Link to home
Create AccountLog in
Avatar of Clint Jones
Clint JonesFlag for United States of America

asked on

Migration Messup, SYSVOL and Active Directory

I have a serious serious problem I need help disperately,

I have 2 servers one running windows 2000 and the NEW running 2003 R2 both are domain controllers.

Migrated active directory and other components over from the 2000 server to the new 2003 server. Added all client PC's to new server 2003 producing new SID's.

I went into AD sites and services and both servers our there - click on the NTDS and told to replicate NOW...

All 5 active directory master level have turn on for the new server 2003.

Demoted the old server so it wouldn't be a primary controller any longer...

ISSUES IS:  The old server is failing it shuts off no reason at times and want to completely remove it from the network.

When I turn the old server off.  My domain disappears and no can connect to the network as the new server and SQL server which is just a member server.  Old server has to be on even though is pointing to it.

SYSVOL is empty on the new server 2003 but on the OLD server 2000 SYSVOL is NOT empty, Replication is not happening and network goes down if old 2000 server is shut off...

When windows 2003 server was created and made a domain controller using DCPROMO - We used the exact same name as the domain of the old server.  Both XXXXX.local & XXXXX.local.  Even though activetory has been migrated and the server made a master.  

The domain disappears so it obviously is still co dependent on the old 2000 server and SYSVOL is empty but the old server SYSVOL is not empty.

I am sure no replication is happening and other things I probably dont know about that may be like SYSVOL...

PLEASE HELP AND ADD ANYTHING THAT I AM NOT THINKING ABOUT...

Thanks Clint
Avatar of Chris H
Chris H
Flag of United States of America image

You need to seize all FSMO roles and Global Catalog on one of your 2003 Domain Controllers.  

Then make sure all your hosts are using one of the 2003 DC's for DNS.
STOP.  NOW.
Do not seize anything.  Do not turn anything off.  If you could, I'd restore backups, but on the other hand, if you got this far into this, then you could cause even more problems by restoring backups.

I'm guessing you never tested this process in a lab environment?

(more to follow - but I wanted to keep you from doing something really bad if it wasn't already too late).
Start with running DCDIAG and posting your DNS settings.  You're in a mess that needs to be cleaned up.  Why you're getting rid of and demoting things I don't know...
Before attempting replication you should have checked your FRS log to see if you won't find out that your old server is in Jurnal Wrap
Event 13568
The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.
The error explains how to fix it.
Avatar of Clint Jones

ASKER

WAIT WAIT...  I think there is a misunderstanding...  What I want is to make the NEW 2003 Server the sole only server at all - Primary domain controller and OLD server is going to be trashed...

I want the old server GONE...  Then having ONE server only windows 2003...

I don't need to restore from backups as the OLD server has a hardware issue NO DATA has been lost...

Understand I want to make the new server the primary domain controller MASTER - which I have made it a MASTER.  I want the old server offline permanently.

But as I said if I turn it off (OLD 2000 SERVER) - network goes down, domain disappers etc

AND SYSVOL is empty no files no folders just a empty SYSVOL????
Avatar of emadallan
emadallan

i think the main step that most administrators forget is: enabling windows 2000 schema update! believe me, if you don't enable it nothing will work!
visit this url to verify all required check before you proceed to migrate to 2003 DC:
http://support.microsoft.com/kb/555040/en-us
regards
To answer one of your questions the OLD 2000 Server has hard issues but the point being I need to make the New 2003 server a stand alone primary domain controller...
Please tell me you ran adprep and forestprep on your 2000 DC....
here is how to enable windwos 2000 schema update:
http://support.microsoft.com/kb/285172/en-us
Migration has happened.  As I stated in the original post that active directory has been migrated to the new server and all client PC's are have been added to it... You dont think making the new server 2003 using the same domain name of old server 2000 is an issue???
It sounds like you have two domains running on two separate DC's with the same damn name.   Right?  You should have created a different named domain in order to migrate.  AD makes DC's very aware of other domain controllers on the network.  Isolate the new DC, re-promo it, migrate users and computer over and start from there.

http://support.microsoft.com/?id=326480

Lol, damn name should be domain name but i'm leaving it...
of course enable schema update on your windows 2000 DC, once it's enable you will see replication success!
Why would run adprep and forestprep on your 2000 DC - on the 2000n server that has already been in use for years with no issues... Dont you mean the new server 2003 that I moving too???
No, you need to add the 2003 schema to DC 2000's schema.
So your saying enabling scheme updates on the OLD 2000 server it will replicate to the new server..  Will sysvol be replicated as it is empty on the new server with no files???

But what when I trash old server that has damaged hardware from the network... When goes off network goes down, applications that need to connect to new server go down etc
ClintStephenJones, do you understand me or not?! just enable schema update on your windows 2000 DC as i mention and you will see the magic.
I would demote this 2003 DC or forcefully remove and cut it out of AD.  Then, forest prep and adprep your 2000 schema on your 2000 DC.  Then, add a second domain controller (2003), seize all FSMO roles, steal global catalog, then demote the 2000 DC.
> Migration has happened.  As I stated in the original post that active directory has
> been migrated to the new server and all client PC's are have been added to it... You
> dont think making the new server 2003 using the same domain name of old server 2000
> is an issue???

First of all, you're using incorrect terminology so we're trying to decipher what EXACTLY you did.  

Did you build a new domain with the same name as the old?  Or did you add a new DC to your old domain?

>  primary domain controller MASTER
is NOT a real thing.  Active Directory doesn't use Primary Domain Controllers.  It's a MULTI-MASTER technology so there is no "primary".  There are FSMO roles - Flexible Single Master Operations - is that what you mean by "master"?

You don't transfer computers to a new domain controller - unless you disjoin them from the domain and rejoin them to a new one... but some things you say suggest you migrated the domain...

So if you want GOOD, accurate help, you're going to need to clarify what you did.  Ideally, if you have the mess it sounds like, you should hire a pro to do the migration for you and then you can manage it... but if you're resigned to chaos, we can try to help...
@emadallan

The 2003 DC did not assign the same RIDs, SIDs, or GUIDs to any of the hosts...  This sounds like he has TWO DC's, each with their own separate (but the same name) domain on the same physical network....
choward16980 to answer your response on the name of domains... Some else did with minor IT knowledge I would have never named them the same name....
ASKER CERTIFIED SOLUTION
Avatar of Chris H
Chris H
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Your 2003 DC is probably doing absolutely nothing other than maybe some DNS... Which I promise isn't helping anything right now...
Everyone gave different answers so I NEED to isolate as in unplug the network cable and demote the new server 2003 and repromo it using DCPROMO???

Do the migration all over again using the Active Directory Migration Tool version 2

I need to run adprep - How do I add the schema of the 2003 server to the 2000 server.

and enable 2000 scheme updates on the OLD server...  

Can I demote the new windows 2003 server and make it where its not a Domain controller but just plain stand alone server and then run DCPromo all over again us a NEW DOMAIN NAME???   Then for migration using Active Directory Migration Tool version 2 to migrate active dirctory over to new 2003 server... If so I need to enable windows 2000 scheme updates...
choward16980

I would demote this 2003 DC or forcefully remove and cut it out of AD.  Then, forest prep and adprep your 2000 schema on your 2000 DC.  Then, add a second domain controller (2003), seize all FSMO roles, steal global catalog, then demote the 2000 DC.

what about remigration???? If I cut out active directory then I must remigrate the Active directory correct and do I run the scheme preps etc on 2000...

I dont how to run windows 2003 scheme on window 2000 server..
howard16980

So turn off the 2003 DC and fry it.  
Follow microsoft's procedure for removing an orphaned DC on your 2000 DC. (if it even shows)
Run 2003 adprep and forestprep on 2000DC.
Add second DC (2003)
Seize all roles on 2003 DC
Copy Global Catalog on 2003 DC
demote 2000 DC

DONE!!!!



What does fry it up mean???  Do you mean demoting 2003 server and repromoting???

Understand about removing an orphaned DC from 2000 server - taking the windows 2003 server out..

Turning it off so it 2000 cant find 2003..

