Solved

Cutting Over Domain Controller from Server 2003 SP2 to Server 2008 R2

Posted on 2012-03-27
25
412 Views
Last Modified: 2012-03-29
Hi,

Can anyone point me in the right direction for a guide on doing the following;

I have a Windows Server 2003 SP2 Domain Controller AD with Domain functional level 2000 native.

I am installing an Active Directory Domain Controller offline, in a VM(not connected to current domain) And would like to transfer all of the users/profiles/computers/domain settings to this offline version with an aim of bringing it online during maintenance window with a quick transfer of roles.

Can anyone point me in the right direction?

Thanks
0
Comment
Question by:Markolong
  • 9
  • 7
  • 4
  • +3
25 Comments
 
LVL 6

Expert Comment

by:FdpxAP-GJL
Comment Utility
All you can do is restore the existing DC to the VM if that's what you want to do.

To get the user data on the second VM there are two ways.

1 - restore the current server a vm
2 - join server and promote to DC. Shut it down, copy vm, restart vm, remte domain vis dcpromo, shut down. copy back copy of VM to server.

Note if you use option 2, ant the second DC sees the first DC it may rejoin the domain. Not sure how the second DC which would know about the first DC would handle seeing the original which has had the 2nd dc removed.

Regards

Gordon
0
 
LVL 5

Expert Comment

by:lloydsystems
Comment Utility
The simplest and fastest way to go about this is to do the following;

Option 1: create a backup of your DCs and its corresponding databases. Build your Offline VM DC as if you were restoring a 2003 DC Server and use this backup, only this time, its not connected to any live network. This way you get everything.

Option 2 - Using a VMware you can clone the existing DC and use the clone on an offline VM network for what ever purposes you choose.

Hope this helps :)
0
 
LVL 11

Expert Comment

by:gmbaxter
Comment Utility
I would do the following:

Build your server 2008 R2 VM and update it fully

Upgrade your current domain functional level to 2003

Join the 2008 server into the domain as a member server

Run adprep on your existing DC to prepare your domain for a 2008 domain controller. (see guidance here http://technet.microsoft.com/en-us/library/cc731728.aspx)

Make the 2008 server a DC, and check that it has the global catalogue role.

Transfer all FSMO roles over to the 2008 DC (http://support.microsoft.com/kb/324801) - do this on the old server but connecting to the new one in the snap-ins.

Demote the old DC to a member server.

This takes care of active directory. Does the server do any other roles?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
First question why do it in a offline state? You are complicating this process by doing it this way you could technically just add another DC your current domain.
0
 

Author Comment

by:Markolong
Comment Utility
Hi Gm Baxter,

I forgot to mention, Exchange 2003 SP2 is installed on the same server, of which i am also going to transition to Exchange 2010 at the same time. I know i need to upgrade the domain to 2008 first.

I plan on seperating the exchange to its own VM/Host.

So the plan is

Windows Server 2003 DC ------> Windows Server 2008 R2
Exchange 2003 SP2 -----------------> Exchange 2010

Both on the same box/VM being upgraded and seperated out?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Why are you wanting to do this migration offline? You would have to use ADMT to migrate the domain users if you are creating a whole new domain forest
0
 

Author Comment

by:Markolong
Comment Utility
I am only running a trial offline, I will be doing the upgrade live. Can i have the two domain controllers in a forest and just promote the new one as PDC?  

Still unsure how to transfer all the users/computers/other site settings.
0
 

Author Comment

by:Markolong
Comment Utility
I am hoping to just create a forest. Once the forest is created. I wish to promote the new Domain Controller as the primary, and demote the old domain controller with a view of getting rid of it all together.

Is this possible? Is this the best way to do it(transfer of users etc).
Or is it better just do as below:

by: gmbaxterPosted on 2012-03-27 at 09:24:32ID: 37770493

I would do the following:

Build your server 2008 R2 VM and update it fully

Upgrade your current domain functional level to 2003

Join the 2008 server into the domain as a member server

Run adprep on your existing DC to prepare your domain for a 2008 domain controller. (see guidance here http://technet.microsoft.com/en-us/library/cc731728.aspx)

Make the 2008 server a DC, and check that it has the global catalogue role.

