Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Active Directory(Domain Controller) server migration

Posted on 2011-10-19
7
Medium Priority
?
371 Views
Last Modified: 2012-06-27
Hi,

this is my first time doing this and I think I missed something.

I am trying to migrate an active directory server from an old windows 2003 server to a newer 2008 r2 server.

I did my adprep, I added the new server to the active directory with dcpromo.
everything worked fine.

then I trnsfered the operational master, global catalog, and
did a

Transfer domain naming master
Transfer infrastructure master
Transfer PDC
Transfer RID master
Transfer schema master

so, now, this server should be the primary domain controller and I think I should be able to shut down the old one. at least I thought.

I think I missed something somewhere. if I shut down the old domain controller, the new one
can't find the active directory. but if I turn it back on. both see it.

I don't know what I'm missing, but apparently, the old one is still the primary domain controller.

any help on this would be appreciated
0
Comment
Question by:TheWebGuy38
7 Comments
 
LVL 40

Expert Comment

by:als315
ID: 36997813
Check also DNS settings.
Here you can find detailed guide:
http://technet.microsoft.com/en-us/library/dd379558(WS.10).aspx
0
 

Author Comment

by:TheWebGuy38
ID: 36997957
My dns wasn't right during the migrtion I think

this is the error I got


This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.
 
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
 
FSMO Role: DC=gssmedical,DC=com

I fixed the dns, but
I don't know if I need to redo the dcpromo and rejoin, or the data will migrate and I can then take the servers offline
0
 
LVL 23

Expert Comment

by:Radhakrishnan R
ID: 36997988
Make sure that you have configured your 2008 server as primary and the server should be global catalog role holder. once done run dcpromo /force removal on the old server and disconnect it from network.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 1500 total points
ID: 36998084
Hi,

if you wish, you may follow with articles on my blog for that.

How to add the first 2008R2 DC to 2003 network
http://kpytko.wordpress.com/2011/08/25/adding-first-windows-server-2008-r2-domain-controller-within-windows-2003-network/

after that you may wish to transfer FSMO roles to the new box
http://kpytko.wordpress.com/2011/08/26/transferring-fsmo-roles-from-gui/
http://kpytko.wordpress.com/2011/08/26/transferring-fsmo-roles-from-command-line/

when you moved PDC Emulator role, you need to advertise new time server in your forest/domain
[...]- after transfer of the PDCEmulator role, configure the NEW PDCEmulator to an external timesource and reconfigure the old PDCEmulator to use the domainhierarchie now. Therefore run on the NEW "w32tm /config /manualpeerlist:PEERS /syncfromflags:manual /reliable:yes /update" where PEERS will be filled with the ip address or server(time.windows.com) and on the OLD one run "w32tm /config /syncfromflags:domhier /reliable:no /update" and stop/start the time service on the old one. All commands run in an elevated command prompt without the quotes. [...]

it's an extract from MVP blog at
http://msmvps.com/blogs/mweber/archive/2010/02/10/upgrading-an-active-directory-domain-from-windows-server-2003-to-windows-server-2008-or-windows-server-2008-r2.aspx

Now, also important part. On each staticaly configured computer/server modify DNS settings in NIC properties. Point them to the new DC (which is also DNS, if you didn't change anything during server promotion).

For DHCP clients, go to DHCP management console and modify server/scope(s) options (depends on your configuration). Update option 006 for your internal DNS servers. Put there only INTERNAL IPs of DNS servers which are used in your network (remove that one, which you want to demote). Reboot clients or wait until their lease will expire, then they will get new settings.

On your new DNS server (2008R2 DC) check if you have configured forwarders to allow users browsing the Internet. Put in forwarders section IP addresses of DNS from your ISP or any other publicly available (like Google 8.8.8.8 or/and 8.8.4.4)

The last step before you can demote 2003 DC is to migrate DHCP database from the old box to the new one. Check this MVP blog article, how to do that at
http://blogs.technet.com/b/teamdhcp/archive/2009/02/18/migration-of-dhcp-server-from-windows-server-2003-to-windows-server-2008.aspx

Now, shut down your old DC (to see if everything is working fine). If so, turn it on before 60days will pass (tombstone lifetime for DC) and decommission it to prevent any problems in the future.

How to do that is also on my blog at
http://kpytko.wordpress.com/2011/08/29/decommissioning-the-old-domain-controller/

So, everything should be fine, now.

And out of the topic. If you have at least 2 2008 R2 servers, you may consider using DHCP redundant server for security purposes. Check how to use Split-Scope on 2008 R2 at
http://kpytko.wordpress.com/2011/10/07/dhcp-split-scope-wizard/

Regards,
Krzysztof
0
 

Author Comment

by:TheWebGuy38
ID: 37003861
OK,

think I found my problem.

The schema got corrupted or deleted. also, I don't think the fsmo transferred correctly

this it, it shall work! I have faith!
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 37004924
So, if FSMO roles weren't transffered successful, you need to now seize them to another Domain Controller and do metadata cleanup of that broken one.

You may wish to check articles on my blog for that at
Seizing FSMO roles
http://kpytko.wordpress.com/2011/08/28/seizing-fsmo-roles/

Metadata cleanup process
http://kpytko.wordpress.com/2011/08/29/metadata-cleanup-for-broken-domain-controller/

Krzysztof
0
 

Author Comment

by:TheWebGuy38
ID: 37004931
this is interesting, I migrated everything to a new server, everything was successful

but when I did a dcpromo /forceremoval on the old severs due to inconsistencies.

somehow the new servers active directory information disappeared.

I'm trying it again without the  dcpromo /forceremoval
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question