Migrating from Win2003 AD to Win2008 AD

Network_Padawan
Network_Padawan used Ask the Experts™
on
Hi,

I am about to embark on a windows 2008 Server AD migration. We have a single Windows 2003 Server DC running on a 4 year old server with alot of crap on it and I want a clean, new design.

I want to buy a new server, install Windows 2008 Server and rebuild the current Win2003 DC as a secondary 2008 server and have the DFS shares on it on a newly designed partition.

Firstly, When I create the new windows 2008 server, are the FSMO server roles designed with 2003 still the same?

Do I just move the schema master, domain naming master, RID, and PDC and leave the infrastructure master on the old box as recommended by microsoft or is there a new way?

Also, in 2008, someone told me there is no more 1 Global catalog server, that there is no more Primary domain controller, that all Domain controllers perform the same functions, is this true?

Basically what are the migration steps to ensure a smooth migration across to windows 2008 AD?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
You will need to first run ADPREP to update the schema for 2008.

Then DCPromo the 2008 server.

If you are going to remove the old box you will need to transfer all FSMO roles over.
It sounds like you have a single domain forest so the IM really does not matter. But I would recommend that you make both GCs. I would also make the new server a DNS server and point all clients to both servers.

Are you running DHCP or any other service that will need moved over to the new server before rebuilding the old 2003 box?

STarting with windows server 2000 there was no PDC \ BDC.

Commented:
Here is a link to some Microsoft documentation to help.


http://technet.microsoft.com/en-us/library/cc771433(WS.10).aspx

Author

Commented:
Hi Ken,

Okay so I build the new server with win 2008 server, run dc promo, then use that CD on the windows 2003 Server and run ADPREP. Is that all, do I run domainprep and forestprep also?

because this is a windows 2008 64 bit, I need to run either ntdsutil or connect to the new GC DC via the windows 2003 server snap in and move all the roles?

I read that the IM should be on a seperate server:

"Note: The Infrastructure Master (IM) role should be held by a domain controller that is not a Global Catalog server (GC). If the Infrastructure Master runs on a Global Catalog server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because a Global Catalog server holds a partial replica of every object in the forest. As a result, cross-domain object references in that domain will not be updated and a warning to that effect will be logged on that DC's event log. If all the domain controllers in a domain also host the global catalog, all the domain controllers have the current data, and it is not important which domain controller holds the infrastructure master role."

How do i get all the AD users, sites etc settings migrated across? Do I need to join the new DC to the domain first and it will inherit those settings?

Once this is done, I am then free to rebuild current server or is there anything else to be done once I point all DNS references to the new server.
Should you be charging more for IT Services?

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Commented:
Use the version of ADPrep from the 2008 CD.
There is a 32-bit version on the cd
adprep /forestprep
adprep /domainprep

Since this is just an additional DC all the AD information will be there.


Here is a link that explains the IM

http://msmvps.com/blogs/acefekay/archive/2010/10/01/global-catalog-and-fsmo-infrastructure-master-relationship.aspx

Commented:
And here is a link to Microsoft that has the exceptions

http://support.microsoft.com/kb/223346


Single domain forest:

In a forest that contains a single Active Directory domain, there are no phantoms, and so the infrastructure master has no work to do. The infrastructure master may be placed on any domain controller in the domain, regardless of whether that domain controller hosts the global catalog or not.
Multidomain forest where every domain controller in a domain holds the global catalog:

If every domain controller in a domain that is part of a multidomain forest also hosts the global catalog, there are no phantoms or work for the infrastructure master to do. The infrastructure master may be put on any domain controller in that domain.

Author

Commented:
Ok great thanks. Lastly, Ive read that every DC should be made a GC server. Is this correct?

Commented:
Yes, I would make every DC a GC.

Commented:
Typically you only need one GC per site. Not every DC needs to be a GC server.

Author

Commented:
Hi yndras,

Your right but Ive read from MS techs that making them a DC is best policy from a technical point of view, not a theoretical POV.

Author

Commented:
Sorry, making the a GC is best policy....
Commented:


It is recommended in most cases to make all your DCs GCs. There are only a few exceptions and neither apply here becuase the servers are in the same site and it is a single domain forest. So I would still recomend to keep all the DCs GCs. And since there are only 2 servers I would want both to be GCs for redundancy.


http://technet.microsoft.com/en-us/library/cc732877%28WS.10%29.aspx

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial