• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1250
  • Last Modified:

Migrate Windows 2003 Server DC to Windows 2008 R2

Hello,  I have two servers and have a very difficult time migrating a 2003 server to the 2008 server.

Senario:  Old 2003 Server that provides DNS, Active Directory, etc.. no DHCP services
New 2008 R2 Server x64 that I setup to have DNS, Active Directory, etc.  and it has two network cards.

I had attempted to migrate without success.  My 2003 server is beggining to have hardware failures.  I am willing to remove all services from the 2008 server and "start over".  Although it now hosts SQL 2000, printer services and user home directories.

What can I do to start over and have a high chance of success?

Also note while I was trying to fix this earliler, several techs indicated that I should only have one network card active on a DC.  I am good with this as long as I remove it after I remove all the required services from the new server.  My latest experience is that I had a lot of trouble when I disabled one NIC card, once I enabled it alot of problems were solved.

3 Solutions
Hi Tuck.
Your best option would be to build your 2008 R2 DC as a brand new, THIRD DC, and then decommission your faulty 2003 box.
It's generally recommended not to have DC's (Specifically DNS servers) with 2 NICs as this could introduce DNS issues.
I appreciate that there are often budget constraints, especially with small businesses, but it's an industry standard to DEDICATE your AD servers to AD, and have nothing except core MS services running on them. Having SQL, print services and user home directories on your AD server presents a number of security risks, apart from putting your organisation at risk with a critical SPOF (Single Point Of Failure) machine.
I would definitely recommend putting your DC on its own dedicated hardware. Although it's not ideal and a server is first prize, if you have a small environment, then even think of using a good reliable desktop PC for your dedicated DC.
Krzysztof PytkoSenior Active Directory EngineerCommented:

check this post which I've answered recently. Steps are the same except DNS sever (that's not necessary)

hello tuck

1e..Create the new DC windows2008 server R2
2e, be sure your Win2003server be in the SP2 version with all Windows Update security
3e On your win2008server authorize on the firewall , all network access inside your domain DON'T STOP THE WIN2008 FIREWALL because it'll stopped all network connections services
4e On the Windows2003 server, with replmon, try to find all success or error replication between Win2003 and Win2008
5e On the Win2008 , use Ntdsutil to migrate all FSMO rules. SO becarefull , don't active NAP activity.
6e On your DHCP Win2003 , Export all information and copy in the win2008 folder
7e On your DHCP Win2008 , import dhcp Bdb
8e On you DHCP configuration change and force all modification from your new DNS server

I hope you find all helping information

Best regard

(Sorry for my french english)
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

tucktechAuthor Commented:
Hello Chev PCN,  please respond if I understand correctly..   (Othere feel free to chime in).

1. Any AD server should not have printer services, SQL Services and Home User Data.
2. I should at least have two AD / DNS servers

IF I can only have one AD/DNS server, should I put AD or DNS on the application server, understanding it poses security risks, to reduce the SPOF?

Are there alternatives to putting AD / DNS services on other equipment such as network device or linux, etc.. that might be lower cost?  Ideally I want to keep things SIMPLE and SECURE at a low cost.  Not sure I can have all three....

Hi Tuck.
The basic principle is to isolate AD & all the core Windows domain services on their own server.
This is not always practical, and each individual situation needs to ahve the business needs taken into account.
If you have a very small business, and limited budget, then you might just have to make do.
Some considerations for your planning.
1) Having AD / DNS / etc on only one server means that your reliability can be compromised - one server goes down and all your core services disappear.
Having 2 AD servers is ALWAYS recommended.
2) Having AD, SQL, file sharing, and printing etc on a single server means that your costs are reduced, the complexity is (slightly) reduced, but you are introducing security and stability risks.

It's a balance, and a choice that you have to make. I would suggest talking to business and explaining the trade-offs to them.
Again, using a PC to host a standalone DC would be a good option for a severely restricted budget.
tucktechAuthor Commented:
Thanks Chev PCN:  Having said that I have put together cost for a new server as the cost appears to be Windows Server not the hardware.  In addition I have fixed the 2003 server.  Is it a problem to have a 2003 AD/NDS server and a 2008 AD/DNS server?
You can have 2003 and 2008 in the same environment - it's not a problem, although you will have to do all your advanced admin on the 2008 server as some features will not be present in 2003.
This applies particularly to GP.
tucktechAuthor Commented:
I have fixed the 2003 server and have made it the only DNS/AD system.  Yes, this is the single point of failure but it has resolved alot of issues.  Thanks for the recommendations and information.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now