adding a 2008 server domain controller to an existing 2003 server domain

natevelli
natevelli used Ask the Experts™
on
I currently have a network with a single domain controller with no backup. I just purchased a new server with 2008 server installed. I am in the process of eventually getting rid of the 2003 server and running the network with the 2008 server and another server on 2008. I am trying to run dcpromo on the 2008 server to capture all the active directory setting on the 2003 server before docommissioning. When running DCPROMO i get an error message saying I need ot run adprep /forest befor running. When I try running adprep on the server it errors with adprep cannot run on this platform because it is not an active domain controller. After researching that I was told I need to run the adprep on my current active domain controller (2003 server) So I tried running the same program on my current active domain controller and get the following error message; "adprep was unable to extend the schema. The schema master did not complete a replication cycle after the last  the schema master must complete at least one replication cycle before the schema can be extended. "

My big question is that if right now I only have one server as a active domain controller how would I ever be able to replicate? I would like to set up this second server, replicate, and eventually set as the main domain controller and decommission the old server.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
firstly join the windows2008 server as memberserver of windows2003 domain controller...

this process is called domain transition

see this follwoing link whch is indetail...

http://messaging24x7.wordpress.com/2011/07/20/transition-active-directory-windows-2008-migration/

all the best
hirenvmajithiyaManager (System Administration)

Commented:
Sandesh DubeyTechnical Lead
Top Expert 2011

Commented:
The installation of Windows 2008 into the domain and migration is quite simple.
First you need to Adprep your 2003 Domain by running
adprep /forestprep    and
adprep /domainprep   and
adprep /gpprep

from the 2008 DVD on the Windows 2003 DC  - adprep is in the SOURCES folder on the DVD.

Next install 2008 server on the new machine. You need to assign the 2008 new computer an IP address and subnet mask on the existing network. Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller)

Join the new 2008 machine to the existing domain as a member server

From the command line promote the new machine to a domain controller with the DCPROMO command from the command line Select "Additional Domain Controller in an existing Domain"

Once Active Directory is installed then to make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the"Global Catalog" checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

If necessary install DNS on the new server. Assuming that you were using Active Directory Integrated DNS on the first Domain Controller, DNS will automatically replicate to the new domain controller along with Active Directory. Set up forwarders as detailed at http://www.petri.co.il/configure_dns_forwarding.htm

You must transfer the FSMO roles to the 2008 machine then the process is as outlined at http://www.petri.co.il/transferring_fsmo_roles.htm

Change all of the clients (and the new 2008 DC itself), to point to the 2008 DC for their preferred DNS server .

Reference article:
http://araihan.wordpress.com/2009/08/25/migrate-from-windows-2003-active-directory-to-windows-2008-active-directory-step-by-step/

http://markswinkels.nl/2009/01/08/how-to-migrate-a-domain-controller-from-windows-2003-to-windows-2008/
Currently there is only one domain controller in the domain and that is W2k3
run the commnad "netdom query fsmo" and now check all 5 roles is there on the Dc w2k3 if it is not there then Seize the fsmo roles which is missing.

create a user account add the account to enterprise admin,schema admin,domain admin and then run the command
adprep /forestprep
adprep /domainprep

Author

Commented:
When I try to change the 2003 servers role from 2000 native to 2003 I get a message that the operation could not be completed the active directory service is in use.
Sandesh DubeyTechnical Lead
Top Expert 2011

Commented:
You can try the same after sometime as you have ran the adperp and upgration is going on.

Author

Commented:
adprep still will not work i get the following issue.I have also tried several times to change the domains funtionality level to 2003 but errors with service in use.


Adprep was unable to extend the schema.

[Status/Consequence]

The schema master did not complete a replication cycle after the last reboot. The schema master must complete at least one replication cycle before the schema can be extended.

[User Action]

Verify that the schema master is connected to the network and can communicate with other Active Directory Domain Controllers.  Use the Sites and Services snap-in to replicate between the schema operations master and at least one replication partner. After replication has succeeded, run adprep again.

