Solved

Migration to 2008 A/D with Exchange 2007

Posted on 2011-09-12
23
249 Views
Last Modified: 2012-05-12
I have the following environment and will answer any further needed questions regarding this as needed.
1 Exchange 2007 Server on Windows 2008 64 w/ A/D.
1 2003 A/D Server.

I would like to remove Active Directory from the 2003 server.
In the past, I simply ran DCPROMO on the 2003 A/D Server and Exchange stopped working.
I had to contact Microsoft to get it back up and running.  Since the problem was from the A/D server being demoted, their solution was to have me run DCPromo on the 2003 server again and then ran /prepareAD and /PrepareDomain.

I was kind of shell shocked from the incident and decided to just leave it alone.  That was a year ago and I'm ready to go ahead and move forward with removing A/D from that 2003 server.
What is the correct procedure for removing that A/D server without breaking Exchange again?
Also, I'm not sure why my 2008 A/D server did not work on it's own when I demoted the 2003 server.
Thanks in advance for your help.
0
Comment
Question by:mcrossland
  • 10
  • 7
  • 4
  • +2
23 Comments
 
LVL 11

Expert Comment

by:madhatter5501
ID: 36524943
this won't answer the question, but is good reference to what possibly happened

http://blogs.technet.com/b/ucedsg/archive/2008/09/29/scp-is-good-for-me.aspx
0
 
LVL 5

Expert Comment

by:tomago
ID: 36524950
Here's the guide/process I used when upgrading from 2003 to 2008R2.  Worked great.

http://mikefrobbins.com/2010/02/03/migrate-active-directory-from-2003-r2-to-2008-r2-server-core/
0
 
LVL 11

Expert Comment

by:jimbecher
ID: 36524997
  It would probably be best to first check and make sure the 2008 box is the role holder for all five FSMO roles. It it is missing any of the roles to needs to transfer the role to it.

   I can't for the life of me see why the Exchange would be dependent on the 2003 box unless it was still holding a FSMO role. Was Exchange Ever on this 2003 box?
0
 
LVL 10

Expert Comment

by:abhijitwaikar
ID: 36525123
install the 2008 member server

run below commands on your existing 2003 DC as requirement to prep your forest for 2008.
adprep /forestprep
adprep /domainprep
adprep /domainprep /gpprep
adprep /rodcprep (optional)

use dcpromo to promote the box
make the box a global catalog (does it by default in the 2008 dcpromo process)
if you have DNS on your 2003 box install it on the 2008 box
At that point you have a fully functional 2008 DC
Transfer FSMO roles to 2008 box
Point clients (static and DHCP) to the new box for DNS services.

Now exchange part :
install EX 2007 in co-exist mode, migrate all form EX2003 data to EX2007, remove exchange from the domain and decom it.

Once all your 2003 DCs are demoted you can raise the functional level.

Good article by demazter on the migration process.  It's written for SBS but the procedure is identical.  You would just do the exchange part on a separate server instead of your new DC.  See here: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2881-Migrate-Small-Business-Server-2003-to-Exchange-2010-and-Windows-2008-R2.html

Check out : http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_26310506.html
The official Microsoft document
http://www.microsoft.com/downloads/details.aspx?familyid=FA629DE2-F4DD-47AC-8D80-3DB46B2877A2&displaylang=en

Note:
One thing you need to watch is what version of adprep you use.
On the 64bit 2008r2 disk there is "adprep" and "adprep32"...
You need to run adprep32 from the 2008r2 disk on your existing 2003 DC  
0
 
LVL 10

Author Comment

by:mcrossland
ID: 36525163
To clarify.  My 2008 Server IS a 2008 A/D Server.
I DO have Exchange 2007 in production.
I do not have ANY Exchange 2003 servers.
I was pretty sure I transferred all of the roles to the 2008 server.  I'll check that now and post my findings.
0
 
LVL 10

Author Comment

by:mcrossland
ID: 36525213
2008 Server:
GC
RID
PDC
Infrastructure
Schema Operations Master


2003 Server
GC
0
 
LVL 11

Expert Comment

by:jimbecher
ID: 36525224
  You were clear in your initial question. That is how I read it. Along with checking the FSMO roles it wouldn't hurt to do a DCDiag on the 2003 box and look for and AD errors or warnings.
0
 
LVL 10

Author Comment

by:mcrossland
ID: 36525235
Thanks Jim.   I'll do that now.  And to answer your previous question, exchange 2003 was never on that 2003 DC.
0
 
LVL 10

Author Comment

by:mcrossland
ID: 36525278
Dcdiag results ran on 2003 server.  Private info removed.  See code snippet.
C:\Program Files\Support Tools>dcdiag.exe