How to I run adprep and forest prep on the windows 2000 using 2003 files adprep etc... On the disk or copy from 2003 server the files???

WHEN YOU SAY ADD the 2nd domain controller meaning I do nothing on the 2nd 2003 server all but turn back on and seize roles etc...  I dont do any demoting of the 2003 NEW server...

I know how to seize FSMO roles.

But lastly how do I copy the global catalog from the old server to the new server

HELP PLEASE!!!!!!
If you want this to be SUCCESSFUL you will spend the next week setting up TEST environments and learning it.

or

If you want this to be SUCCESSFUL you will hire a professional with EXPERIENCE.

Otherwise, you're creating a huge mess and this will take FAR longer than it needs to.  A pro should be able to get this done in a couple of hours if you have a high speed internet connection.  I suspect this will take the better part of two or three days since you don't know what you're doing.
I would demote this 2003 DC or forcefully remove and cut it out of AD.  Then, forest prep and adprep your 2000 schema on your 2000 DC.  Then, add a second domain controller (2003), seize all FSMO roles, steal global catalog, then demote the 2000 DC.

2 things:

If I demote the 2003 while doing the rest... I need to run DCPROMO again to just repromo - meaning if I cut active directory I have to reinstall correct... Like it was when it was installed brand new and creating active directory all over again... Will keep the domain it had before or will go thru the steps asking me again and if so should give a different name then or ????

Also,  I will have to migrate the active directory over from windows 2000 to 2003 before I demote server 2000 correct...

I just need details I dont want to make a mistake!!!!!

Thank you for help me and everyone else... thank you
I'm happy to help you learn it... but I consider it EXTREMELY unwise to do this on a production network without knowing what you're doing!
leew

I think I said Domain controller master your taking to literally - I meant I made the new server the role of being the master domain controller in active directory...

I have done this before many times successifully in the past it has been awhile so refreshing my memory...

I didnt recreate the mess the owner knows just enough IT to be dangers...

I understand fully the owner didnt add to domain to the windows server he just named it exactly the same name as the old one when came to naming the domain controller... Computer names are different..

I have 5 servers running at home running 2003 to 2008, exchange, share point server etc - all running perfectly and setup perfectly...

AGAIN, I did none of this I would never used the same name twice, would ran all the prep tools prior to migration, Made the new server a master AD role and demoted the old server etc...

 Migration has happened.  As I stated in the original post that active directory has
> been migrated to the new server and all client PC's are have been added to it... You
> dont think making the new server 2003 using the same domain name of old server 2000
> is an issue???

First of all, you're using incorrect terminology so we're trying to decipher what EXACTLY you did.  

Did you build a new domain with the same name as the old?  Or did you add a new DC toyour old domain?

>  primary domain controller MASTER
is NOT a real thing.  Active Directory doesn't use Primary Domain Controllers.  It's a MULTI-MASTER technology so there is no "primary".  There are FSMO roles - Flexible Single Master Operations - is that what you mean by "master"?

You don't transfer computers to a new domain controller - unless you disjoin them from the domain and rejoin them to a new one... but some things you say suggest you migrated the domain...

So if you want GOOD, accurate help, you're going to need to clarify what you did.  Ideally, if you have the mess it sounds like, you should hire a pro to do the migration for you and then you can manage it... but if you're resigned to chaos, we can try to help...

 
 Migration has happened.  As I stated in the original post that active directory has
> been migrated to the new server and all client PC's are have been added to it... You
> dont think making the new server 2003 using the same domain name of old server 2000
> is an issue???

First of all, you're using incorrect terminology so we're trying to decipher what EXACTLY you did.  

Did you build a new domain with the same name as the old?  Or did you add a new DC to your old domain?

>  primary domain controller MASTER
is NOT a real thing.  Active Directory doesn't use Primary Domain Controllers.  It's a MULTI-MASTER technology so there is no "primary".  There are FSMO roles - Flexible Single Master Operations - is that what you mean by "master"?

You don't transfer computers to a new domain controller - unless you disjoin them from the domain and rejoin them to a new one... but some things you say suggest you migrated the domain...