Transfer all FSMO roles over to the 2008 DC (http://support.microsoft.com/kb/324801) - do this on the old server but connecting to the new one in the snap-ins.

Demote the old DC to a member server.

This takes care of active directory. Does the server do any other roles?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
0
 
LVL 11

Expert Comment

by:gmbaxter
Comment Utility
Do like i said for the actual migration. As you're adding another DC, then DNS, users, user group, computers, computers groups, group policies etc will also migrate over. What other site settings are you concerned about?

I haven't personally migrated exchange 2003 to 2010, but here is a little info on the topic: http://www.msexchangegeek.com/2010/01/30/rapid-transition-guide-from-exchange-2003-to-exchange-2010/

Are you going to keep one physical DC, or are putting everything on one physical server / 2 virtual hosts?
0
 
LVL 29

Expert Comment

by:pwindell
Comment Utility
Can anyone point me in the right direction?

Yea,...turn around 180 degrees and go the opposite way.

Ok, but on a more serious note,...what the heck are you really trying to do?  I have read through the thread and I still can not really see what the ultimate goal is here.
0
 
LVL 11

Expert Comment

by:gmbaxter
Comment Utility
Although the initial idea is flawed, I have already explained a better solution by the process of achieving the goals with no downtime by adding in the 2008 as an additional DC.
0
Want to promote your upcoming event?

Is your company attending an event or exhibiting at a trade show soon? Are you speaking at a conference? Spread the word by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

 

Author Comment

by:Markolong
Comment Utility
Ok Sorry,

I always rush these kinds of things and forget that you guys can only read whats in front of you and can not mind read lol.

I have 1 Windows Server 2003 SP2(domain controller). This Server happens to be the Exchange 2003 Server as well as DNS.

We want to upgrade to Windows Server 2008 R2 and Exchange 2010. But use this opportunity to seperate these to their own hosts(Probably going to be 2 VM's on a physical host).

So end result being. 1  x Windows Server 2008 R2 Domain Controller(active directory)
                                       1  x Windows Server 2008 R2 with Exchange 2010.(mail server)  

I have only setup servers straight from box and not actually done a migration yet. So A step by Step strategy would be really helpful.

My own plan was to Install a Server 2008 and add it to a forest, eventually after preping the previous server, to transfer to primary domain controller in a forest?( Would this take away the need for transfering users/computers using ad migration kit) as it would filter down through the forest?.

Thanks ./
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Go through these then.

Here is a guide for that way

Adprep information.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_3644-Windows-2008-Server-R2-adprep-adprep32.html

Full Guide

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_23665224.html

Exchange will be migrated to the Exchange 2010 box. DO NOT make Exchange a DC but I would keep the Windows 2003 Server as a DC for a second DC.
0
 

Author Comment

by:Markolong
Comment Utility
Yea i know not to make the exchange a DC

Will my method work then..

Creating a forest and having 2 domains in the same forest. Promoting the 2008 to the Active Directory DC and demoting the other one.

Is this an alternative by doing a side by side upgrade where you make it a member server then transfer roles and use AD Migration tool for the data transfer?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
You can NOT demote your root domain so, your plan will not work.

There is no point adding a domain you just add your new server as a DC then migrate Exchange Data to the new Exchange server
0
 

Author Comment

by:Markolong
Comment Utility
So if i wanted to replace the current Domain Controller Theres no point in me creating a forest and doing it that way...
0
 

Author Comment

by:Markolong
Comment Utility
Im nearly sure its possible to demote a domain controller....
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
You can demote the root domain server only if you have no other domains in the forest but as you specify below in your post you will have two domains in the same forest so, this can't be done.

