Solved

moving PC from first DC to second DC

Posted on 2012-04-02
26
364 Views
Last Modified: 2012-04-10
Hi,

I have 2 Domain Controllers.

First DC running Windows server 2000:       0000.ABC.com

Second DC running Windows 2003 SP2:       1111.ABC.com

In the first DC, there are 80 PCs in Computers container. Now I want to move all 80 PCs from first DC to second DC computers container.

Could you please guide me in details how should I do it in step by step? Thank you.

Regards,
phucdk
0
Comment
Question by:phucdk
  • 8
  • 7
  • 7
  • +2
26 Comments
 
LVL 4

Expert Comment

by:Anutechnologies
ID: 37795536
If they are both on the same domain, you don't need to do anything.  If you want to remove the old DC, then promote the new one to master and then demote the old one.  You can do this via dcpromote.
0
 

Author Comment

by:phucdk
ID: 37795553
Thank you for your speedy reply, I would like to ask you some questions

1. If I do dcpromote in Server 2003, will all the PCs from windows server 2000 be moved to server 2003?

2. If during the time I do dcpromote in windows 2003, is there any downtime/affect in those PC in server 2000?

3. After I do dcpromote in Windows 2003, can I just shutdown windows 2000 DC?
0
 
LVL 4

Expert Comment

by:Anutechnologies
ID: 37795562
The PCs are connected to a single DC.  They get a list of DCs and will use a secondary if the primary fails.

There will be no downtime if you promote the 2003.

You will need to run dcpromote on the windows 2000 dc to remove it as a DC, otherwise it will stay active as a DC and simply show as offline.
0
 
LVL 4

Expert Comment

by:Anutechnologies
ID: 37795565
Sorry the command is actually dcpromo, I used dcpromote so you would know what it does.
0
 
LVL 10

Expert Comment

by:Prashant Girennavar
ID: 37795615
Dcpromo command line is used to promote window server 2000/2003/2008 as Domain controllers.
It is nothing to do with your requirement.

So no need of running any Dcpromo on window server 2003 ( As it already a domain controller).

You simply have to move the PC to subnet where windwo server 2003 Exists.

For eg - window server 2000 subnet is 172.168.1.0/24 and all clients have IP address which belongs to same subnet (172.168.1.0/24).

Now your windows server 2003 subnet is 192.168.1.0/24 and you want all 80 PC's to move to this subnets then you can Create scope in DHCP  so that client can automatically get the IP address ranging 192.168.1.0 series.

Hope this helps.

Let me know if you have any question here.

Regards,

_Prashant_
0
 
LVL 4

Expert Comment

by:Anutechnologies
ID: 37795636
I assumed both were part of the same domain, hence his 000.abc.com and 111.abc.com. The subnet is irrelevant.
dcpromo needs to be used to transfer all of the FSMO roles.  If this is not done there will be trouble is the 2000 server which has the roles, is taken offline.
dcpromo is used on the Windows 2000 server to remove it as a DC.
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37795641
You will require to transfer the roles to the 2DC before dcpromo down the first DC.
0
 

Author Comment

by:phucdk
ID: 37795660
Thank you both of you for your inputs,

I just run dcpromo in windows 2000 and get some popup which I attached them here

In the second picture, should I mark a check box to "This server is the last domain controller in the domain"

BTW, both DCs have this IP 10.51.115.0/24


After I finished these steps above, am I going to run dcpromo in Windows server 2003?
pic1.png
pic2.png
0
 
LVL 4

Expert Comment

by:Anutechnologies
ID: 37795675
You need to run the DC promo on the 2003 server first to transfer the FMSO roles to it.  Once that is done, you can use the DCPromo to demote the 2000 server.  At that point you will NOT check off the box that this is the last domain controller in the domain.
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37795685
I just run dcpromo in windows 2000 and get some popup which I attached them here
-- make sure your new server is also Global catalog..

In the second picture, should I mark a check box to "This server is the last domain controller in the domain"

--- no do not select the check box else your domain will be cleared.
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 37795698
@phucdk,
Before you get the wrong instructions...
Please can you confirm what you mean by:
First DC running Windows server 2000:       0000.ABC.com
Second DC running Windows 2003 SP2:       1111.ABC.com

Are those the names of the servers or names of domains?
If servers then they're in the same domain, so thhen you should see the same details in both DC's, and shouldn't need to move the computers.
Run the following tests on each DC and check for replication errors.
repladmin /showrepl
dcdiag /v

If they are different domains, then running DCPROMO will remove that domain entirely.
You would need to do a domain migration using the ADMT tool.
http://technet.microsoft.com/en-us/library/cc974332(v=ws.10).aspx
0
 

Author Comment

by:phucdk
ID: 37795701
I just run dcpromo in Windows server 2003 and got the same message popup, but this time I HAVE TO check in the check box "This server is the last domain controller in the domain" ?

