Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Migrate Windows 2003 Server DC to Windows 2008 R2

Posted on 2011-02-16
8
Medium Priority
?
1,246 Views
Last Modified: 2012-05-11
Hello,  I have two servers and have a very difficult time migrating a 2003 server to the 2008 server.

Senario:  Old 2003 Server that provides DNS, Active Directory, etc.. no DHCP services
New 2008 R2 Server x64 that I setup to have DNS, Active Directory, etc.  and it has two network cards.

I had attempted to migrate without success.  My 2003 server is beggining to have hardware failures.  I am willing to remove all services from the 2008 server and "start over".  Although it now hosts SQL 2000, printer services and user home directories.

What can I do to start over and have a high chance of success?

Also note while I was trying to fix this earliler, several techs indicated that I should only have one network card active on a DC.  I am good with this as long as I remove it after I remove all the required services from the new server.  My latest experience is that I had a lot of trouble when I disabled one NIC card, once I enabled it alot of problems were solved.

Thanks
0
Comment
Question by:tucktech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 9

Accepted Solution

by:
Chev_PCN earned 600 total points
ID: 34913473
Hi Tuck.
Your best option would be to build your 2008 R2 DC as a brand new, THIRD DC, and then decommission your faulty 2003 box.
It's generally recommended not to have DC's (Specifically DNS servers) with 2 NICs as this could introduce DNS issues.
I appreciate that there are often budget constraints, especially with small businesses, but it's an industry standard to DEDICATE your AD servers to AD, and have nothing except core MS services running on them. Having SQL, print services and user home directories on your AD server presents a number of security risks, apart from putting your organisation at risk with a critical SPOF (Single Point Of Failure) machine.
I would definitely recommend putting your DC on its own dedicated hardware. Although it's not ideal and a server is first prize, if you have a small environment, then even think of using a good reliable desktop PC for your dedicated DC.
0
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 600 total points
ID: 34913672
Hi,

check this post which I've answered recently. Steps are the same except DNS sever (that's not necessary)
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_26827687.html

Regards,
Krzysztof
0
 

Assisted Solution

by:Lord_Austin_Powers
Lord_Austin_Powers earned 300 total points
ID: 34914600
hello tuck

1e..Create the new DC windows2008 server R2
2e, be sure your Win2003server be in the SP2 version with all Windows Update security
3e On your win2008server authorize on the firewall , all network access inside your domain DON'T STOP THE WIN2008 FIREWALL because it'll stopped all network connections services
4e On the Windows2003 server, with replmon, try to find all success or error replication between Win2003 and Win2008
5e On the Win2008 , use Ntdsutil to migrate all FSMO rules. SO becarefull , don't active NAP activity.
6e On your DHCP Win2003 , Export all information and copy in the win2008 folder
7e On your DHCP Win2008 , import dhcp Bdb
8e On you DHCP configuration change and force all modification from your new DNS server

I hope you find all helping information

Best regard

(Sorry for my french english)
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:tucktech
ID: 34926523
Hello Chev PCN,  please respond if I understand correctly..   (Othere feel free to chime in).

1. Any AD server should not have printer services, SQL Services and Home User Data.
2. I should at least have two AD / DNS servers

IF I can only have one AD/DNS server, should I put AD or DNS on the application server, understanding it poses security risks, to reduce the SPOF?

Are there alternatives to putting AD / DNS services on other equipment such as network device or linux, etc.. that might be lower cost?  Ideally I want to keep things SIMPLE and SECURE at a low cost.  Not sure I can have all three....

0
 
LVL 9

Expert Comment

by:Chev_PCN
ID: 34940871
Hi Tuck.
The basic principle is to isolate AD & all the core Windows domain services on their own server.
This is not always practical, and each individual situation needs to ahve the business needs taken into account.
If you have a very small business, and limited budget, then you might just have to make do.
Some considerations for your planning.
1) Having AD / DNS / etc on only one server means that your reliability can be compromised - one server goes down and all your core services disappear.
Having 2 AD servers is ALWAYS recommended.
2) Having AD, SQL, file sharing, and printing etc on a single server means that your costs are reduced, the complexity is (slightly) reduced, but you are introducing security and stability risks.

It's a balance, and a choice that you have to make. I would suggest talking to business and explaining the trade-offs to them.
Again, using a PC to host a standalone DC would be a good option for a severely restricted budget.
0
 

Author Comment

by:tucktech
ID: 34972687
Thanks Chev PCN:  Having said that I have put together cost for a new server as the cost appears to be Windows Server not the hardware.  In addition I have fixed the 2003 server.  Is it a problem to have a 2003 AD/NDS server and a 2008 AD/DNS server?
0
 
LVL 9

Expert Comment

by:Chev_PCN
ID: 34977325
You can have 2003 and 2008 in the same environment - it's not a problem, although you will have to do all your advanced admin on the 2008 server as some features will not be present in 2003.
This applies particularly to GP.
0
 

Author Closing Comment

by:tucktech
ID: 35038531
I have fixed the 2003 server and have made it the only DNS/AD system.  Yes, this is the single point of failure but it has resolved alot of issues.  Thanks for the recommendations and information.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question