Author

Commented:
Also I have another server in my Active Director Sites and Services. This was a server a while back that I tried to make a dc with no luck but did not follow the steps in this forum and I pretty much gave up. Is this the reason that I am getting these relication errors when trying to adprep on the curren dc? The additional server in the listing has no active directory functionality that I can see. So my question is there a way to make sure that this second server is not playing any part in the current active directory. If so how can I just delete it out of the active directory sites and service or do I need to do some additional stuff? And once removed will I then be able to adprep the current dc and add an additional domain controller (2008 R2) ?
Sandesh DubeyTechnical Lead
Top Expert 2011

Commented:
If the server is listed in Active Directory Sites and Services this means that server is acting as DC.You cannot directly delete the server entry from Active Diretory sites and services.If the server does not exist in the network then you need to ran metadatclean to remove the instance of the server from AD database.

You can verfy the same by running below commands.
netdom query dc  ....This will display the nos of DC
netdom query fsmo..This wil display the FSMO role holder server

Metadat cleanup article:http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Please take the systemstate backup of the Server before carrying out the activity.

Author

Commented:
The Server does exist in the network but I believe that it was configured wrong. I think it was setup as a stand alone and then joined to the current domain.
Sandesh DubeyTechnical Lead
Top Expert 2011

Commented:
Can you post the dcdiag /q and repadmin /replsum output.
Also how many dc are in the network.

Author

Commented:
There is only one true domain controller on the network which has active directory running. I cannot change the environment mode to 2003 native because it keeps telling me its busy. adprep /forestprep will not run because it says it has not successfully replicated. I have no other domain controller for it to replicate with so I am in a bind.

Here is my adprep Log file from off of the active domain controller


[2011/08/29:12:35:06.515]
Adprep created the log file ADPrep.log under C:\WINDOWS\debug\adprep\logs\20110829123506 directory.
[2011/08/29:12:35:06.531]
Adprep copied file M:\adprep\schema.ini from installation point to local machine under directory C:\WINDOWS.
[2011/08/29:12:35:06.546]
Adprep copied file M:\adprep\schupgrade.cat from installation point to local machine under directory C:\WINDOWS\system32.
[2011/08/29:12:35:06.546]
Adprep copied file M:\adprep\PAS.ldf from installation point to local machine under directory C:\WINDOWS\system32.
[2011/08/29:12:35:06.546]
Adprep copied file M:\adprep\sch31.ldf from installation point to local machine under directory C:\WINDOWS\system32.
[2011/08/29:12:35:06.562]
Adprep copied file M:\adprep\sch32.ldf from installation point to local machine under directory C:\WINDOWS\system32.
[2011/08/29:12:35:06.562]
Adprep copied file M:\adprep\sch33.ldf from installation point to local machine under directory C:\WINDOWS\system32.
[2011/08/29:12:35:06.562]
Adprep copied file M:\adprep\sch34.ldf from installation point to local machine under directory C:\WINDOWS\system32.
[2011/08/29:12:35:06.578]
Adprep copied file M:\adprep\sch35.ldf from installation point to local machine under directory C:\WINDOWS\system32.
[2011/08/29:12:35:06.578]
Adprep copied file M:\adprep\sch36.ldf from installation point to local machine under directory C:\WINDOWS\system32.
[2011/08/29:12:35:06.578]
Adprep copied file M:\adprep\sch37.ldf from installation point to local machine under directory C:\WINDOWS\system32.
[2011/08/29:12:35:06.578]
Adprep copied file M:\adprep\sch38.ldf from installation point to local machine under directory C:\WINDOWS\system32.
[2011/08/29:12:35:06.593]
Adprep copied file M:\adprep\sch39.ldf from installation point to local machine under directory C:\WINDOWS\system32.
[2011/08/29:12:35:06.593]
Adprep copied file M:\adprep\sch40.ldf from installation point to local machine under directory C:\WINDOWS\system32.
[2011/08/29:12:35:06.593]
Adprep copied file M:\adprep\sch41.ldf from installation point to local machine under directory C:\WINDOWS\system32.
[2011/08/29:12:35:06.593]
Adprep copied file M:\adprep\sch42.ldf from installation point to local machine under directory C:\WINDOWS\system32.
[2011/08/29:12:35:06.609]
Adprep copied file M:\adprep\sch43.ldf from installation point to local machine under directory C:\WINDOWS\system32.
[2011/08/29:12:35:06.609]
Adprep copied file M:\adprep\sch44.ldf from installation point to local machine under directory C:\WINDOWS\system32.
[2011/08/29:12:35:06.609]
Adprep copied file M:\adprep\sch45.ldf from installation point to local machine under directory C:\WINDOWS\system32.
[2011/08/29:12:35:06.609]
Adprep copied file M:\adprep\sch46.ldf from installation point to local machine under directory C:\WINDOWS\system32.
[2011/08/29:12:35:06.625]
Adprep copied file M:\adprep\sch47.ldf from installation point to local machine under directory C:\WINDOWS\system32.
[2011/08/29:12:35:06.625]
Adprep copied file M:\adprep\dcpromo.csv from installation point to local machine under directory C:\WINDOWS\debug\adprep\data.
[2011/08/29:12:35:06.640]
Adprep successfully made the LDAP connection to the local Active Directory Domain Controller APPS.
[2011/08/29:12:35:06.640]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).
[2011/08/29:12:35:06.640]
LDAP API ldap_search_s() finished, return code is 0x0
[2011/08/29:12:35:06.640]
Adprep successfully retrieved information from the local Active Directory Domain Services.
[2011/08/29:12:35:06.671]
Adprep successfully initialized global variables.