When I click next, it will transfer the FMSO roles from server 2000 to server 2003 right ?

After finishing promote/transfer FMSO in server 2003, I just run windows 2000 and NOT check off the box This server is the last domain controller in the domain" ?

This is the production environment therefore I apology if I asked twice. I just want to make sure everything doing the right way.

Thanks and regards,
Phuc
0
 
LVL 4

Expert Comment

by:Anutechnologies
ID: 37795721
Except for one detail.  Do not check the box on either server.  Once you tyransfer to the roles over and demote the 2000 server, it doesn't matter if it is the last.  It would be implied by removing the 2000 server.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37795731
1 you do not have to run dcpromo on 2003 if it is already a domain Controller.
2 you require to run dcpromo on 2003 if it is not yet a Domain controller.
3 ones you are sure your new server is already domain controller and have replicated all the information then run dcpromo on old server.
4. do not select check box " this is last domain controller on the domain" when demoting old server.
0
 
LVL 4

Expert Comment

by:Anutechnologies
ID: 37795747
Here is an artcile on transfering FSMO roles.
http://www.petri.co.il/transferring_fsmo_roles.htm
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 37795756
@phucdk
You will only get the check box for last DC is that is the last DC in your domain.
Run the following on both Domain Controllers to confirm what servers are holding the FSMO roles.
netdom query fsmo

Based on the prompts you're receiving after DCPROMO, it sounds like these two DC's are not part of the same domain.
0
 

Author Comment

by:phucdk
ID: 37795802
Thank you dvt_localboy for your inputs and I would like to answer your question above

First DC running Windows server 2000:       0000.ABC.com

Second DC running Windows 2003 SP2:       1111.ABC.com

Are those the names of the servers or names of domains? These are the name of the domains ? because I just check each server, I could see were

Server 2000: nt159.0000.ABC.com

Server 2003: da39c.1111.ABC.com
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 37795855
Then those servers are in different domains.
You will need to migrate those workstations from one domain to another domain.

Have a look at the ADMT tool for migrating workstations/servers between domains.
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=19188

In your scenario, I think you'll probably need to look at the "Intraforest Active Directory domain restructure"

Can you please run the following commands on both Domain Controllers.

netdom query fsmo
netdom query trust

It will help us understand if you're running a forest with multiple domains or if you're running two forests.
0
 

Author Comment

by:phucdk
ID: 37795971
I am trying to run netdom query fsmo on both server 2000 and 2003 command prompt but can not execute the command.

Am I doing correct at running at command prompt or where I have to run the command? Thanks
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 37796001
Netdom is available in the Windows Resource Kit or the Windows Support tools.
Check the CD or download it from the following sites.
No need to restart the servers after installation.

Windows 2003
http://support.microsoft.com/kb/892777

Windows 2000
http://www.petri.co.il/download_w2k_sp4_support_tools.htm
0
 

Author Comment

by:phucdk
ID: 37796271
From Server 2000: nt159.0000.ABC.com
Running netdom query fsmo, I got this result

Schema owner                      nt159.0000.ABC.com

Domain role owner          nt159.0000.ABC.com

PDC role                          nt159.0000.ABC.com

RID pool manager            nt159.0000.ABC.com

Infrastructure owner        nt159.0000.ABC.com

--------------------------------------------------------------------------------------------------

From Server 2003: da39c.1111.ABC.com
Running netdom query fsmo, I got this result

Schema owner                      da39c.1111.ABC.com

Domain role owner          da39c.1111.ABC.com

PDC role                          da39c.1111.ABC.com

RID pool manager            da39c.1111.ABC.com

Infrastructure owner        da39c.1111.ABC.com

----------------------------------------------------------------------------------------------------
However, when I run netdom query trust on Server 2000. I got this result
Direction Trusted\Trusting domain
========= =======================

<->       2015.xyz.com

            fgh9503

The command completed successfully


And when I run  netdom query trust on Server 2003, I got this result
Direction Trusted\Trusting domain
========= =======================

The command completed successfully

So, could you please guide me what should I do now?
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 37796357
These results tell us the following about your domains:
0000.ABC.com and 1111.ABC.com are not part of the same domain, nor are they part of the same forest.
0000.ABC.com and 1111.ABC.com do not have a trust between them.

