Upgrade to Windows Server 2008

Insufficient information.  And bad idea.

For STABILITY you never want to upgrade, you want to migrate which means a clean installation.

If you're running the 32 bit edition of Server 2003, then you CANNOT upgrade to 2008 R2 (if that's what you mean).  You CAN upgrade to 2008 but that hasn't been sold in a couple of years so I assume you want to go to the current version.

If you're running the 64 bit edition of 2003, you can.

More information on upgrade paths are available here:
http://technet.microsoft.com/en-us/library/dd979563%28v=ws.10%29.aspx

If you want to ensure a STABLE environment, then post more information and specifics and DO NOT upgrade and we can suggest other solutions.

What settings? Do you want to do a in-place upgrade on the same hardware?

I do want to use the same hardware and I really don't want to have to reenter all the user names and profiles. Also, I would like to maintain the DNS, DHCP etc settings.

The current system is Windows Server 2003 Enterprise Edition 32-bit. The hardware is an HP Proliant DL380 G3 Server.

And Server 2008 R2 is what we are looking at.

You can NOT upgrade from 32-bit to a 64-bit operating system. Windows 2008 Server R2 is only a 64-bit system

I understand the point about not being able to upgrade but what I am hoping is to migrate as many settings as possible.

If you want to use the same hardware then this task will not be easy or even possible for some of the stuff

If you want to use the same hardware, then you will need to do what is known as a swing migration.  Basically, you need to setup a temporary server that you will move all the content, settings and roles from the existing 2003 server to.  Then you decomission the existing 2003 server and finally wipe it clean to ready it for the 2008 R2 install.  Once 2008 R2 is installed, then you migrate the content, settings and roles off of the temporary server on to the new 208R2 server.  Then you decomission the temp server.  since you won't really be doing much of anything on the temp server, that hardware can be a desktop or even laptop with enought disk and memory to install the OS and contain all the content.

You need a new server.

The G3 (IF my memory serves) does not support x64 architecture REQUIRED by Server 2008 R2.  If I'm correct in that, you simply have no choice.

As for preserving the accounts, this is EASY PROVIDED you have setup a domain.  If you're in a workgroup, then you're out of luck.

If it's a domain, you simply want to add the new server to the existing domain and promote it to a domain controller.  There is some prep-work first (literally - you have to run ADPREP32 on the 2003 server; the adprep32 command should be on the 2008 R2 DVD).  Frankly, I usually recommend the following steps:

1. FULL BACKUP of the existing server.
2. Run DCDIAG on the existing server with the /C /E /V switches and review the output, correcting any unexplained/unexpected problems.
3. Join the new server to the domain.
4. Run ADPREP32 on the existing server (reference http://www.petri.co.il/prepare-for-server-2008-r2-domain-controller.htm)
5. Run DCPROMO on the new server and make it a domain controller in the existing domain.
6. Set the new server as a Global Catalog
7. Wait a day to allow everything to settle and then run DCDIAG on both servers to confirm everything is still working (Too often, I see issues with NetLogon not getting shared on the new DC; this is usually easily resolved by using the BURFLAGS registry entry).  Once you confirm both servers are healthy, transfer all your files and services to the new server.  (including the AD FSMO roles) When you have NOTHING but Active Directory and DNS left on the old server, turn it off (pull the network cable).  Make SURE things are working with JUST the new server (it's very easy to put the network cable back in... it's a lot more difficult restoring the server if there are problems).
8. Once you're satisfied the new server is working, plug the old one back in (NO LATER THAN 60 days - should be MUCH sooner - like a week) and run DCPROMO on it to remove Active Directory.
9. Turn off the old server and decommission.

You COULD stop at step 6 and keep the old server as a redundant DNS server and DC...  Most people would recommend as much.

By the way, if you don't understand what I said above, I STRONGLY recommend you hire a consultant.  The server is the heart of your network and if you're not familiar with the terms, roles, features I describe above, then I would liken you to the nurse in charge of the patient's medical care... you're great for day-to-day stuff... but a heart transplant should be done by a Doctor, not the Nurse.  (Unless you want this to be your regular job - then learn it... setup a test network and do this a couple of times AT LEAST so you understand what you're doing and the steps and precautions you should take)

I will update you on the progress of this project soon. This is for our small Catholic school's school network and I have suggested to the principal that we either continue with Server 2003 or find a benefactor to provide the money to purchase a new server and the new software.

We will be purchasing a new server. It will have no O/S so I will be installing Server 2008 R2. I would assume that that would be step #1.  My biggest concern will be migrating the DHCP settings though I would like to migrate as much information as possible. Also, we do plan to keep the old server as a backup - something we currently don't but should have.