[Status/Consequence]

Adprep is continuing.
[2011/08/29:12:35:06.718]


ADPREP WARNING:



Before running adprep, all Windows 2000 Active Directory Domain Controllers in the forest should be upgraded to Windows 2000 Service Pack 4 (SP4) or later.



[User Action]

If ALL your existing Windows 2000 Active Directory Domain Controllers meet this requirement, type C and then press ENTER to continue. Otherwise, type any other key and press ENTER to quit.
[2011/08/29:12:35:08.796]
Adprep was unable to extend the schema.

[Status/Consequence]

The schema master did not complete a replication cycle after the last reboot. The schema master must complete at least one replication cycle before the schema can be extended.

[User Action]

Verify that the schema master is connected to the network and can communicate with other Active Directory Domain Controllers.  Use the Sites and Services snap-in to replicate between the schema operations master and at least one replication partner. After replication has succeeded, run adprep again.

Author

Commented:
dcdiag.exe results repadmin results

Author

Commented:
The sobelweb machine is not a domain controller when you look at its roles it shows active directory not installed
Sandesh DubeyTechnical Lead
Top Expert 2011

Commented:
From the dcdiag /q log the dns quid is not registered.
Check the NIC setting the Preffered DNS server IP address should be same as the IP address of the Server i.e it should point to itself.Also check if Public ip address is added in alternate DNS remove the same and add to DNS forwarder if required else remove the same.Check if other entry is present in the alternate DNS and remove the same.Restart the DNS and netlogon service.

From repadmin /replsum the server sobelweb has reached the tombstone lifetime period and not replicating with the DC "APPS" for more than 60 days.As you have mentioned that the server is removed from the network.You need to ran metadata cleanup on APPS Server to remove the instances of server sobelweb from AD database and DNS.
Metadat cleanup article:http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Note:Please take the systemstate backup of the Server before carrying out the activity

Once you fix the same then only proceed with win2k8 promotion.

Author

Commented:
OK after removing sobelweb form active domains and sites I was able to upgrade the 2003 server function level. now when I try to run the adprep /forestprep on the 2003 domain controller I get the following.
 schupgr.exe not recognized
I read on experts exhange that I need to run this on the 2003 server with the 2003 server cd but even on the cd I cannot find schupgr.exe
Technical Lead
Top Expert 2011
Commented:
Have you ran metadata cleanup to remove the instance of the server or just deleted the Server from Active Directory sites and service?

