or transfer the roles, type q, and then press ENTER until you quit the Ntdsutil tool.
Note Do not put the Infrastructure Master role on the same domain controller as the global catalogue.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;197132

To check if a domain controller is also a global catalogue server:
1.      Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites and Services.
2.      Double-click Sites in the left pane, and then browse to the appropriate site or click Default-first-site-name if no other sites are available.
3.      Open the Servers folder, and then click the domain controller.
4.      In the domain controller's folder, double-click NTDS Settings.
5.      On the Action menu, click Properties.
6.      On the General tab, locate the Global Catalogue check box to see if it is selected.
*****References*****

Using Ntdsutil.exe to Seize or Transfer FSMO Roles to a Domain Controller
http://support.microsoft.com/?kbid=255504

Windows 2000 Active Directory FSMO Roles
http://support.microsoft.com/default.aspx?scid=kb;EN-US;197132

Flexible Single Master Operation Transfer and Seizure Process
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223787


Regards,

PeteLong
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
fishadrCommented:
In Windows 200x you don't really have PDC's and BDC's all servers operate with the same authority but are granted different rolese FSMO operations to share the load. If a server is being taken out of action for some time you transfer the roles to another server, if the server crashed and cant be fixed you would seize them usine NTDSUTIL etc (as mentioned above)

I think you are asking if you should do an inplace upgrade from NT4 to Windows 2003 AD:
read the following page for detailed information:
http://technet.microsoft.com/en-us/windowsserver/2000/bb735335.aspx

To migrate the information from the old domain to the new you would have to configure trusts between the domains and use the Active Directory Migration Tool (ADMT) to migrate the accounts from the old to the new domain. you would then need to migrate the computers and users to logon to the new domain (this tool can do this for you). You also need to migrate the data and set the permissions. Subinacl.exe from Microsoft can assist with re-mapping security

There is quite a lot involved. doing an inplace upgrade is much easier to do if you have not done a full migration before. I would recommend building a test environment and trying both.

Before implementing remember to backup and test that you can recover the infrastructure!
0
BasheerptAuthor Commented:
Thanks for the comments.
Actually, what I want to do is: The current domain controller, which has two partitions. The C part contains the Windows 2000 and the D contains all the userdata, which is used as file server. My plan is, Format the DC (the c partition only) and install a clean windows 2003 retaining the User data/permissions/and all windows 2000 AD related objects without downtime. :) My Environment also include an Exchange 2000. If i go for windows 2003, will the exhchange be affected?

Thanks
0
fishadrCommented:
Yes everything will break!

The Active Directory related objects are stored in the NTDS.DIT database and is owned by the DC. The Exchange server configuration is also held on the DC in this file. If you format C and reinstall you will end up with a new server, with all your data on drive D (word files, spreadsheets etc)

You really need to do an inplace upgrade but remember to backup everything before proceding.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.