Here is a full plan

https://www.experts-exchange.com/questions/23665224/Windows-2008-Server-Migration-From-Server-2003.html

Thank you dariusg. I will follow those steps and see how it goes.

We will be ordering the new server this week and then I will begin working on this migration. I plan to first clean out old profiles and profiles from students who have graduated and are no longer at the school.

The new server has been delivered and I will begin installing the O/S on Saturday. I will post results next week.

I have begun this process and got to the point where I need to access the Windows Server 2008 disk from the old server. I did not think about the fact that the old server does not have a DVD drive so I have to get an external DVD drive to continue.

Using the instruction from tigermatt that was submitted by dariusg I am currently running the adprep routine. I don't know if something changed between the time that instructions were written and now but I did not find arprep in the sources\adprep folder within the Windows Server 2008 DVD media. On my DVD it was in the support\adprep folder within the Windows Server 2008 DVD media. Just thought I would add that to the discussion.

While proceeding with the procedure for migrating to Windows Server 2008 I was able to run adprep /forestprep successfully. However, when I tried to execute adprep /domainprep I got a message telling me that the domain is not in native mode and that I need to configure the domain for that mode. What problems with this cause, if any, to my 2003 server if I want to keep it for a fall back in case of a failure?

https://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_3644-Windows-2008-Server-R2-adprep-adprep32.html

Make sure you are running Windows 2003 Native

http://www.petri.co.il/understanding_function_levels_in_windows_2003_ad.htm

Just returned from vacation and I will be getting back to this issue as soon as my feet return to the ground.

I am to the point where I am ready to promote the new server to DC status. I will need to wait until the first week of July when all reports are finished and have been filed so I don't interrupt any critical business.

Here is a status update - I have promoted the new server to DC status. That seemed to go well and I see the users and computers in AD Users and Computers. It is also a Global Catalog Server so I am now ready to transfer the FSMO roles to the new DC.

HELP! I am pretty sure I followed the above instructions to the letter for the migration and adding roles etc. I set the new server's IP addrsss to that of the old DC and am on the appropriate network with the server. Unfortunately all the clients show is no Internet access and an unidentified network. If I try to log on as a user I get logged on with a temporary profile. Please advise. I must have missed something somewhere.

Thanks!

Robert

Incidentally, on the clients the IP address I am getting is in the 169.xxx.xxx.xxx range. I have already tried power cycling etc with no luck.

You are getting an APPIA address which means no DHCP server is running

Post dcdiag

OK, here are the DCDIAG results.
DCDIAG.txt

Any further thoughts on this? Is there some sort of check box or something I missed to define this server as the DHCP server?

You need to add DHCP.

http://www.windowsnetworking.com/articles_tutorials/How-to-Install-Configure-Windows-Server-2008-DHCP-Server.html

OK, I followed those instruction and when I got to the step where the parent domai  and DNS servers are entered I clicked the validate button and it failed. I have the server itself setup as the DNS server. The error was "DNS server at specified IP address is not reachable."
I continued with the installation anyway and after the DHCP role was installed I got the following error - "Attempt to configure DHCP server failed with error code 0x80074E54. The scope parameters are incorrect. Either the scope already exists or its subnet address and mask is inconsistent with the subnet and mask of an existing scope."

Here is another twist - when I tried to demnote the old dc I was only able to rename it. I am attaching .jpg images of the errors I encountered there but one was "The operation failed because : A Domain Controller could not be contacted for the domain HuntingtonCatholic.local that contained and account for this computer."

I am also attaching some errors that showed up in Server manager relating to Active Directory and DNS.


Please, please provide some guidance here.

Thank you!
1863.jpg
2087-1.jpg
2087-2.jpg
2087-3.jpg
DHCP4010.jpg
DHCP10020.jpg
DNS4010.jpg
DCPROMO.JPG
Demotion.JPG
Name-Change.JPG

Could someone please give me some direction here? I cannot figure out what went wrong but I am suspecting something with the DNS. PLEASE advise!!!

Please post dcdiag

I am  posting the results from ipconfig /all and dcdiag. In dcdiag it says to check firewall settings. If I click to use recommended settings" I get the message that the firewall is managed by Group Policy settings and that only an administrator can change it. I am logged in as administrator so I don't understand why I can make changes if I need to.  Please respond. Our systems appear to have access to the Internet but not the network. If I try to log on as a known user I get the message that I am being logged on with a temporary profile. Also, even when on as administrator I can't map any network drives and can even see the network when I try.
DCDIAG1.txt
IPCONFIG.txt

Do you still have the old DC?

