Link to home
Start Free TrialLog in
Avatar of Leo
LeoFlag for Australia

asked on

Domain controller 2003 to 2008 upgrade

I have been assigned a project to updgrade DC i.e. 2003 to 2008, now under Active Directory Sites and Services, under servers, there are 4 servers, one of them is at offsite at a disaster recovery site, 3 of them are on site, I am not sure out of 3 servers how many are virtual.

Can anyone kindly help me to go through upgrading of DC from server 2003 to 2008? And a fall back plan if it doesn’t work out?

They are using Symantec backup, and I haven’t worked on this site before, just started today.

is SCCM an option? they dont have it, just thought if it would be helpful?

What should i do about the applications running on the server ?  

Thanks.
ASKER CERTIFIED SOLUTION
Avatar of Lee W, MVP
Lee W, MVP
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Leo

ASKER

1)There are two DCs under primary site and two under DR site, they are both replicated.

2)As you suggested first test on run Dcdiag, would it affect if I run the test during business hours?

3)Kindly check the following tests and let me know if I need to add or changes anything in them.

dcdiag /test:Connectivity /e /f:c:\dnsConnectivity.log
dcdiag /test:Replications /e /f:c:\dnsReplications.log
dcdiag /test:Topology /e /f:c:\dnsTopology.log
dcdiag /test:CutoffServers /e /f:c:\dnsCutoffServers.log
dcdiag /test:NCSecDesc /e /f:c:\dnsNCSecDesc.log
dcdiag /test:NetLogons /e /f:c:\dnsNetLogons.log
dcdiag /test:Advertising /e /f:c:\dnsAdvertising.log
dcdiag /test:KnowsOfRoleHolders /e /f:c:\dnsKnowsOfRoleHolders.log
dcdiag /test:Intersite /e /f:c:\dnsIntersite.log
dcdiag /test:FsmoCheck /e /f:c:\dnsFsmoCheck.log
dcdiag /test:RidManager /e /f:c:\dnsRidManager.log
dcdiag /test:MachineAccount /e /f:c:\dnsMachineAccount.log
dcdiag /test:Services /e /f:c:\dnsServices.log
dcdiag /test:OutboundSecureChannels /e /f:c:\dnsOutboundSecureChannels.log
dcdiag /test:ObjectsReplicated /e /f:c:\dnsObjectsReplicated.log
dcdiag /test:frssysvol /e /f:c:\dnsfrssysvol.log
dcdiag /test:frsevent /e /f:c:\dnsfrsevent.log
dcdiag /test:kccevent /e /f:c:\dnskccevent.log
dcdiag /test:systemlog /e /f:c:\dnssystemlog.log
dcdiag /test:RegisterInDNS /DnsDomain:nrdc.net /e /f:c:\dnsRegisterinDNS.log
dcdiag /test:CrossRefValidation /e /f:c:\dnsCrossRefValidation.log
dcdiag /test:CheckDRefDom /e /f:c:\dnsCheckDRefDom.log
dcdiag /test:VerifyReplicas /e /f:c:\dnsVerifyReplicas.log
dcdiag /test:VerifyReferences /e /f:c:\dnsVerifyReferences.log
dcdiag /test:VerifyEnterpriseReferences /e /f:c:\dnsVerifyEnterpriseReferences.log
dcdiag /test:CheckSecurityError /e /f:c:\dnsCheckSecurityError.log
dcdiag /test:DNS /e /f:c:\dnsDNS.log

4)What do I have to do with Exchange Server and group policies?
Avatar of Leo

ASKER

The primary DC is virtual.........would that make a difference?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Leo

ASKER

Thanks for your input, i have been told by manager, that he wants to install server 2008 on a new virtual server, means he dont want to migrate anything, so what should i do now?
EXACTLY what I told you to.  To highlight:

Second to last paragraph from my first comment:
By the way - I DO NOT recommend UPGRADES.  MIGRATE - meaning install new, clean systems virtually (and direct to hardware, though installing to hardware these days SHOULD be done only when absolutely necessary, in my opinion).

But you should ask your boss - does he want a NEW DOMAIN?  Or or new server installation - a new server installation is a migration.  A new domain is - for a network that large - grounds for committal to a psychiatric hospital unless there's a VERY VERY GOOD REASON.
Avatar of Leo

ASKER

the domain is same, he dont need a new domain, he just need a new installation server. so its a new server migration.
Avatar of Leo

ASKER

should i start transferring FSMO roles for windows 2003?

http://support.microsoft.com/kb/324801
To what?  I thought you didn't have any 2008 servers yet?

Question: Why are YOU doing this?  From the sounds of things, you have NEVER done this sort of thing.  What makes your boss think it's a good idea for you to be the one responsible for potentially bringing the company down if you do something wrong?  If you HAVE done this before, then the basic procedure should not be alien to you, but your questions and comments are suggesting it is.  

It seems you have chosen to ignore my advice in my very first post (which outlines the entire process).  At least that's the impression I've gotten.

To repeat and highlight my first three sentences:
If you've never done this before you need to.  Not because I think it's terribly difficult, but you should know what to expect.  Setup a couple of VMs and do this in a test environment.

Once you done this AT LEAST ONCE (preferrably TWICE) , you can follow the rest of the directions.  Or better yet, tell your boss you need to work with someone who has done this before so you can learn from someone with experience, first hand.

I want to be clear here, I'm not trying to insult you or make you angry or irritated or pissed off - I have no doubt with some training/experimenting/reading/experience you have an excellent chance at doing this successfully (EVERY network has idiosyncrasies that could throw even a well experienced tech off, but doing this cold with no experience and formal training of any sort is ASKING for trouble.  If I were your boss and found you asking this question, I would remove you from this job or assign a more experienced person to work with you so you could learn.  DON'T hide your inexperience... that's dangerous (don't know if you are or if your boss doesn't care, in which case, he's the one who should be under review).

As far as FSMO transfer goes, I prefer Petri's documentation on the topic:
www.petri.co.il/transferring_fsmo_roles.htm
Avatar of Leo

ASKER

I will close off this question, i have recently done a project in which i installed and configured sbs 2011, certificates, Zones, DNS, ACL routes on router.
The questions i asked was from my manager, and i knew what to say or do, i just thought before doing anything i will confirm with an expert.
please in any questions i asked in future dont help me again, no one have give you the authority to put anyone in review. I dont want to argue.
bye.
Avatar of Leo

ASKER

I've requested that this question be deleted for the following reason:

Please delete this question, i asked the question to get not to get humilated and feel bad.<br /><br />thanks.
I'm sorry you felt humiliated or bad.  I tried to help but when you came back with what seemed to be a non-nonsensical comment based on the prior comments we both made, I felt it appropriate to illustrate that EXPERIENCE is invaluable and if you don't have it (which your comments suggested) you needed to obtain it.
I object to the deletion because the question, as asked was answered.  He made a sudden left turn that seemed to come out of no where which prompted my last major comment.
Avatar of Leo

ASKER

I am not going to take any suggestions from leew, as his suggestions were good, but he asked me and my manager job to put under review, i am not sure if people should come to this site to get help or to get their jobs get under reviewed.

You can award the points. I am not going to take any suggestions from Leew.
thanks.
I'm sorry you were offended.  As I read your question and comments, I grew concerned about the level of knowledge you currently possess.  I want to see people successfully employ technology but my interpretation of your skill level based on your comments suggested you were not yet ready to undertake this project.  Once again, I apologize if you were offended as my intent was not to offend.