Solved

How do I add a second domain controller and transfer everything to it?

Posted on 2010-08-23
8
517 Views
Last Modified: 2012-06-21
Can anyone give me step by step instructions on how to transfer active directory to a second domain controller once its joined the forest, as well as make it the primary domain controller. I assume do the last part would transfer all of the Master Roles automatically to the point that I could turn off the first domain controller without issues?

If not a list of instructions pointing me in the right direction would be great.

We are going from Server 2003 forest/domain to 2008 domain running in 2003 forest mode.
0
Comment
Question by:ne3
8 Comments
 
LVL 3

Expert Comment

by:ehartfield2002
ID: 33506269
Are you adding a 2003 or 2008 server?
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33506307
The easiest way is to install the 2008 server to the domain, promote to a domain controller with dcpromo and then transfer the domain and forest roles across with the usual tools.

essentially do this : -

The first step you need to do is to prepare the forest schema and to
prepare a Windows Server 2003 domain for Windows Server 2008. To do this
you need run "adprep /forestprep" on the windows server 2003 DC which holds
the schema operation master of the current domain and run "adprep
/domainprep" on the windows server 2003 DC which holds the infrastructure
master of current domain.

The second step is to join the Windows Server 2008 machine to the domain
and promote it to another DC. After that, please transfer the DNS records
from your current DNS server to Windows Server 2008 DNS server. To do this,
please install DNS server role on Windows Server 2008 and then Create a
secondary DNS zone on Windows Server 2008. After all DNS records have been
transferred from the old DNS Server to the new DNS Server, please change
the secondary DNS zone to primary AD intergrated DNS zone on the new DNS
Server.

The third step is to demote the old Windows Server 2003 DC to member server
and disjoin it from the current domain. If this old DC holds any FSMO
roles, please transfer FSMO roles before performing the demotion. After
that, please change the name and IP address of Windows Server 2008 DC to
old DC's previous name and IP address. Then, please restart Netlogon
service or restart the DC to update the changes.

Moreover, please note that Windows Server 2008 DC only supports Windows
Server 2003 Native mode and above domain functional level. Therefore, if
there are other Windows 2000 Server DCs exist in your current domain, you
have to demote them to member servers and raise the domain functional level
to Windows Server 2003 Native mode before you join Windows Server 2008 DC
into the domain. Also, a full backup should be performed at the beginning.
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33506317
taken from

http://forums.techarena.in/server-migration/936298.htm

used it, works well :)
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33506329
Obviously if you dont want to remove the old server then you can migrate the FSMO rules and leave the old DC in situ.. completely up to you. If the old server is staying the DNS server can remain active and that reduces the complexity of the migration.
0
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 500 total points
ID: 33506386
You cannot create a primary domain controller - there is no such thing.  The FSMO role holder is NOT a primary domain controller.  A primary domain controller is a read/write DC in an NT4 domain.  Active Directory domains are multiple master domains meaning that ALL DCs are read/write copies and the FSMO role holder(s) allot necessary resources to the other DCs to prevent conflicts.  Proper terminology is important lest you be given incorrect advice.

Having done a domain migration just this past weekend, I would recommend the following procedure:
1.  Run DCDIAG and NETDIAG on your existing domain and make sure everything is fully functional with no errors or unexplained warnings - correct any found.
2.  Run the necessary ADPREPs on your your FSMO master DC.
3.  Promote the 2008 server to be a DC.
4.  Make the 2008 server a Global Catalog in Active Directory Sites and Services
5.  Transfer the FSMO roles to your new DC (assuming you want to).
6.  Run DCDIAG and NETDIAG to verify everything is healthy.  (You might want to wait a few hours for these last two steps to ensure replication has properly completed.
0
 

Author Comment

by:ne3
ID: 33506449
Leew:

Assuming that I have never ran any of the ADPREPs, promoted a 2008 server to be a DC, made a 2008 server a Global Catalog, or transferred FSMO roles, is there a good website that describes these utilities and/or switches used. I don't want to directly ask you to explain everything, well because that sounds like a lot of work on your part, and I should learn by myself.

But if you want to take that time, I won't stop you either. So any good websites/books/etc to brush up and verify what I think needs to be done according to what you said?
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 33506493
Dan PEtri's web site has many great tutorials on this.  If you've never done this before, then frankly, you shouldn't do it on your production server first.  Setup a test domain and walk through the steps and procedure a few times to understand what you are doing.  Above all, make a backup of your production domain BEFORE you do any of this to it.

Some links to check out:
http://www.petri.co.il/windows-server-2008-adprep.htm
http://www.petri.co.il/transferring_fsmo_roles.htm
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33506894
Have you thought about going to 2008 R2 at this point?   Some nice features there like the AD Recycle bin (once your forest is at 2008 R2)

If you like step by step with screen shots this is a decent link

http://markswinkels.nl/2009/01/08/how-to-migrate-a-domain-controller-from-windows-2003-to-windows-2008/

The official Microsoft document

http://www.microsoft.com/downloads/details.aspx?familyid=FA629DE2-F4DD-47AC-8D80-3DB46B2877A2&displaylang=en
 

I also really like two blog entries by MVPs on the upgrade.  One is from Meinolf the other from Sander.  

http://msmvps.com/blogs/mweber/archive/2010/02/10/upgrading-an-active-directory-domain-from-windows-server-2003-to-windows-server-2008-or-windows-server-2008-r2.aspx

http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2010/05/26/transitioning-your-active-directory-to-windows-server-2008-r2.aspx

Thanks

Mike

 
0

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
VBS Script not working correctly. 1 21
User profile Size Report 3 40
Multiple Domains 8 21
active directory 1 11
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now