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\2003ADSVR
      Starting test: Connectivity
         ......................... 2003ADSVR passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\2003ADSVR
      Starting test: Replications
         ......................... 2003ADSVR passed test Replications
      Starting test: NCSecDesc
         ......................... 2003ADSVR passed test NCSecDesc
      Starting test: NetLogons
         ......................... 2003ADSVR passed test NetLogons
      Starting test: Advertising
         ......................... 2003ADSVR passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... 2003ADSVR passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... 2003ADSVR passed test RidManager
      Starting test: MachineAccount
         ......................... 2003ADSVR passed test MachineAccount
      Starting test: Services
         ......................... 2003ADSVR passed test Services
      Starting test: ObjectsReplicated
         ......................... 2003ADSVR passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... 2003ADSVR passed test frssysvol
      Starting test: frsevent
         ......................... 2003ADSVR passed test frsevent
      Starting test: kccevent
         ......................... 2003ADSVR passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0xC000001B
            Time Generated: 09/12/2011   13:31:20
            Event String: While processing a TGS request for the target
         An Error Event occured.  EventID: 0xC000001B
            Time Generated: 09/12/2011   13:33:44
            Event String: While processing a TGS request for the target
         An Error Event occured.  EventID: 0xC000001B
            Time Generated: 09/12/2011   13:58:36
            Event String: While processing a TGS request for the target
         An Error Event occured.  EventID: 0xC000001B
            Time Generated: 09/12/2011   13:59:14
            Event String: While processing a TGS request for the target
         ......................... 2003ADSVR failed test systemlog
      Starting test: VerifyReferences
         ......................... 2003ADSVR passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : mydomain
      Starting test: CrossRefValidation
         ......................... mydomain passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... mydomain passed test CheckSDRefDom

   Running enterprise tests on : mydomainremoved.local
      Starting test: Intersite
         ......................... mydomainremoved.local passed test Intersite
      Starting test: FsmoCheck
         ......................... mydomainremoved.local passed test FsmoCheck

Open in new window

0
 
LVL 10

Expert Comment

by:abhijitwaikar
ID: 36525289
So you are all good here, one thing you need to check on exchange server that is Directory Access Tab. It should be point to new 2008 DC also point exchange server to new 2008 DNS server as primary DNS.
0
 
LVL 10

Author Comment

by:mcrossland
ID: 36525327
DNS on 2008 DC is pointing to itself.  It is also the Exchange 2007 server.
When I go into the EMC, Server Configuration, Mailbox.  Right click on the Server and select properties.  I only see the 2003 server under the Active directory Servers.  "Domain controller servers being used by Exchange"
0
 
LVL 10

Expert Comment

by:abhijitwaikar
ID: 36525365
DNS on 2008 DC is pointing to itself.  It is also the Exchange 2007 server. - Fine.

I only see the 2003 server under the Active directory Servers.  "Domain controller servers being used by Exchange" - You can manually change these DC,GC settings manually to new 2008 DC.

Once that is done, power off 2003 DC and check and confirm whether new setup is working. Once you confirmed that everything is working fine without 2003 DC then power on it and demote it.
0
 
LVL 10

Author Comment

by:mcrossland
ID: 36525593
How do I manually change "domain controller servers being used by exchange?"
0
 
LVL 10

Expert Comment

by:abhijitwaikar
ID: 36525678
0
 
LVL 10

Expert Comment

by:abhijitwaikar
ID: 36525685
0
 
LVL 11

Expert Comment

by:jimbecher
ID: 36525718
The DCDiag looked clean but did not show any detail as far as the FSMO roles and you did not mention confirming the roles. Try a dcdiag /test:fsmo and it should tell you in detail what controller holes the roles. The DNS entry on the 2003 box should also point to the 2008 box.
0
 
LVL 10

Expert Comment

by:abhijitwaikar
ID: 36525799
@jimbecher: FSMO test is passed successfully in posted DCDIAG, No need to run specific dcdiag /test:fsmo command.

Also no need the 2003 box point to the 2008 box as its going to be down and I already suggested to power it down.
0
 
LVL 11

Expert Comment

by:jimbecher
ID: 36525913
For my knowkedge then would you please explain how the

Starting test: KnowsOfRoleHolders
         ......................... 2003ADSVR passed test KnowsOfRoleHolders

guarentees that the roles are held by the 2008 box? I always like learning new things :) It is also recommended that the 2003 box use the 2008 as a DNS unless you will never, ever turn it back on. I believe standard operating procedure is pretty much only one DNS per domain isn't it?
0
 
LVL 10

Author Comment

by:mcrossland
ID: 36525926
So, please allow me to clarify.  Your saying to edit the Exchange.ps1 file, correct?
0
 
LVL 10

Expert Comment

by:abhijitwaikar
ID: 36526371
mcrossland already confirmed that the 2008 DC is a FSMO role owner, also below test shows that the 2003 DC is aware about the FSMO role owner in environment. This test is passed so nothing to worry about the FSMO owner.

Starting test: KnowsOfRoleHolders
         ......................... 2003ADSVR passed test KnowsOfRoleHolders

Also to verify the role owner we have netdom query fsmo command.

It is also recommended that the 2003 box use the 2008 as a DNS unless you will never, ever turn it back on. : Yes, you are correct if author wants to operate 2003 DC as member server else it is not required.
0
 
LVL 10

Author Comment

by:mcrossland
ID: 36551252
Still waiting on reponse to my post at 4:12 on 9/12/11
0
 
LVL 10

Accepted Solution

by:
mcrossland earned 0 total points
ID: 37040872
Thanks to everyone for your attempts to help me with this.  I did not receive a solution from this question so I am posting what I did to achieve my goal.  My goal was to remove the DC.
Here's what I did.
Introduced a new Windows 2008 R2 SP1 server to the network and promoted it to a DC.
Waited.
Checked Exchange and found that it was recocgnizing the new 2008 AD/DC as a valid server for exchange along with the 2003 server.
I then simply shut off the 2003 server to test whether or not Exchange would break this time.
It did not so I demoted the 2003 server.
Problem solved.
0
 
LVL 10

Author Closing Comment

by:mcrossland
ID: 37061278
Came up with a workaround myself.
0

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now