[Last Call] Learn how to a build a cloud-first strategyRegister Now


Windows 2000 to Windows 2003 migration-Files and apps on DC

Posted on 2011-04-29
Medium Priority
Last Modified: 2012-05-11
We have recently aquired another organization and we are in the process of upgrading their domain from Windows 2000 to Windows 2003, so we can eventually move them to our domain.  The problem that I am experiencing is that the two Domain Controllers are also DNS, DHCP, application servers, and fileservers.  The organization is also a 24 hour shop that accesses critical data from the DC's, so they cannot be shut down.  I am trying to find a way that I can upgrade the domain and check the schema upgrade before replicating it to the two DC's that hold apps, data etc.  In addition to the fact that they hold other roles then just the DC roles, there are two DHCP zones.  One zone on each DC. I am planning to:
Create an additional Windows 2000 DC that has been patched to SP4, and enable schema upgrade.
Add the DHCP roles for both zones to the new Win 2000 server. (this would be a temporary solution)
Create a secondary DNS on the 2000 DC and replicate the DNS information to all of the clients. (If I remember correctly, this can be done via the DHCP server, correct?)
Move the FSMO to the new Win 2000 server.
Check replication, and event logs for any issues.
Disable outbound replication on the DC where the upgrade will be performed. (How long can replication be disabled before the DC is no longer recognized, or is this an issue since inbound replication is still allowed?)
Run adprep /forest and ad prep /domain on the new 2000 DC.
Check logs for any issues in logs.
Turn outbound replication on.  Are there any additional steps I should take, or are there any other ideas about the best way to do this upgrade?
Question by:ExpertAssist
  • 2
  • 2
LVL 57

Accepted Solution

Mike Kline earned 2000 total points
ID: 35494126
You would really have to test it in the lab.  Trying to isolate the schema master is not really supported

To answer some questions

1.  When you install DNS on your new 2000 DC DNS will automatically replicate to it (AD integrated)
2.  Replication can be disabled up to the tombstone lifetime (60 days in a 2000 domain)


Is there a way to isolate a DC in order to do an AD Schema upgrade? I cannot find any documentation on how to do this.




Author Closing Comment

ID: 35494920
Thank you Mike.  This is helpful information. I am reading the Forest Recovery doc now. I think I may steer away from turning off replication.  If I can't find a better solution, I will definitely test in the test environment.
LVL 57

Expert Comment

by:Mike Kline
ID: 35494936
Good work getting them off Windows 2000.. Microsoft doesn't even support that anymore

Author Comment

ID: 35494976
Yes, it has been a challenge.  I will be glad when this project has been completed and they have been migrated to our forest. Thanks for your help.

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question