If you don't move the users as well as the workstations then you won't be able to logon to these workstations again.

The way you'd move objects between these two domains is to create a domain trust and then use the ADMT tool to migrate users from one domain to the other.

So now I need to ask the question, why do you want to move the computer objects?
Would it be correct to assume that 1111.ABC.com was built to replace 0000.ABC.com?

If all you wanted to do was migrate from Windows 2000 to Windows 2003 then it would be easier to:
A. delete 1111.ABC.com domain (assumming there is no users/computers configured i there currently)
B. install the new DC directly into your Windows 2000 domain as a member server of 0000.ABC.com
C. promote da39c to become a domain controller in 0000.ABC.com. You'll now have da39c.0000.ABC.com
D. move the FSMO roles to the new server,
E. move DHCP, DNS and WINS from the 2000 DC to the 2003 DC.
F. demote the 2000DC.

So before you do anything, can you please take a little more time to explain your objective and reasons?
That way we can help you make an informed decision about what, when and where to do each of the actions.
0
 

Author Comment

by:phucdk
ID: 37798908
Hi dvt_localboy

Thank you very much for a detail analysis. I think I should describe more in my objective so we can have the best result.

This setup was built already; the company has Windows 2000 and exchange 2000 from the beginning. After that they built a windows server 2003 and promote it as a DC. However, this server is a DC itself as I have described.

And now they want to build an exchange 2010 on windows 2008R2. I have setup Exchange 2010 and joined this exchange server to DC server 2003. The purpose is they want to replace the exchange 2000; all the user mailboxes from exchange 2000 will be migrate to Exchange 2010. At last will get rid of DC server 2000.

Because they are having their own software system setup on DC server 2003, that’s why they don’t want to mess it up and want to have exchange 2010 on Win2008R2.

Therefore, I am trying to move all objects from DC server 2000 to DC server 2003.

Regarding to your question.
I want to move the computer objects to DC server 2003 because the DC server 2000 will be taking off as planed.

I have read your advice about migrate from Win 2000 to Win 2003, it is a very nice guidance indeed. Unfortunately, the scenario now is like I just said. What I want to do now is steps to move all objects from Win 2000 to Win 2003. Or the best way to achieve my goal that moves everything from Win 2000 to Win 2003.

And by the way, I don’t know if I have to open another question to ask about this.

Could you please advice me how should I move the mailbox from exchange 2000 to exchange 2010. I am planning do it manually (export/import pst files).

Please keep shooting the question if you are unclear in any points. Thank you so much for trying to help me.

Regards,
phucdk
0
 

Author Comment

by:phucdk
ID: 37801130
This is my network environment
ABCOO11.jpg
0
 
LVL 26

Assisted Solution

by:Leon Fester
Leon Fester earned 500 total points
ID: 37801506
I think I've got a clear picture of what you want to do.
Have you considered; instead of deleting the entire domain, why not just upgrade the WINDOWS 2000 domain 0000.abc.com to a WINDOWS 2008 domain?
You can then dcpromo the Windows 2000 server at the end.
No user/workstation/server account moves or permissions changes.
http://technet.microsoft.com/en-us/library/cc731188(v=ws.10).aspx

You can then do the same for Exchange 2000 in the 0000.abc.com domain.
http://technet.microsoft.com/en-us/library/aa998604.aspx

This obviously requires that you remove exchange 2010 from the 1111.abc.com domain.

This route is less headache than the alternative which is a domain migration from 0000.abc.com to 1111.abc.com.
You'd need to move the user accounts, computers and servers using the ADMT tool.
And then do the Windows 2008 upgrade.

So for the next few posts, stop thinking about the Versions of the DC's.
I need you to think about where the majority of your users and computers reside.
How are you currently managing access and permissions between the domains?
Does each user have more than 1 account?
Is the application on Windows 2003 only used by a few users or maybe shared with clients?
0
 
LVL 26

Accepted Solution

by:
Leon Fester earned 500 total points
ID: 37801531
I forgot to add another option, of using Exchange 2010 to create linked mailboxes.
You'd still do a domain upgrade from Windows 2000 to Windows 2008 for domain 0000.abc.com, but you don't need to delete Exchange from domain 1111.abc.com.
http://technet.microsoft.com/en-us/library/bb123524.aspx

The biggest issue would be administering two domains as small companies don't always have the resources for this.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

Companies that have implemented Microsoft’s Active Directory need to ensure that the Active Directory is configured and operating properly. If there are issues found and not resolved, it eventually leads the components to fail or stop working and fi…
[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now