Migrate Windows 2003 Server DC to Windows 2008 R2

Hello,  I have two servers and have a very difficult time migrating a 2003 server to the 2008 server.

Senario:  Old 2003 Server that provides DNS, Active Directory, etc.. no DHCP services
New 2008 R2 Server x64 that I setup to have DNS, Active Directory, etc.  and it has two network cards.

I had attempted to migrate without success.  My 2003 server is beggining to have hardware failures.  I am willing to remove all services from the 2008 server and "start over".  Although it now hosts SQL 2000, printer services and user home directories.

What can I do to start over and have a high chance of success?

Also note while I was trying to fix this earliler, several techs indicated that I should only have one network card active on a DC.  I am good with this as long as I remove it after I remove all the required services from the new server.  My latest experience is that I had a lot of trouble when I disabled one NIC card, once I enabled it alot of problems were solved.

Thanks
tucktechAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chev_PCNCommented:
Hi Tuck.
Your best option would be to build your 2008 R2 DC as a brand new, THIRD DC, and then decommission your faulty 2003 box.
It's generally recommended not to have DC's (Specifically DNS servers) with 2 NICs as this could introduce DNS issues.
I appreciate that there are often budget constraints, especially with small businesses, but it's an industry standard to DEDICATE your AD servers to AD, and have nothing except core MS services running on them. Having SQL, print services and user home directories on your AD server presents a number of security risks, apart from putting your organisation at risk with a critical SPOF (Single Point Of Failure) machine.
I would definitely recommend putting your DC on its own dedicated hardware. Although it's not ideal and a server is first prize, if you have a small environment, then even think of using a good reliable desktop PC for your dedicated DC.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Krzysztof PytkoSenior Active Directory EngineerCommented:
Hi,

check this post which I've answered recently. Steps are the same except DNS sever (that's not necessary)
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_26827687.html

Regards,
Krzysztof
0
Lord_Austin_PowersCommented:
hello tuck

1e..Create the new DC windows2008 server R2
2e, be sure your Win2003server be in the SP2 version with all Windows Update security
3e On your win2008server authorize on the firewall , all network access inside your domain DON'T STOP THE WIN2008 FIREWALL because it'll stopped all network connections services
4e On the Windows2003 server, with replmon, try to find all success or error replication between Win2003 and Win2008
5e On the Win2008 , use Ntdsutil to migrate all FSMO rules. SO becarefull , don't active NAP activity.
6e On your DHCP Win2003 , Export all information and copy in the win2008 folder
7e On your DHCP Win2008 , import dhcp Bdb
8e On you DHCP configuration change and force all modification from your new DNS server

I hope you find all helping information

Best regard

(Sorry for my french english)
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

tucktechAuthor Commented:
Hello Chev PCN,  please respond if I understand correctly..   (Othere feel free to chime in).

1. Any AD server should not have printer services, SQL Services and Home User Data.
2. I should at least have two AD / DNS servers

IF I can only have one AD/DNS server, should I put AD or DNS on the application server, understanding it poses security risks, to reduce the SPOF?

Are there alternatives to putting AD / DNS services on other equipment such as network device or linux, etc.. that might be lower cost?  Ideally I want to keep things SIMPLE and SECURE at a low cost.  Not sure I can have all three....

0
Chev_PCNCommented:
Hi Tuck.
The basic principle is to isolate AD & all the core Windows domain services on their own server.
This is not always practical, and each individual situation needs to ahve the business needs taken into account.
If you have a very small business, and limited budget, then you might just have to make do.
Some considerations for your planning.
1) Having AD / DNS / etc on only one server means that your reliability can be compromised - one server goes down and all your core services disappear.
Having 2 AD servers is ALWAYS recommended.
2) Having AD, SQL, file sharing, and printing etc on a single server means that your costs are reduced, the complexity is (slightly) reduced, but you are introducing security and stability risks.

It's a balance, and a choice that you have to make. I would suggest talking to business and explaining the trade-offs to them.
Again, using a PC to host a standalone DC would be a good option for a severely restricted budget.
0
tucktechAuthor Commented:
Thanks Chev PCN:  Having said that I have put together cost for a new server as the cost appears to be Windows Server not the hardware.  In addition I have fixed the 2003 server.  Is it a problem to have a 2003 AD/NDS server and a 2008 AD/DNS server?
0
Chev_PCNCommented:
You can have 2003 and 2008 in the same environment - it's not a problem, although you will have to do all your advanced admin on the 2008 server as some features will not be present in 2003.
This applies particularly to GP.
0
tucktechAuthor Commented:
I have fixed the 2003 server and have made it the only DNS/AD system.  Yes, this is the single point of failure but it has resolved alot of issues.  Thanks for the recommendations and information.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.