So if you want GOOD, accurate help, you're going to need to clarify what you did.  Ideally, if you have the mess it sounds like, you should hire a pro to do the migration for you and then you can manage it... but if you're resigned to chaos, we can try to help...

Migration has happened.  As I stated in the original post that active directory has
> been migrated to the new server and all client PC's are have been added to it... You
> dont think making the new server 2003 using the same domain name of old server 2000
> is an issue???

First of all, you're using incorrect terminology so we're trying to decipher what EXACTLY you did.  

Did you build a new domain with the same name as the old?  Or did you add a new DC to your old domain?

>  primary domain controller MASTER
is NOT a real thing.  Active Directory doesn't use Primary Domain Controllers.  It's a MULTI-MASTER technology so there is no "primary".  There are FSMO roles - Flexible Single Master Operations - is that what you mean by "master"?

You don't transfer computers to a new domain controller - unless you disjoin them from the domain and rejoin them to a new one... but some things you say suggest you migrated the domain...

So if you want GOOD, accurate help, you're going to need to clarify what you did.  Ideally, if you have the mess it sounds like, you should hire a pro to do the migration for you and then you can manage it... but if you're resigned to chaos, we can try to help...
Understand, based on what you've posted here, if I needed someone to do this for me, I wouldn't feel confident in your skills.  I understand the owner put himself in this position, but from what I'm reading of your skills and knowledge, you're trying to do something IN PRODUCTION in which you have no significant experience doing - and what's worse, it's ALREADY been messed up by someone else.

I want to help you learn this - but NOT on the client's systems.  I get he put himself in a bad position, but this is one of those cases, where you should - in my opinion - find someone with more experience to come in and resolve the situation.  Think about it like this - you have a heart attack - do you want your family doctor performing the operation or do you want a specialist in Heart surgery doing this?  Yes, you're both doctors, but one clearly specializes in the complex procedures required to take care of major issues while the other is good at diagnosing the problem and recommending a professional course of action.

What SHOULD have been done here?

1. FULL BACKUP.  Before you do any major upgrades, you should be doing full backups.  PERIOD.  This is not and should not be considered optional.  Experienced people know that things happen and sometimes a backup is your ONLY way out.
2. Review event logs and run DCDIAG - a check of the health of the existing AD.  Resolve any unexplained errors.
3. Join the 2003 system to the existing domain.
4. Run necessary ADPREP on the 2000 system
5. Promote the 2003 system to a DC.
6. Transfer the FSMO roles and make the 2003 DC a Global Catalog
7. review event logs and run DCDIAG (usually I wait to ensure all replication and anything else that is time based has had the opportunity to kick in. Resolve unexplained issues.
8. Demote the 2000 server
9. Remove from the domain.

There MAY be more *IF* the server was anything other than a DC - like DHCP, DNS, file, print, etc.

If you have specific questions about any of those items, then I would stand by my opinion that you are not ready to do this.  You have more learning to do.  And that learning is not a matter of simply reading some definitions.  You need experience in test environments and more knowledge of what you're doing.  Certainly, you have the ability to learn it and make this a successful upgrade/migration... but right now, especially if you need more specific instructions, I would really question your skills for this TODAY.

(Sorry, I'm being blunt, and I don't mean to offend - just want you and your client to end up with a HEALTHY, working system and not something pieced together that falls apart in 6 months or generates new questions here every other week because something strange is happening!)
Leew,  I don't mind blunt and to the point I am the same way but project it in a different manner it doesn't waste time.  I done these a lot but went back school and my refreshing bring all back in my head again. However, Did ever occur to you maybe I am playing dumb on purpose so I get more detailed helpful information.

Again, thanks for your input.
I'm here to help - not play stupid games guessing when you know what you're talking about and when you don't.  You want my help, be HONEST with me and do the same.  I don't have time to play games - I'll go help someone who wants it.
Thanks  choward16980,

You were of eminence help yesterday.  I have done this before BTW many times but I went back to school for Medical so I am 5 years of my game.  I needed a refresher course and got my notes out from the past when I was IT.  So thanks for being patient and sticking in there....   Clint
No problemo.  I've been in your shoes more than once.