• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 268
  • Last Modified:

Migration to 2008 A/D with Exchange 2007

I have the following environment and will answer any further needed questions regarding this as needed.
1 Exchange 2007 Server on Windows 2008 64 w/ A/D.
1 2003 A/D Server.

I would like to remove Active Directory from the 2003 server.
In the past, I simply ran DCPROMO on the 2003 A/D Server and Exchange stopped working.
I had to contact Microsoft to get it back up and running.  Since the problem was from the A/D server being demoted, their solution was to have me run DCPromo on the 2003 server again and then ran /prepareAD and /PrepareDomain.

I was kind of shell shocked from the incident and decided to just leave it alone.  That was a year ago and I'm ready to go ahead and move forward with removing A/D from that 2003 server.
What is the correct procedure for removing that A/D server without breaking Exchange again?
Also, I'm not sure why my 2008 A/D server did not work on it's own when I demoted the 2003 server.
Thanks in advance for your help.
0
mcrossland
Asked:
mcrossland
  • 10
  • 7
  • 4
  • +2
1 Solution
 
madhatter5501Commented:
this won't answer the question, but is good reference to what possibly happened

http://blogs.technet.com/b/ucedsg/archive/2008/09/29/scp-is-good-for-me.aspx
0
 
tomagoCommented:
Here's the guide/process I used when upgrading from 2003 to 2008R2.  Worked great.

http://mikefrobbins.com/2010/02/03/migrate-active-directory-from-2003-r2-to-2008-r2-server-core/ 
0
 
jimbecherCommented:
  It would probably be best to first check and make sure the 2008 box is the role holder for all five FSMO roles. It it is missing any of the roles to needs to transfer the role to it.

   I can't for the life of me see why the Exchange would be dependent on the 2003 box unless it was still holding a FSMO role. Was Exchange Ever on this 2003 box?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
abhijitwaikarCommented:
install the 2008 member server

run below commands on your existing 2003 DC as requirement to prep your forest for 2008.
adprep /forestprep
adprep /domainprep
adprep /domainprep /gpprep
adprep /rodcprep (optional)

use dcpromo to promote the box
make the box a global catalog (does it by default in the 2008 dcpromo process)
if you have DNS on your 2003 box install it on the 2008 box
At that point you have a fully functional 2008 DC
Transfer FSMO roles to 2008 box
Point clients (static and DHCP) to the new box for DNS services.

Now exchange part :
install EX 2007 in co-exist mode, migrate all form EX2003 data to EX2007, remove exchange from the domain and decom it.

Once all your 2003 DCs are demoted you can raise the functional level.

Good article by demazter on the migration process.  It's written for SBS but the procedure is identical.  You would just do the exchange part on a separate server instead of your new DC.  See here: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2881-Migrate-Small-Business-Server-2003-to-Exchange-2010-and-Windows-2008-R2.html 

Check out : http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_26310506.html
The official Microsoft document
http://www.microsoft.com/downloads/details.aspx?familyid=FA629DE2-F4DD-47AC-8D80-3DB46B2877A2&displaylang=en

Note:
One thing you need to watch is what version of adprep you use.
On the 64bit 2008r2 disk there is "adprep" and "adprep32"...
You need to run adprep32 from the 2008r2 disk on your existing 2003 DC  
0
 
mcrosslandAuthor Commented:
To clarify.  My 2008 Server IS a 2008 A/D Server.
I DO have Exchange 2007 in production.
I do not have ANY Exchange 2003 servers.
I was pretty sure I transferred all of the roles to the 2008 server.  I'll check that now and post my findings.
0
 
mcrosslandAuthor Commented:
2008 Server:
GC
RID
PDC
Infrastructure
Schema Operations Master


2003 Server
GC
0
 
jimbecherCommented:
  You were clear in your initial question. That is how I read it. Along with checking the FSMO roles it wouldn't hurt to do a DCDiag on the 2003 box and look for and AD errors or warnings.
0
 
mcrosslandAuthor Commented:
Thanks Jim.   I'll do that now.  And to answer your previous question, exchange 2003 was never on that 2003 DC.
0
 
mcrosslandAuthor Commented:
Dcdiag results ran on 2003 server.  Private info removed.  See code snippet.
C:\Program Files\Support Tools>dcdiag.exe

