asked on
Move Domain users / machines and DHCP from old NT server to 2003 server
We have an old Windows NT server box that now has nothing on it except - it is the domain controller for one domain and it is the DHCP server for that network segment. I would like to move those 2 functions off of that box and decommission it.
I have a newer server that has 2003 Enterprise server installed and is in use for some other things. I would like to make that the primary domain controller and move all the users over (copy/ move so I do not have to recreate all the users and reestablish the trust relationships between machines). Ditto the DHCP, turn that option on and move all the current leases and reservations over.
Can this be done so I do not have to recreate or redo anything? If so, how?
Thanks
I have a newer server that has 2003 Enterprise server installed and is in use for some other things. I would like to make that the primary domain controller and move all the users over (copy/ move so I do not have to recreate all the users and reestablish the trust relationships between machines). Ditto the DHCP, turn that option on and move all the current leases and reservations over.
Can this be done so I do not have to recreate or redo anything? If so, how?
Thanks
Windows NetworkingWindows Server 2003DHCP
Last Comment
dlwynne
Might be this will help you for your part to move your DHCP Database from NT4.0 to Windows 2003
You can use ADMT for your User Migration
You can use the ADMT to migrate users, groups, and computers from one domain to another, and to analyze the migration impact before and after the actual migration process. Make sure that you run ADMT from the primary domain controller (PDC) that is the Flexible Single Master Operation (FSMO) role holder in the target domain.
http://www.petri.co.il/active_directory_migration_tool_usage_nt_windows_2003.htm
You can use the ADMT to migrate users, groups, and computers from one domain to another, and to analyze the migration impact before and after the actual migration process. Make sure that you run ADMT from the primary domain controller (PDC) that is the Flexible Single Master Operation (FSMO) role holder in the target domain.
http://www.petri.co.il/active_directory_migration_tool_usage_nt_windows_2003.htm
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
"As I understand it, you wish to keep the same domain so that you do not need to recreate all the trust relationships, etc"
Thanks, that is correct. I do not want to have to re-join or do anything else, just have the same domain now controlled by the newer 2003 server and the NT box is off. Ditto the DHCP.
I found this TechNet article, which looks similar to the DHCP link you posted;
http://technet.microsoft.com/en-us/library/cc781522.aspx
Thanks, that is correct. I do not want to have to re-join or do anything else, just have the same domain now controlled by the newer 2003 server and the NT box is off. Ditto the DHCP.
I found this TechNet article, which looks similar to the DHCP link you posted;
http://technet.microsoft.com/en-us/library/cc781522.aspx
Anything else I can do to help dlwynne?
ASKER
I am going to try it today or Tuesday, as soon as I put some new fires out. I will report back with my success or lack thereof :-)
Sounds good dlwynne. If you need any more help on this, I'll be around.
ASKER
I got the DHCP moved without a problem. I used the how to you linked to
http://support.microsoft.com/kb/325473/
I was trying to follow a similar how to for moving the domain
http://support.microsoft.com/kb/555549
But the very first link is bad
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/addomcon.mspx
Do you have a step by step guide of what I need to do?
From your reply it looks like I need to do this:
1) Make the new 2003 server a domain controller in the old domain (secondary controller) ?
2) Promote it to the primary controller which demotes the old NT box?
3) Remove the old NT box from the domain?
Somewhere along the way I need to run ADPREP and do some other steps?
Thanks
http://support.microsoft.com/kb/325473/
I was trying to follow a similar how to for moving the domain
http://support.microsoft.com/kb/555549
But the very first link is bad
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/addomcon.mspx
Do you have a step by step guide of what I need to do?
From your reply it looks like I need to do this:
1) Make the new 2003 server a domain controller in the old domain (secondary controller) ?
2) Promote it to the primary controller which demotes the old NT box?
3) Remove the old NT box from the domain?
Somewhere along the way I need to run ADPREP and do some other steps?
Thanks
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
You are absolutely right.
I was sure I'd migrated from NT 4 to 2003 before and kept the whole domain intact. Turns out I did perform that migration, but I was remembering the path wrong. There is a way to do it, but it requires two domain controllers. You will need an NT 4.0 PDC and BDC. If you have that requirement met, the you can run the upgrade path documented here:
http://www.networkclue.com/os/Windows/server/nt-2003-migration.aspx
Otherwise, you'll need to use the ADMT tool.
Sorry 'bout that.
I was sure I'd migrated from NT 4 to 2003 before and kept the whole domain intact. Turns out I did perform that migration, but I was remembering the path wrong. There is a way to do it, but it requires two domain controllers. You will need an NT 4.0 PDC and BDC. If you have that requirement met, the you can run the upgrade path documented here:
http://www.networkclue.com/os/Windows/server/nt-2003-migration.aspx
Otherwise, you'll need to use the ADMT tool.
Sorry 'bout that.
ASKER
Can I mix 2003 x64 and 2003 r2 32 bit domain controllers as primary and secondary (to do the update) ?
I have the test box on NT server as the PDC and need to upgrade it. The final, real PDC is running 2003 (non R2) 64 bit enterprise. I have a spare license of 2003 R2 32 bit I can use to upgrade the NT box. Is that OK? I can't anything online that says that you can't mix R2 and non-R2 2003 servers (or 64 and 32 bit) as primary and backup domain controllers on the same domain.
Thanks
I have the test box on NT server as the PDC and need to upgrade it. The final, real PDC is running 2003 (non R2) 64 bit enterprise. I have a spare license of 2003 R2 32 bit I can use to upgrade the NT box. Is that OK? I can't anything online that says that you can't mix R2 and non-R2 2003 servers (or 64 and 32 bit) as primary and backup domain controllers on the same domain.