Again why would you want to create another domain? Why would you want to it the hard way? The only reasons you would create a whole different domain from scratch would because of some major corruption in AD. Or if you want to do a domain name change and you were at a level where this wasn't supported

having 2 domains in the same forest
0
 
LVL 29

Accepted Solution

by:
pwindell earned 500 total points
Comment Utility
Although the initial idea is flawed, I have already explained a better solution by the process of achieving the goals with no downtime by adding in the 2008 as an additional DC.

I agree.

Again why would you want to create another domain? Why would you want to it the hard way? The only reasons you would create a whole different domain from scratch would because of some major corruption in AD. Or if you want to do a domain name change and you were at a level where this wasn't supported

I agree again.  The last thing I would ever want to do is create yet more domains.  The less Domains the better (the NT4 days are long gone).  I would either want to keep the same Domains or reduce the number of them.  If I understand what everyone is saying this is a Single Forest - Multiple Domains,...maybe reduce it down to Single forest - Single Domain? (keep the root)

Looking back over the thread again, I think I would just echo what dariusg is saying.  This is being made way to complicated.    You just need the one Domain that is already there,..I don't see any point in creating another one.  

1. You build a new Server up, join it to the Domain and promote it to a DC.
2. Build a second server for the Exchange,..join it to the domain.
3. Install Exchange on the machine into the same existing Exchange Organization and "Move" the Mailboxes to the new Exchange.  Let it sit for a day or two to make sure the Outlook Clients auto-adjust properly from the old to the new.
4. Complete the Exchange Tasks for "Removing the first Exchange from an Exchange Org"
5. After the old Exchange is removed from the old DC then the old DC can be demoted to Member Server then removed from the Domain.  DCPromo automatically transfers the FSMO Roles, but the CG has to be done manually
6. Flatten the old machine and re-purpose it for  something else

VMs don't mean anything to me one way of the other,...they can be there or not be there doesn't matter to me,...but the DC with the PDC Role should remain as a Physical machine even if the other DCs are VMs.
0
 

Author Comment

by:Markolong
Comment Utility
Thanks to both of you guys for the help. I think i am getting the big picture.

Once i create the new server and promote it as a DC, What is the method of transfering everything from current 2003 DC to the new server as the aim will be to decommission the server 2003, once the 2008 is up and operational.

Thanks

Mark
0
 
LVL 29

Expert Comment

by:pwindell
Comment Utility
There is no method because there is no "transfering".  DCs replicate,...they don't "transfer".  The Promotion process replicates the AD data from the existing DC as it is being promoted.  But you will have to make it a CG manually,...there are a bazillion articles on the Internet telling you the simple steps to do that.

The FSMO Roles will transfer off the old DC during the Demotion process automatically.  If there are only two DCs to begin with then it is no mystery where they are transferring to.  If there are more than two it can be a bit random.  But it doesn't matter who gets the roles during that,..just as long as a DC somewhere gets them.   You can jocky them around yourself later on after the dust settles using the normal means for doing that.  Again there are bazillion articles on the Internet for doing  that.  You do NOT have to use the command line tools as some articles says,...it can be done right in the GUI of the MMCs for ADUC and ADSS if I remember correctly.

Exchange is going to be the one with the most work and the biggest disaster if you do it wrong,...so don't do it wrong,...and don't rush it.  It is important that the Outlook clients auto-adjust cleanly to using the new Exchange before you proceed past that point.   It is also extremely important to retire the old Exchange properly,...there are several processes that need to be performed when the Exchange you are removing was the first one originally installed.   Again,..probably a bazzillion articles on the Net for listing those processes.
0
 

Author Comment

by:Markolong
Comment Utility
Once ive upgraded to a new Domain controller on the 2008.

Can i keep the old domain controller with exchange on it for while before upgrading it also?..

Im not too sure doing both at once is the best idea.
0
 
LVL 29

Expert Comment

by:pwindell
Comment Utility
I've laid out the steps. I can't make it any more clear than I have.  Just re-read what I wrote.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
You can wait to Exchage at some other point. The link I posted has Exchange info as well
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now