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\2003ADSVR
      Starting test: Connectivity
         ......................... 2003ADSVR passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\2003ADSVR
      Starting test: Replications
         ......................... 2003ADSVR passed test Replications
      Starting test: NCSecDesc
         ......................... 2003ADSVR passed test NCSecDesc
      Starting test: NetLogons
         ......................... 2003ADSVR passed test NetLogons
      Starting test: Advertising
         ......................... 2003ADSVR passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... 2003ADSVR passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... 2003ADSVR passed test RidManager
      Starting test: MachineAccount
         ......................... 2003ADSVR passed test MachineAccount
      Starting test: Services
         ......................... 2003ADSVR passed test Services
      Starting test: ObjectsReplicated
         ......................... 2003ADSVR passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... 2003ADSVR passed test frssysvol
      Starting test: frsevent
         ......................... 2003ADSVR passed test frsevent
      Starting test: kccevent
         ......................... 2003ADSVR passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0xC000001B
            Time Generated: 09/12/2011   13:31:20
            Event String: While processing a TGS request for the target
         An Error Event occured.  EventID: 0xC000001B
            Time Generated: 09/12/2011   13:33:44
            Event String: While processing a TGS request for the target
         An Error Event occured.  EventID: 0xC000001B
            Time Generated: 09/12/2011   13:58:36
            Event String: While processing a TGS request for the target
         An Error Event occured.  EventID: 0xC000001B
            Time Generated: 09/12/2011   13:59:14
            Event String: While processing a TGS request for the target
         ......................... 2003ADSVR failed test systemlog
      Starting test: VerifyReferences
         ......................... 2003ADSVR passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : mydomain
      Starting test: CrossRefValidation
         ......................... mydomain passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... mydomain passed test CheckSDRefDom

   Running enterprise tests on : mydomainremoved.local
      Starting test: Intersite
         ......................... mydomainremoved.local passed test Intersite
      Starting test: FsmoCheck
         ......................... mydomainremoved.local passed test FsmoCheck

Open in new window

0
 
abhijitwaikarCommented:
So you are all good here, one thing you need to check on exchange server that is Directory Access Tab. It should be point to new 2008 DC also point exchange server to new 2008 DNS server as primary DNS.
0
 
mcrosslandAuthor Commented:
DNS on 2008 DC is pointing to itself.  It is also the Exchange 2007 server.
When I go into the EMC, Server Configuration, Mailbox.  Right click on the Server and select properties.  I only see the 2003 server under the Active directory Servers.  "Domain controller servers being used by Exchange"
0
 
abhijitwaikarCommented:
DNS on 2008 DC is pointing to itself.  It is also the Exchange 2007 server. - Fine.

I only see the 2003 server under the Active directory Servers.  "Domain controller servers being used by Exchange" - You can manually change these DC,GC settings manually to new 2008 DC.

Once that is done, power off 2003 DC and check and confirm whether new setup is working. Once you confirmed that everything is working fine without 2003 DC then power on it and demote it.
0
 
mcrosslandAuthor Commented:
How do I manually change "domain controller servers being used by exchange?"
0
 
abhijitwaikarCommented:
0
 
jimbecherCommented:
The DCDiag looked clean but did not show any detail as far as the FSMO roles and you did not mention confirming the roles. Try a dcdiag /test:fsmo and it should tell you in detail what controller holes the roles. The DNS entry on the 2003 box should also point to the 2008 box.
0
 
abhijitwaikarCommented:
@jimbecher: FSMO test is passed successfully in posted DCDIAG, No need to run specific dcdiag /test:fsmo command.

Also no need the 2003 box point to the 2008 box as its going to be down and I already suggested to power it down.
0
 
jimbecherCommented:
For my knowkedge then would you please explain how the

Starting test: KnowsOfRoleHolders
         ......................... 2003ADSVR passed test KnowsOfRoleHolders

guarentees that the roles are held by the 2008 box? I always like learning new things :) It is also recommended that the 2003 box use the 2008 as a DNS unless you will never, ever turn it back on. I believe standard operating procedure is pretty much only one DNS per domain isn't it?
0
 
mcrosslandAuthor Commented:
So, please allow me to clarify.  Your saying to edit the Exchange.ps1 file, correct?
0
 
abhijitwaikarCommented:
mcrossland already confirmed that the 2008 DC is a FSMO role owner, also below test shows that the 2003 DC is aware about the FSMO role owner in environment. This test is passed so nothing to worry about the FSMO owner.

Starting test: KnowsOfRoleHolders
         ......................... 2003ADSVR passed test KnowsOfRoleHolders

Also to verify the role owner we have netdom query fsmo command.

It is also recommended that the 2003 box use the 2008 as a DNS unless you will never, ever turn it back on. : Yes, you are correct if author wants to operate 2003 DC as member server else it is not required.
0
 
mcrosslandAuthor Commented:
Still waiting on reponse to my post at 4:12 on 9/12/11
0
 
mcrosslandAuthor Commented:
Thanks to everyone for your attempts to help me with this.  I did not receive a solution from this question so I am posting what I did to achieve my goal.  My goal was to remove the DC.
Here's what I did.
Introduced a new Windows 2008 R2 SP1 server to the network and promoted it to a DC.
Waited.
Checked Exchange and found that it was recocgnizing the new 2008 AD/DC as a valid server for exchange along with the 2003 server.
I then simply shut off the 2003 server to test whether or not Exchange would break this time.
It did not so I demoted the 2003 server.
Problem solved.
0
 
mcrosslandAuthor Commented:
Came up with a workaround myself.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 10
  • 7
  • 4
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now