Solved

Upgrade secondary DC from 2003 to 2008

Posted on 2010-09-01
11
379 Views
Last Modified: 2013-11-05
Hi,
There are 2 domain controllers which I need to virtualize. One is 2003 and other is 2008, both servers will be migrated to 2008 virtual machines. I have one primary master DC (2008) which is hosted in a datacenter, both machines are in 2 remote offices and appear to be configured as a secondary local domain controllers. They also run DHCP and DNS servers.
I found some solutions/guides here for migrating DC from 03 to 08 but they are all for single or primary servers. Do I have to follow different approach in my case? Is there a way to transfer settings or image the existing 2008 server and move it to vm or I have to start fresh? So far, I have the new vms running 08 installed in each office ready to be set up as replacement DC but have not done anything yet.

0
Comment
Question by:angelo_r
  • 5
  • 3
  • 3
11 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 33579431
You can do a P2V migration on the existing servers using a variety of tools.  The only thing you need to do before you start is stop and disable any hardware-specific services.  Once migrated, remove any hardware specific drivers and software from the VM.Alternately, join the new VMs as DCs and replication should make them whole.  Simply install DNS and it should build via replication.  With DHCP, just backup the old DHCP database from within DHCP console and restore to new server.Treat the VMs as if they are real metal servers - there is almost no difference (except in the hardware layer).
0
 

Author Comment

by:angelo_r
ID: 33579490
Do I still need to follow the role transfer guides if I go with fresh installation for secondary (local) DCs?
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 250 total points
ID: 33579530
Yes, do everything you would normally do if you were adding a new hardware server to replace an old server.

Do the FSMO transfers.
Make it a Global Catalog.
Install the DNS service and allow replication to populate it.
Install the DHCP role.
Backup and restore DHCP to the new machine.
Turn OFF DHCP on the old servers.
Ensure your DHCP now gives out the new DNS entries.
Gradually - remove DNS from old servers to make sure the clients can still resolve from new servers.
DCPROMO old servers out of the domain properly.

Make sure the new DCs have completely replicated before removing the old ones!!
0
 
LVL 51

Expert Comment

by:Netman66
ID: 33579554
I hope I understood you correctly.

You ARE replacing the hardware servers with the VMs - correct?

If you are NOT, and you will leave the DC with the roles in place, then you don't need to move any roles to the new servers if you don't want to.  Making the new ones GCs is a good idea though.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33579563
I'd personally go with the fresh install/promotion.  This may also give you the opportunity to go to 2008 R2.Are you talking about FSMO roles or other roles?You would have to follow the same guidelines to transfer the FSMO roles and the services that Paul mentioned.  Also make all your DCs GCs in this case ThanksMike
0
 

Author Comment

by:angelo_r
ID: 33579585
One more thing, I am afraid not to make one of the new machines as a master DC... Is there a way to make it read only as this will be just a local DC? When I try to transfer roles it always ask me to transfer from my primary.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33579623
In AD there is no real "master"  you might be thinking of the FSMO roles.

There is something known as read only domain controllers but those are mainly used if physical security is a concern  (look for RODC in google/bing for a lot more info)

If you want to wait to make sure everything is ok then transfer the FSMO roles...that works too.

Thanks
Mike
0
 
LVL 51

Expert Comment

by:Netman66
ID: 33579799
As Mike has eluded to, you can use a new feature called Read Only Domain Controller, however I believe in your scenario it probably isn't what you require.

If you are replacing the original FSMO role holder, then you MUST transfer the roles to one of the new servers.

If you are simply adding additional DCs then there is no requirement to transfer roles.  AD will be "live" and writable on all DCs because they are now all peers - there is no such thing as PDC and BDC any longer.

0
 

Author Comment

by:angelo_r
ID: 33588543
I am almost there, the new 2008 is running along with the old 2003, I promoted it to DC and will transfer roles before I remove the old one. However, I noticed that when I go to NTDS Settings/Connection on the new machine it shows that it replicates from the old 03 DC and my main DC. Will that entry be remover automatically when I demote the old server so I replicate only from the primary DC? On the second field "Replicate To:"  I can see only my old 2003 DC - what will happen when I demote/remove that computer? Is there any way to edit these settings so I can properly set it to replicate from and to the primary DC only?
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 250 total points
ID: 33588578
You can set up your connection obejects manually but right now all that is being done automatically by the KCC...I'd let that continue as is in this case.  Yes it will be removed (you will have to delete the box from sites and services as that is not done automatically in the demotion)
Thanks
Mike
0
 
LVL 51

Expert Comment

by:Netman66
ID: 33589073
Agreed. If the demotion of the old server is done cleanly, and without error then simply delete the old server object from within AD Sites and Services and the replication toplogy will be recalculated by KCC and you should be golden.

0

Join & Write a Comment

I'm sure that every Windows systems administrator has written, or at least used, a batch or VBS login script at some point in their career, whether it is to map network drives, install printers, or set some user preferences.  No more! With Window…
I know all systems administrator at some time or another has had to create a script to copy file from a server share to a desktop. Well now there is an easy way to do this in Group Policy. Using Group policy preferences is not hard. The first thing …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now