Solved

Migrate Windows 2003 Server DC to Windows 2008 R2

Posted on 2011-02-16
8
1,237 Views
Last Modified: 2012-05-11
Hello,  I have two servers and have a very difficult time migrating a 2003 server to the 2008 server.

Senario:  Old 2003 Server that provides DNS, Active Directory, etc.. no DHCP services
New 2008 R2 Server x64 that I setup to have DNS, Active Directory, etc.  and it has two network cards.

I had attempted to migrate without success.  My 2003 server is beggining to have hardware failures.  I am willing to remove all services from the 2008 server and "start over".  Although it now hosts SQL 2000, printer services and user home directories.

What can I do to start over and have a high chance of success?

Also note while I was trying to fix this earliler, several techs indicated that I should only have one network card active on a DC.  I am good with this as long as I remove it after I remove all the required services from the new server.  My latest experience is that I had a lot of trouble when I disabled one NIC card, once I enabled it alot of problems were solved.

Thanks
0
Comment
Question by:tucktech
8 Comments
 
LVL 9

Accepted Solution

by:
Chev_PCN earned 200 total points
ID: 34913473
Hi Tuck.
Your best option would be to build your 2008 R2 DC as a brand new, THIRD DC, and then decommission your faulty 2003 box.
It's generally recommended not to have DC's (Specifically DNS servers) with 2 NICs as this could introduce DNS issues.
I appreciate that there are often budget constraints, especially with small businesses, but it's an industry standard to DEDICATE your AD servers to AD, and have nothing except core MS services running on them. Having SQL, print services and user home directories on your AD server presents a number of security risks, apart from putting your organisation at risk with a critical SPOF (Single Point Of Failure) machine.
I would definitely recommend putting your DC on its own dedicated hardware. Although it's not ideal and a server is first prize, if you have a small environment, then even think of using a good reliable desktop PC for your dedicated DC.
0
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 200 total points
ID: 34913672
Hi,

check this post which I've answered recently. Steps are the same except DNS sever (that's not necessary)
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_26827687.html

Regards,
Krzysztof
0
 

Assisted Solution

by:Lord_Austin_Powers
Lord_Austin_Powers earned 100 total points
ID: 34914600
hello tuck

1e..Create the new DC windows2008 server R2
2e, be sure your Win2003server be in the SP2 version with all Windows Update security
3e On your win2008server authorize on the firewall , all network access inside your domain DON'T STOP THE WIN2008 FIREWALL because it'll stopped all network connections services
4e On the Windows2003 server, with replmon, try to find all success or error replication between Win2003 and Win2008
5e On the Win2008 , use Ntdsutil to migrate all FSMO rules. SO becarefull , don't active NAP activity.
6e On your DHCP Win2003 , Export all information and copy in the win2008 folder
7e On your DHCP Win2008 , import dhcp Bdb
8e On you DHCP configuration change and force all modification from your new DNS server

I hope you find all helping information

Best regard

(Sorry for my french english)
0
 

Author Comment

by:tucktech
ID: 34926523
Hello Chev PCN,  please respond if I understand correctly..   (Othere feel free to chime in).

1. Any AD server should not have printer services, SQL Services and Home User Data.
2. I should at least have two AD / DNS servers

IF I can only have one AD/DNS server, should I put AD or DNS on the application server, understanding it poses security risks, to reduce the SPOF?

Are there alternatives to putting AD / DNS services on other equipment such as network device or linux, etc.. that might be lower cost?  Ideally I want to keep things SIMPLE and SECURE at a low cost.  Not sure I can have all three....

0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 9

Expert Comment

by:Chev_PCN
ID: 34940871
Hi Tuck.
The basic principle is to isolate AD & all the core Windows domain services on their own server.
This is not always practical, and each individual situation needs to ahve the business needs taken into account.
If you have a very small business, and limited budget, then you might just have to make do.
Some considerations for your planning.
1) Having AD / DNS / etc on only one server means that your reliability can be compromised - one server goes down and all your core services disappear.
Having 2 AD servers is ALWAYS recommended.
2) Having AD, SQL, file sharing, and printing etc on a single server means that your costs are reduced, the complexity is (slightly) reduced, but you are introducing security and stability risks.

It's a balance, and a choice that you have to make. I would suggest talking to business and explaining the trade-offs to them.
Again, using a PC to host a standalone DC would be a good option for a severely restricted budget.
0
 

Author Comment

by:tucktech
ID: 34972687
Thanks Chev PCN:  Having said that I have put together cost for a new server as the cost appears to be Windows Server not the hardware.  In addition I have fixed the 2003 server.  Is it a problem to have a 2003 AD/NDS server and a 2008 AD/DNS server?
0
 
LVL 9

Expert Comment

by:Chev_PCN
ID: 34977325
You can have 2003 and 2008 in the same environment - it's not a problem, although you will have to do all your advanced admin on the 2008 server as some features will not be present in 2003.
This applies particularly to GP.
0
 

Author Closing Comment

by:tucktech
ID: 35038531
I have fixed the 2003 server and have made it the only DNS/AD system.  Yes, this is the single point of failure but it has resolved alot of issues.  Thanks for the recommendations and information.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now