What is the best way to re assign users file/folder permissions and mapped drives to new DC/fileserver?


Im working on a big project.

Current Environment
fileserver.rapa.local (Old backup DC - win2k3)
FILESERVER2.rapa.local (New DC - win2k8 R2 Enterprise)
Starvasc.rapa.local (Child domain of rapa.local - win2k3)

All Forest/domain functioning levels are 2003.

I'm currently moving into a Virtual Infrustructor which is setup like this:
VM#1 vCenter
VM#2 AD, DNS, DHCP (note: Dhcp is only for my headquarters)
VM#3 New Fileserver

I have other ESX/i servers and VMs, but i'll leave them out for this discussion.

I have successfully launch all ESX/i HOST servers and VMs. My goal is to have one of my VMs running win2k8 R2 Enterprise as a primary DC with secondary DC being my old win2k3 server. I also want to transfer all my data from Fileserver to new VM#3 Fileserver without  losing all permissions and connection to FS ip address.

What I did in the beginning of this project

I ran commands (adprep32 /forestprep,adprep32 /domainprep /gpprep and adprep /rodcprep)  on our old box (win2k3) to prepare old domain's schema for the new server's OS with new features physical servers.


I join my new VM server, which is going to be new DC to the domain and began the DCPROMO cmd.

I selected Existing Forest

Name of domain in the forest where you plan to install this domain - I seleted rapa.local

Specified the account credentials to use to perform the install -
My current logged on credentials

I got to the part where I select DNS and global catalog and hit next. What happen is that I got the next screen which provided addtional information stating:

There is currently 1 DNS server that is registered as an authoritative name server for this domain.

A domain controller running Windows Server 2008 or Windows Server 2008 R2 could not be located in this domain. To install a read-only domain controller, the domain must have a domain controller running Windows Server 2008 or Windows Server 2008 R2.

I hit next as RODC is not in the plans.

I got a popup stating:
A delegation for this DNS cannot be created because the authoritative parent zone cannot be found or it does not run Windows DNS server. If you are intergrating with an existing DNS infrustructure, you should manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain "rapa.local" Otherwise, no action is required.

This server will be the primary DC once I get it up and running. The old server will be a backup/second DC.


I transferred all FSMO by following this link


I have not transferred my DHCP yet. I'm waiting until my practice can go down for a few minutes.

I'm trying to figure out how I can test my new domain controller and see if it's all working up to this point? I would not like to find out any issues once I transferred DHCP and fully commit this server. I'm also trying to put a plan together on how I'm going to remap all useres to new fileserver's ip address once I transfer all data to new Fileserve and how do I transfer over all the permissions that were assigned to old Fileserver share data directory?

How can I accomplish these task the most safe and effient way that will save me time?

Jaime CamposAsked:
Who is Participating?
Darius GhassemConnect With a Mentor Commented:
First you would run dcdiag after making server a DC to check for any issues.

You can then use Robocopy to move files with permissions to new server.

The best test is dcdiag to check for any errors. Once you have new DC with Global Catalog and FSMO roles.
Jaime CamposAuthor Commented:
ok. I downloaded the resource kit, how do I move my data from my Server 2003 DC1 to my server 2008 ESX host 1 with VM3 (fileserver)?

 Data on win2k3
DonConnect With a Mentor Network AdministratorCommented:
You can use a Robocopy GUI to make it easier than trying to figure out the command line switches

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Jaime CamposAuthor Commented:
DonConnect With a Mentor Network AdministratorCommented:
Robocopy most likely would be less complicated
Jaime CamposAuthor Commented:
Will robocopy transfer over all shared folder/file permissions? Once I move all my data to my new Fileserver (VM), can I just change the ip address on New fileserver to what I had assign to old fileserver, so all my users mapped drives will be saved?
DonConnect With a Mentor Network AdministratorCommented:

"Microsoft Robocopy is an advanced copy tool with features like automatic resume of file transfer on error or during network disruption, recover from terminated file copying, selective copying based on new or updated criteria. Robocopy can also keep intact all the file properties including date and time, security access control lists (ACLs) and more while copying the file."
Darius GhassemCommented:
You can change the IP address. Is this a Domain Controller as well?
Darius GhassemConnect With a Mentor Commented:
Since this is a domain controller you would have to run ipconfig /flushdns, ipconfig /registerdns, and dcdiag /fix after to change password of DC. If you are going to change name of DC there are extra steps

Jaime CamposAuthor Commented:
So changing the IP address on my new DC (win2k8) to be my old DC IP address (win2k3) will be ok?

I don't have to do anything else but just change the IP Address? Note: I will still have old DC in production as a backup.

I don't see why I need to change computer name.

dcdiag /fix after to change password of DC <---- I didnt understand why I would need to change password or if you meant IP Address?


Darius GhassemCommented:
dcdiag /fix doesn't change password it updates all DNS records. Sorry this was a mistype

If you are running your shares by name then you would need to change the name.

If you have the old DC is production then make sure you have all DNS records removed off that DC and run the same commands after changing IP address.
Jaime CamposAuthor Commented:
Is this a typical solution or is there a better way to remap all users to the fileserver shares. I'm looking for a safe solution. What would you do?
Darius GhassemCommented:
Depends on programs that rely on the network drive. Usually I just remap the users to the new share drive with a login script.

If the name is required and IP address then I change the IP address and name of the server once data is moved over.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.