Solved

Windows Server 2008 take domain control

Posted on 2010-11-13
12
496 Views
Last Modified: 2012-05-10
Replacing a windows 2003 standard domain controller with a windows 2008 server that I stood up and made it a member of the domain. Gave it the active directory users role and it has replicated the users/computers. I'm moving the sharepoint services. The only thing left on the windows 2003 server are network policies which we are not concerned with enforcing. What is the easiest way to make the 2008 the domain controller ? Can I just go in to the active directory and promote it? Does this have to be done from the 2008 box or the 2003 box?
0
Comment
Question by:sraley
  • 9
  • 3
12 Comments
 
LVL 58

Expert Comment

by:tigermatt
ID: 34128329

It sounds like you've installed the Remote Server Administration Tools (RSAT) on the new 2008 box. This means you can see the Active Directory Users and Computers tool, but it is only accessing data from the 2003 DC; the users etc haven't been replicated to the server.

To promote the server as a DC, just go to Start > Run > dcpromo and answer LOGICALLY the questions that follow. You'll want to make sure the server is a new DC in an existing domain. Make sure you check the box to make it a Global Catalog and install DNS.

You can then transfer the FSMO roles to the new DC: http://support.microsoft.com/kb/324801.

Update DHCP so the DNS server IP pushed out is the IP of the new DC.

Finally, once everything is migrated, you can demote the old server by running dcpromo on it.

NOTE: To the best of my knowledge it is not supported to run dcpromo on any server when SQL Server is installed. (Unless you have a separate SQL Server, it will be installed for Sharepoint functionality) You will therefore need to ensure SQL Server is uninstalled BEFORE demoting the old server. If you've already installed it on the new server, I wouldn't run the risk of dcpromo'ing it, but rather migrate things back, uninstall SQL Server, dcpromo then start again.

Matt
0
 

Author Comment

by:sraley
ID: 34128915
so do the dcpromo first before I install sharepoint services and move that site to the new server?
0
 

Author Comment

by:sraley
ID: 34128925
there actually appears to be one policy that I need to move over that doesn't appear to be functioning the way I thought it was written ( I just took over this job). When a user logs off desktop, documents are sync'd with the server but it appears they are actually working from the server since we had an issue with a user login and her desktop and my documents folder was empty, for some reason it didn't map her two network drives required. When manually mapping desktop icons and my documents were replenished with icons. So I don;t know why it goes through this sync routine when the machine is shutdown or a log off happens. Is there an easy way to export or copy this policy to the new box? I think if I do the dcpromo and shut off the old box everyones desktop and docs will be empty.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 34129153

The policy you refer to is most likely a Folder Redirection policy. This is a common Group Policy on a network (and is a best practise). It causes users to work directly off the server as you suggest.

Enabling Folder Redirection will automatically cause the machines to sync at logon/logoff - this is so data is available for the user when offline (such as on a laptop).

If the redirected folder data is actually stored on the old server and if you intend to eventually unplug that server from the network, you'll need to ensure it is moved to the new server and the policy updated to the new server name. Otherwise, users will lose their data and their Documents / Desktops and whatever other folders are redirected will attept to talk to the old (non-existent) server.

If you will be keeping the old server then if I were you, don't demote it. You would be better off having two Domain Controllers on the network so that if one goes down hard, users will still be able to log in and do basic functions and browse the Internet.

You will need to promote the new server before installing Sharepoint. The promotion/demotion process will cause all the users, groups, policies etc to be replicated to the new box which is the easiest route to migrate AD.

Migrate FSMO roles and complete the other steps I described above, move Sharepoint, then demote the old box.

This is the standard route for migrating a Domain Controller.

Does Exchange run on the old server too? If so, the same applies as SQL Server - you can't demote/promote a server while Exchange is installed, as this breaks Exchange.

Any issues, let me know.

Matt
0
 

Author Comment

by:sraley
ID: 34129196
exchange is a separate server. Do I have to uninstall sharepoint on the old server before I start this dcpromo process?
0
 

Author Comment

by:sraley
ID: 34380257
i have to fix the mail server, it seems I can install sharepoint and move things but it continually fills the c drive for some reason even though I told it to install on d.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:sraley
ID: 34627848
okay the old server crashed and when I run 2008 dcpromo it wants to delete the domain for some reason and I don't need this. It has all the AD accounts and things but exchange won't talk to it, like exchange server is looking for the other server.
When I run dcpromo and try to promote the 2008 box it tells me its a global catalog server and that it wants to remove active directory domain services.
So what do I run to make this server the master server for the domain now?
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 34633300

Which server crashed?

The 2003 DC or the 2008 one?

dcpromo is the tool used to promote/demote a particular server as a Domain Controller. You don't want to run this on your healthy DC; if the other one went down hard, the remaining DC is the only one with all your Active Directory data.

If you can recover the other server, I would recommend you do so. The process which follows is not one I particularly like to complete (perfectly routine in these circumstances, but it's cleaner to get the old server working again).

If you can't get the old box working, you need to run what is called a metadata cleanup to remove references to the failed DC from Active Directory.

See here for the steps: http://technet.microsoft.com/en-us/library/cc736378%28WS.10%29.aspx.

You need to run the process on your working DC, but make sure you are cleaning up the name of the broken DC.

If you hadn't transferred the FSMO roles per one of my earlier comments before the server failed, you'll also need to seize those roles over to the remaining DC. See http://www.petri.co.il/seizing_fsmo_roles.htm.

If I've misunderstood, please let me know before doing anything!

-Matt
0
 

Author Comment

by:sraley
ID: 34634543
I found an article and got 2008 to seize control the problem I have is there is another domain controller running exchange and now its AD says it cannot find server so I'm not sure how to change where its looking for when FSMO on the 2008 machine says it has the 5 roles and is global catalog.
0
 

Author Comment

by:sraley
ID: 34637969
I need help now because my other DC that runs exchange will not talk to the new master /GC that I seized roles for. I've been cleaning DNS. the mail server doesn't shwo the sysvol shares in net shares, it will bring up ad users/computers but dsssite gives ad logon account error. I see ldap errors that the account was denied in event viewer so exchange tells me it can't find a server in the domain since the requests are rejected and I can't find any technet article to help me move forward.
0
 

Accepted Solution

by:
sraley earned 0 total points
ID: 34710379
this is fixed
0
 

Author Closing Comment

by:sraley
ID: 34759105
Solution was found from other threads that were entered by myself and answered by others that correct the problems since this problem was linked to others.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now