Your new DC is not consider a DC.

If you still have the old DC please point the new DC to this DC for DNS.

ipconfig /flushdns
ipconfig /registerdns
dcdiag /fix

Run dcdiag on 2003 DC post results

I do still have the old dc and I used the migration instructions mentioned in one of my comments above to get the settings migrated so I am not sure what you mean by " point the new DC to this DC for DNS." Or how to do it.

I did go through the DNS and DHCP settings on the old DC to see if any of the configuration was missed.

I was able to do everything in the instructions except demote the old dc and rename the new one to the name of the old one.

Your new DC is not a DC. Please change the new DC's TCP\IP settings to point to the old DC for DNS this is what I mean

So, what went wrong that the new DC is not the DC? I want it to be the DC since we have upgraded to Server 2008 and the age of the old server makes using it strictly as a backup the more prudent choice. Do I need to completely disconnect the network cable from the old DC? Do I need to run dcpromo again on the new server?

Thank you!

No the old DC is not functioning properly

I changed its name and IP address in preparation for demoting it and removing it from the network but I got errors when running dcpromo on it.

How did you change the name? If DC you must change a certain way

I changed the name from System Properties

Here is the latest dcdiag from the new server -

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator.CATHOLIC>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = Server2008
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site\SERVER2008
      Starting test: Connectivity
         The host
         65e60394-6e60-4229-9fe1-3fce23252942._msdcs.HuntingtonCatholic.local
         could not be resolved to an IP address. Check the DNS server, DHCP,
         server name, etc.
         Got error while checking LDAP and RPC connectivity. Please check your
         firewall settings.
         ......................... SERVER2008 failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site\SERVER2008
      Skipping all tests, because server SERVER2008 is not responding to
      directory service requests.


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : HuntingtonCatholic
      Starting test: CheckSDRefDom
         ......................... HuntingtonCatholic passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... HuntingtonCatholic passed test
         CrossRefValidation

   Running enterprise tests on : HuntingtonCatholic.local
      Starting test: LocatorCheck
         ......................... HuntingtonCatholic.local passed test
         LocatorCheck
      Starting test: Intersite
         ......................... HuntingtonCatholic.local passed test
         Intersite

C:\Users\Administrator.CATHOLIC>

You can not change the name with System properties on a DC you made that DC not usuable anymore do you have a backup?

Your 2008 did NOT fully promote. The WIndows 2008 is not a full DC

What I need to do is fully promote the 2008 machine. How do I do that now? I tried running dcpromo again but it tells me that my 2008 machine is already a DC.

Right but it is not a full DC it is not consider a full DC if you look in the dcdiags.

Do you have another DC that you did not rename

Nope. Only had the one 2003 machine.

Well you are in trouble then.

Do you have a backup?

I have not removed anything from the 2003 server but we have never had a backup. Am I going to need to reinstall Server 2008 and load the settings the individually?

You renamed the old DC the wrong way. There are procedure to rename a domain controller which you did not follow

I went back and tried to rename it using the instruction from http://www.petri.co.il/windows_2003_domain_controller_rename.htm but was unsuccessful.

OK, I know I messed up somewhere along the line so please help me fix this. Do I need to start all over and build my server and settings manually or is there an easier way?

If your old server is not functioning properly you will not be able to promote another server or fix your current server I don't think.

I might be able to get the primary server running again

Changes these on the primary server to the old server name.


HKLM\System\CCS\Control\Computername "Computername"
HKLM\System\CCS\Control\Computername "ActiveComputername"
HKLM\System\CCS\Services\Tcpip\Parameters "Hostname"
HKLM\System\CCS\Services\Tcpip\Parameters "NVHostname"

Delete all DNS records for the new name you created

Reboot

OK, I will give that a try and let you know what happens. Thanks.

I am going to try your registry editing suggestion tomorrow. I want to make sure I completely understand what you said -

By primary server you are referring to the new server with Server 2008 that I want to be the dc?

Since the old server was hcsserver HKLM\System\CCS\Control\Computername "Computername" will become HKLM\System\CCS\Control\Computername "hcsserver"?

And then in the DNS entried on the 2008 server I delete all entries with the current name for the 2008 server?

Thank you!

OK, here is what I did and the results -

First I backed up the original registyry.

Then I made the registry changes you suggested.

Then I tried to remove DNS entries for the original server name. Unfortunatel I was unable to remove any entries. I got an error when I tried so I then restarted the server. When I went into the DNS console I saw the server name had changed per the changes in the registry, but there were errors. I am attaching screen shots of the errors as well as the latest dcdiag from this server.