Because deleting the server from Active Directory sites and service will not do the job.

There are a couple of very important considerations, that you should have in mind, before you proceed with your migration scenario.
--Check, and raise, if necessary, the Domain and Forest functional levels. You cannot upgrade directly from Windows 2000 mixed, or Windows Server 2003 interim domain functional levels.

--The first Windows Server 2008 Domain Controller in the forest must be a Global Catalog Server, and it cannot be a Read Only Domain Controller, RODC.

--Check the FSMO roles assignments. When you prepare the existing AD, you should run adprep /forestprep on the Schema operations master, and adprep /domainprep /gpprep on the infrastructure master.In your case as there is a single Dc you need to run on the same server.


Steps to Install Windows 2008 DC

1.First prepare the domain.
Insert Win 2008 DVD on windows 2003 DC and execute adprep as below
Ran D:\2008DVD\Support\Adprep\adprep32.exe /forestprep on the server holding the Schema Master role.
Ran D:\2008DVD\Support\Adprep\adprep32.exe /domainprep /gpprep on the server holding the domain master role.

Reference article:http://www.petri.co.il/prepare-for-server-2008-r2-domain-controller.htm

2.Install DNS role in win2k8
Reference KB article:http://technet.microsoft.com/en-us/library/cc725925.aspx

3.Once DNS role is installed.Ran dcpromo on win2k8 R2.
Reference KB article:http://technet.microsoft.com/en-us/library/cc753720(WS.10).aspx

4.After the Win2k8 Dc promotion is completed restart the win2k8 DC.

5.You must transfer the FSMO roles to the 2008 machine then the process is as outlined at http://www.petri.co.il/transferring_fsmo_roles.htm

6.Ran dcdiag /q and repadmin /replsum on DC to check for any errors.

7.Change all of the clients (and the new 2008 DC itself), to point to the 2008 DC for their preferred DNS server this may be in DHCP options or the TCP/IP settings.

Author

Commented:
when doing the metadata cleanup do I connect to the domain controller or to the old sobelweb machine I removed for active domains and sites.
Sandesh DubeyTechnical Lead
Top Expert 2011

Commented:
You have to login on the online DC and follow article:http://support.microsoft.com/kb/216498

Author

Commented:
finished running metadata cleanup. but still have the issue when trying to run adprep32.exe /forestprep.

'schupgr.exe' is not recognized as an internal or external command,
operable program or batch file.
Adprep was unable to upgrade the schema on the schema master.
[Status/Consequence]
The schema will not be restored to its original state.
[User Action]
Check the Ldif.err log file in the C:\WINDOWS\debug\adprep\logs\d
irectory for detailed information.


Adprep was unable to update forest information.
[Status/Consequence]
Adprep requires access to existing forest-wide information from the schema maste
r in order to complete this operation.
[User Action]
Check the log file, ADPrep.log, in the C:\WINDOWS\debug\adprep\logs\
11 directory for more information.

Sandesh DubeyTechnical Lead
Top Expert 2011

Commented:

Author

Commented:
I already read that thread and tried the same with no luck. cannot find schupgr.exe that they are talking about. I saw somewhere that there was an issue with server 2008 enterprise install cd so I am downloading standard 2008 r2 to see if that makes a difference.

Author

Commented:
does it matter that all my downloads are from microsoft volume licensing download center?

Author

Commented:
Its like the only thing stopping me is this schupgr.exe
Sandesh DubeyTechnical Lead
Top Expert 2011

Commented:
It seems you are not running adprep from the CD.
Refer this link:http://www.petri.co.il/windows-server-2008-adprep.htm

Author

Commented:
OK finally found the stupid file and now my schema version went from 30 to 31.  the file was located in the i386 folder on the 2003 server cd2. ran it twice to get it to version 47 and now run adprep32 /forestprep and it is finally running. once that finishes i will run the domain prep. I will keep you posted thanks for all your help

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial