Solved

Possible to migrate a 2008 domain to server 2003 r2?

Posted on 2012-03-19
13
229 Views
Last Modified: 2012-04-24
Please tell me that it is possible to migrate a 2008 domain to a server 2003 R2 domain????

If not I'm screwed.

Also, an associate of mine seems to think doing a migration like this during work hours would not effect usage.  We would be doing an interforest migration, so it appears it would be cloning the info, not removing it.  Correct?

This is my first time doing this, bear with my stupid questions please:)

Thank you
0
Comment
Question by:cas_three
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 4
  • +1
13 Comments
 
LVL 29

Accepted Solution

by:
pwindell earned 250 total points
ID: 37739248
Please tell me that it is possible to migrate a 2008 domain to a server 2003 R2 domain????

No idea. I never heard of anyone going backwards.  If the 2008 DCs are still running at 2003 or 2003R2 Functional Levels then you don't migrate at all,...you just promote a couple of 2003R2 DCs into the domain and DCPromo the 2008's out,...which leaves behind only the 2003R2 DCs and the 2008's are gone.

so it appears it would be cloning the info, not removing it.  Correct?

Yes,...except a machine can only be joined to one Domain at a time,...so "machines" are moved,....but user accounts are "copied".
0
 
LVL 7

Expert Comment

by:ashutoshsapre
ID: 37739403
Since this is an inter-forest migration I think this will work. Just create the trust, delegate DNS zones and then use ADMT to migrate the accounts. You will not experience any issues while doing this in office hours unless you migrate computer accounts. During migration Computers accounts are moved to the target domain, whereas for user accounts you have option to either move or copy it to the target domain. In case you run into issues you can post the errors on Experts-Exchange and we will help you out.
0
 

Author Comment

by:cas_three
ID: 37739486
Is there documentation on creating the trusts and delegate dns zones?

The guide I was following is http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=19188.

But this is for Server 2008 R2, do the same rules apply?

Thank you
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 10

Assisted Solution

by:172pilotSteve
172pilotSteve earned 250 total points
ID: 37739797
To directly answer the question, I second the use of ADMT...  You're basically going to create a new 2003 domain, and then "pretend" that you're consolidating two domains my migrating the resources from one to the other.  The one downside is that your new domain will HAVE TO BE a new namespace because ADMT is going to have to know about both domains separately, and you're probably going to need 2-way trusts setup (2 forest trusts)...  Migrate all the users and groups, then migrate ONE workstation and see if you can log in with the new 2003 domain user account and access everything in the new and old domain.  If so, then after hours, migrate the servers and workstations.  Plan for a long night - You're going to probably have to track down firewall rules and permissions preventing ADMT from completing on some machines...

BUT, my first question would be WHY do you want to do this?  Is it a LICENSING problem or a technical one?  Does SOMETHING not work on your 2008 domain now that it's upgraded?

Also, I'd ask what is the domain functional level?  If you haven't upgraded the domain and forest functional level beyond 2003 native, then you should actually be able to just install a 2003 domain controller into the 2008 domain, transfer all the FSMOs and then shut down the 2008 DCs, and you'll be back on 2003 again....  I'm not sure if you'll be able to cleanly DCPROMO down the last 2008 DC or not, or if you'd have to forcibly rip it out with ADSIUTIL, but as long as you can get a 2003 domain controller to JOIN the domain, then wait for the replication to occur, you should be good to go WITHOUT any migration.
0
 
LVL 10

Expert Comment

by:172pilotSteve
ID: 37739802
One more thing about the last method I mentioned...  Tell me what your Forest and domain functional levels are, and I can probably do this in a lab, if you're not comfortable/able to do it in a lab first..  I could probably get some screenshots or more detailed steps in advance then..

-Steve
0
 
LVL 29

Expert Comment

by:pwindell
ID: 37739884
Everyone is just repeating what I said the first time around  :-)
0
 
LVL 10

Expert Comment

by:172pilotSteve
ID: 37740462
@PWindell   Sorry about that.. you're right - SOmehow I missed that one, and keyed into the ADMT message and tried to expand upon that..    I agree with you then!!  :-)
0
 

Author Comment

by:cas_three
ID: 37742179
172pilotSteve, I do not have access to a lab to test this unfortunately.

Give me a few secs to the get the information you are asking for, if you are able to test in  lab enviroment I would be extremely greatful!
0
 

Author Comment

by:cas_three
ID: 37742306
Ok, both forest and domain functional levels are at Windows Server 2003.  And it looks like the trusts between the domains is already set up. When right clicking the domain in AD Domains and Trusts, on the Trusts tab, they each see the other domain.

So should I follow the steps in the guide I mentioned above or is that a different guide I should follow for 2003?
0
 
LVL 29

Expert Comment

by:pwindell
ID: 37743137
Ok, both forest and domain functional levels are at Windows Server 2003.

Then forget the whole thing!!!!
You ALREADY HAVE a 2003 Domain,...the fact that the DCs are 2008 is irrelevant.
You're question was "Possible to migrate a 2008 domain to server 2003 r2?",....the Answer is,...."You already have,...and still have,....a 2003 Domain".

1. DC Promo into the Domain a couple 2003 DCs (even if only temporary).
2. DCPromo the 2008 DC out of the Domain
3. If step one was temp DCs,...now DCPromo the permanent 2003 DCs in if you were wanting to reuse the hardware the 2008 is on.
0
 
LVL 10

Expert Comment

by:172pilotSteve
ID: 37743211
Agree w/ PWindell..   Only would add that you might have to wait for replication between each step, and/or move the FSMO roles around as you promote/demote servers - I am not sure if it will move FSMO roles automatically if you dcpromo down the DC that has them...  BUT, it's safe to just go ahead and try..

-Steve
0
 
LVL 29

Expert Comment

by:pwindell
ID: 37743347
Yes. I would give it a good hour or more between steps.

DCPromo automatically moves the FSMO Roles off of the DC as it is demoted,..so no need to mess with them (unless you just want to,...but I never do).  But the CG needs to be set manually on one or all of them.

You can tweak the FSMO distribution after you are down to the final permanent DCs at the very end.
0
 

Author Comment

by:cas_three
ID: 37743507
SATACSServerInfo.docxSo I made a list of what is at at each location, this is what I came up with, please see attached.  Is there any other critical info I need to know before starting this? I'm doing this tomorrow afternoon and extremely nervous about it since I have not done this before.

Thanks so much for all of your help on this.
0

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question