Thank you!
dcdiag0725.txt
DNS.jpg
dns1.jpg

Here are a couple of more screen shots. I accidentally hit submit before I was done. If you notice, the option to configure the DNS server is greyed out.
dns2.jpg
dns3.jpg

And I notice in dcdiag that it is still looking for 2008Server. I changed it to hcsserver.

After all of that I thought I would try running DCPROMO again. I am attaching the screen shot of the error I encountered.

I do this work for our small catholic school on a volunteer basis so I don't get as much time to spend as I would like. I plan to take an entire day off work this week to work on this issue if you could give me some direction and maybe a list of potential solutions to this problem. I would really appreciate it. Thank you!
Untitled.jpg

OK, what I ended up doing was re-installing Windows Server 2008. Before I did that, though, I created a backup of active directory using the command line and the command - “wbadmin start systemstatebackup -backuptarget:e:" After re-installing I promoted the server to DC and then added the static IP and the DHCP server role. I am attaching the current dcdiag from this server. The issue now becomes restoring the backup. If I restore the entire AD backup will that put me right back where I was before with the DNS issue and the server not fully promoted? I understand that I can restore selected portions of the backup and I really only need to restore Active Directory Users and Computers. The commands I found for restoring an individual user account are issues from a command prompt after logging into Directory Services Restore Mode. To restore a specific Active Directory object I am to use ntdsutil.
I found an example to restore a user account with a distinguished name of CN=Test User,CN=Users,DC=home,DC=local by using these commands:
ntdsutil
activate instance ntds
authoritative restore
restore object “cn=Test User,cn=Users,dc=home,dc=local”

What is the command to restore the entire Users and Computers folder?

Thank you!
dcdiag0731.txt

Missing the first part of the dcdiag

I will go at lunch and run it again and send it to you.

OK. Here is the complete dcdiag.

I was certain I gave this server the name hcsserver when I installed the OS but the name is WIN-P2FQ0MS56NL. Please provide the proper method to rename this server.
dcdiag0731.txt

Alright that looks ok

SYSVOL errors are there.

Do you  have a SYSVOL?

I have not setup a SYSVOL. I know we will be using some of the items commonly found in SYSVOL like Group Policy. We don't use any logon scripts.

You do not create SYSVOL when you promote it should create on it's own

Go to Run type \\localhost

Do you see SYSVOL shared?

What will restoring the AD backup from the previous installation get me?

I will run the \\localhost command later this evening when i get back over to the school. I will post the results.

Here is a screen shot of localhost. Yes, Sysvol is shared.
localhost.jpg

I plan to be at the school all day tomorrow - Thursday - so if you could give me some direction as to what I need to do next and maybe monitor this discussion we can get this server to function the way it needs to on this network.  Thank you!

Seems like it is working properly

So why the Sysvol errors you mentioned before?

And can I safely restore the backup of Active Directory Users and Computers so I don't have to add all the users individually?

You built the domain from scratch?

yes. I backed up the ADUC from previous install

Alright so, right now you have a brand new domain that is not connected to  the old domain?

Yes but it has the name of the old domain.

The old DC has been completely disconnected from the network.

If you restore the objects I do not think that will work.

OK, then I will need to create OUs and user accounts by hand. Shouldn't the server see the clients when they logon?

no they will have to be added to the new domain even though name is the same you are going to have to add to this domain

By computer name?

You need to go to each computer unjoin the domain they are in now and join the new domain

OK. So even though the domain has the same name am I correct that the new server makes it a new domain?

OK, computer are appearing as you said they would by removing and then rejoining the domain. Now, I have a password problem on user accounts.  In the past, with Server 2003, we used 4 character passwords because it was easy for our younger students to remember them. I tried using asdi edit but when I finished and tried to apply the new password policy it showed that is was already applied. I went to the rsop for the OU I want to change and could not change anything. I thought the minimum was 7 characters but I tried that with a user account and got an error that it wasn't long enough. I am attaching a screen shot of the rsop. How do I change the minimum password length to, at most, 7 characters. Please provide as much detail as possible.

Thank you!

http://technet.microsoft.com/en-us/library/cc264456.aspx

Thanks! I figured that part out. I am in the process of reloading all the user accounts and removing and then re-adding all the client systems to the domain. So far I have been able to logon with a couple of different user accounts. I am wondering, I read somewhere that is Server 2008 DHCP reservations had to be within the scope that has been established. I set the scope the same as it was before 192.168.0.100 to 192.168.0.249. All of our printers have static IP such as 192.168.0.25, 27, 28, 28, 32, 33, up to .39. Is that going to cause me a problem?