Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Upgrade secondary DC from 2003 to 2008

Posted on 2010-09-01
11
Medium Priority
?
387 Views
Last Modified: 2013-11-05
Hi,
There are 2 domain controllers which I need to virtualize. One is 2003 and other is 2008, both servers will be migrated to 2008 virtual machines. I have one primary master DC (2008) which is hosted in a datacenter, both machines are in 2 remote offices and appear to be configured as a secondary local domain controllers. They also run DHCP and DNS servers.
I found some solutions/guides here for migrating DC from 03 to 08 but they are all for single or primary servers. Do I have to follow different approach in my case? Is there a way to transfer settings or image the existing 2008 server and move it to vm or I have to start fresh? So far, I have the new vms running 08 installed in each office ready to be set up as replacement DC but have not done anything yet.

0
Comment
Question by:angelo_r
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 3
11 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 33579431
You can do a P2V migration on the existing servers using a variety of tools.  The only thing you need to do before you start is stop and disable any hardware-specific services.  Once migrated, remove any hardware specific drivers and software from the VM.Alternately, join the new VMs as DCs and replication should make them whole.  Simply install DNS and it should build via replication.  With DHCP, just backup the old DHCP database from within DHCP console and restore to new server.Treat the VMs as if they are real metal servers - there is almost no difference (except in the hardware layer).
0
 

Author Comment

by:angelo_r
ID: 33579490
Do I still need to follow the role transfer guides if I go with fresh installation for secondary (local) DCs?
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 1000 total points
ID: 33579530
Yes, do everything you would normally do if you were adding a new hardware server to replace an old server.

Do the FSMO transfers.
Make it a Global Catalog.
Install the DNS service and allow replication to populate it.
Install the DHCP role.
Backup and restore DHCP to the new machine.
Turn OFF DHCP on the old servers.
Ensure your DHCP now gives out the new DNS entries.
Gradually - remove DNS from old servers to make sure the clients can still resolve from new servers.
DCPROMO old servers out of the domain properly.

Make sure the new DCs have completely replicated before removing the old ones!!
0
Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

 
LVL 51

Expert Comment

by:Netman66
ID: 33579554
I hope I understood you correctly.

You ARE replacing the hardware servers with the VMs - correct?

If you are NOT, and you will leave the DC with the roles in place, then you don't need to move any roles to the new servers if you don't want to.  Making the new ones GCs is a good idea though.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33579563
I'd personally go with the fresh install/promotion.  This may also give you the opportunity to go to 2008 R2.Are you talking about FSMO roles or other roles?You would have to follow the same guidelines to transfer the FSMO roles and the services that Paul mentioned.  Also make all your DCs GCs in this case ThanksMike
0
 

Author Comment

by:angelo_r
ID: 33579585
One more thing, I am afraid not to make one of the new machines as a master DC... Is there a way to make it read only as this will be just a local DC? When I try to transfer roles it always ask me to transfer from my primary.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33579623
In AD there is no real "master"  you might be thinking of the FSMO roles.

There is something known as read only domain controllers but those are mainly used if physical security is a concern  (look for RODC in google/bing for a lot more info)

If you want to wait to make sure everything is ok then transfer the FSMO roles...that works too.

Thanks
Mike
0
 
LVL 51

Expert Comment

by:Netman66
ID: 33579799
As Mike has eluded to, you can use a new feature called Read Only Domain Controller, however I believe in your scenario it probably isn't what you require.

If you are replacing the original FSMO role holder, then you MUST transfer the roles to one of the new servers.

If you are simply adding additional DCs then there is no requirement to transfer roles.  AD will be "live" and writable on all DCs because they are now all peers - there is no such thing as PDC and BDC any longer.

0
 

Author Comment

by:angelo_r
ID: 33588543
I am almost there, the new 2008 is running along with the old 2003, I promoted it to DC and will transfer roles before I remove the old one. However, I noticed that when I go to NTDS Settings/Connection on the new machine it shows that it replicates from the old 03 DC and my main DC. Will that entry be remover automatically when I demote the old server so I replicate only from the primary DC? On the second field "Replicate To:"  I can see only my old 2003 DC - what will happen when I demote/remove that computer? Is there any way to edit these settings so I can properly set it to replicate from and to the primary DC only?
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 1000 total points
ID: 33588578
You can set up your connection obejects manually but right now all that is being done automatically by the KCC...I'd let that continue as is in this case.  Yes it will be removed (you will have to delete the box from sites and services as that is not done automatically in the demotion)
Thanks
Mike
0
 
LVL 51

Expert Comment

by:Netman66
ID: 33589073
Agreed. If the demotion of the old server is done cleanly, and without error then simply delete the old server object from within AD Sites and Services and the replication toplogy will be recalculated by KCC and you should be golden.

0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question