Thanks
ASKER
I have the PDC moved to the 2003 server and the BDC is on the old NT box. I am getting a lot of errors on machines in the domain, like these:
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1053
Date: 9/23/2010
Time: 9:33:27 AM
User: NT AUTHORITY\SYSTEM
Computer: POWEREDGE
Description:
Windows cannot determine the user or computer name. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: SRMSVC
Event Category: None
Event ID: 12317
Date: 9/23/2010
Time: 8:55:21 AM
User: N/A
Computer: POWEREDGE
Description:
File Server Resource Manager failed to enumerate share paths or DFS paths. Mappings from local file paths to share and DFS paths may be incomplete or temporarily unavailable. FSRM will retry the operation at a later time.
Error-specific details:
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 50 4d 43 41 43 48 45 43 PMCACHEC
0008: 38 33 33 00 00 00 00 00 833.....
0010: 50 4d 43 41 43 48 45 43 PMCACHEC
0018: 37 33 38 00 00 00 00 00 738.....
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5790
Date: 9/23/2010
Time: 9:18:56 AM
User: N/A
Computer: POWEREDGE
Description:
No suitable Domain Controller is available for domain INFOLINK. An NT4 or older domain controller is available but it cannot be used for authentication purposes in the Windows 2000 or newer domain that this computer is a member of. The following error occurred:
There are currently no logon servers available to service the logon request.
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5790
Date: 9/23/2010
Time: 9:18:56 AM
User: N/A
Computer: POWEREDGE
Description:
No suitable Domain Controller is available for domain INFOLINK. An NT4 or older domain controller is available but it cannot be used for authentication purposes in the Windows 2000 or newer domain that this computer is a member of. The following error occurred:
There are currently no logon servers available to service the logon request.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 5e 00 00 c0 ^..À
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 9/23/2010
Time: 8:55:21 AM
User: N/A
Computer: POWEREDGE
Description:
The Security System detected an authentication error for the server cifs/EISWIN. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
(0xc000005e)".
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 5e 00 00 c0
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1053
Date: 9/23/2010
Time: 9:33:27 AM
User: NT AUTHORITY\SYSTEM
Computer: POWEREDGE
Description:
Windows cannot determine the user or computer name. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: SRMSVC
Event Category: None
Event ID: 12317
Date: 9/23/2010
Time: 8:55:21 AM
User: N/A
Computer: POWEREDGE
Description:
File Server Resource Manager failed to enumerate share paths or DFS paths. Mappings from local file paths to share and DFS paths may be incomplete or temporarily unavailable. FSRM will retry the operation at a later time.
Error-specific details:
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
Error: (0x80070005) Access is denied.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 50 4d 43 41 43 48 45 43 PMCACHEC
0008: 38 33 33 00 00 00 00 00 833.....
0010: 50 4d 43 41 43 48 45 43 PMCACHEC
0018: 37 33 38 00 00 00 00 00 738.....
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5790
Date: 9/23/2010
Time: 9:18:56 AM
User: N/A
Computer: POWEREDGE
Description:
No suitable Domain Controller is available for domain INFOLINK. An NT4 or older domain controller is available but it cannot be used for authentication purposes in the Windows 2000 or newer domain that this computer is a member of. The following error occurred:
There are currently no logon servers available to service the logon request.
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5790
Date: 9/23/2010
Time: 9:18:56 AM
User: N/A
Computer: POWEREDGE
Description:
No suitable Domain Controller is available for domain INFOLINK. An NT4 or older domain controller is available but it cannot be used for authentication purposes in the Windows 2000 or newer domain that this computer is a member of. The following error occurred:
There are currently no logon servers available to service the logon request.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 5e 00 00 c0 ^..À
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 9/23/2010
Time: 8:55:21 AM
User: N/A
Computer: POWEREDGE
Description:
The Security System detected an authentication error for the server cifs/EISWIN. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
(0xc000005e)".
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 5e 00 00 c0
Yes, you can mix architectures. AD doesn't care.
What forest and domain functional levels does the 2003 domain controller believe AD is currently set to?
ASKER
It shows the new name.domain.com I set up and under pre-Windows 2000 it shows the old domain name.
It does say Domain and Forrest functional levels are "Windows Server 2003 Interim"
Under users and computers it shows all the user and machine we had before and under domain controllers shows the new 2003 box and the old NT box.
Even though this machine and user (for example) are shown the even log has:
The session setup from the computer ADAMXP failed to authenticate. The name(s) of the account(s) referenced in the security database is ADAMXP$. The following error occurred:
Access is denied.
It does say Domain and Forrest functional levels are "Windows Server 2003 Interim"
Under users and computers it shows all the user and machine we had before and under domain controllers shows the new 2003 box and the old NT box.
Even though this machine and user (for example) are shown the even log has:
The session setup from the computer ADAMXP failed to authenticate. The name(s) of the account(s) referenced in the security database is ADAMXP$. The following error occurred:
Access is denied.
ASKER
OK, I think I have everything working now.
I had to remove the old NT box from the domain and upgrade the domain and forest to non-interim Windows Server 2003 and some other changes.
I had to remove the old NT box from the domain and upgrade the domain and forest to non-interim Windows Server 2003 and some other changes.
The tricky part is that you cannot move DHCP leases from the NT4.0 machine to the 2003 machine, but Windows does perform gratuitous ARP, and this should allow the 2003 machine to take over DHCP without too many IP conflicts occurring.
Let me know if you have any further questions.