Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Migrate from Server 2003R2 to 2008R2.  Can't find domain if old DC is disconnected.

Posted on 2013-05-14
16
Medium Priority
?
282 Views
Last Modified: 2013-08-25
I just migrated from Server 2003R2 Standard to Server 2008R2 Standard.  I upgraded the old domain to 2003 native mode. Performed forest prep.  When I performed the adprep / domainprep /gpprep I got an error. so I ran just the domainprep switch and got a reply that the changes had already been made. I connected the 2k8 to the domain, set static IP for IPv4 and IPv6, installed Active Directory Domain services, ran DC Promo, allowed install of DNS.  I moved all FSMO roles.  If I run netdom query fsmo all lines show the new DC and it is the primary DC.  Just to check to make sure everything is working, I removed the network cable from the old DC.  When it is disconnected, not even the new DC can find the domain.  I have pointed DNS to the new server including the server itself and all workstations and the old DC. Is this possibly a DNS problem, or did I have a bad migration and should start from scratch.  I only have about 15 users.
0
Comment
Question by:zotfarms
  • 8
  • 4
  • 3
  • +1
16 Comments
 
LVL 11

Expert Comment

by:Pradeep Dubey
ID: 39164444
Have you checked event logs in 2k8 for AD related issues?

Seems something wrong or missed during the migration.

Check the logs once and confirm the same.
0
 
LVL 13

Expert Comment

by:Jaihunt
ID: 39164485
Hi

What you mean not even the new DC can find the domain. What is the primary DNS of the 2008 server(set it to 127.0.0.1) also make sure clients Primary DNS pointing to 2008 IP.

Also check in dnsmgmt.msc--msdcs folder--> Pdc-- Dc-- sites--> kerberos and ldap records ip pointing to 2008 server.

Thanks
Jai
0
 

Author Comment

by:zotfarms
ID: 39164495
If I disconnect the old DC and then open up Domain Users and Computers on the 2k8, I get an error that the domain does not exist.  When I reconnect the old DC that snapin will work.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 13

Expert Comment

by:Jaihunt
ID: 39164512
Did You check by right click change domain controller option in the snapin and which DC it connected to. make sure it connected to 2008 DC. Also check any errors you are getting in eventvwr. provide screenshot of the error.
0
 

Author Comment

by:zotfarms
ID: 39164550
msdcs>dc>sites>kerberos and ldapThis is the screen shot for DC folder. 69thdadc is the new 2k8 server.
0
 
LVL 1

Expert Comment

by:bgrabbe
ID: 39164558
Did you make sure to point the new DC as itself for primary DNS and set the clients for the same? It sounds like you've got the new server and the clients still pointing at the old DC for their primary DNS. Make sure you use the proper IP of the server and not 127.0.0.1. Also make sure you've updated your DHCP scope, as there may be DNS pointers to the old server there.
0
 

Author Comment

by:zotfarms
ID: 39164559
msdcs>pdc>sites>ldap
This is the PDC folder.
0
 
LVL 11

Expert Comment

by:Pradeep Dubey
ID: 39164589
can you read this article once and check your steps you did to migrate. Seems something you missed.

http://social.technet.microsoft.com/forums/en-US/winserverMigration/thread/547c94ba-3826-4e7a-b9ad-80b308beced4/
0
 

Author Comment

by:zotfarms
ID: 39164695
Screenshot of authentication error.

This is the authentication error that I get from a client machine with the old DC disconnected.  This also shows that the primary DNS points to the new server.
0
 
LVL 13

Expert Comment

by:Jaihunt
ID: 39164773
Which one is your dhcp server. Why you manually updated the dns in client machine.? Whether your 2003 DC holding dhcp server.? update the dns in the scopes of your dhcp server.
0
 

Author Comment

by:zotfarms
ID: 39169848
One other thing that I have noticed is that in the network and sharing center, the network type in the new server is private rather than domain.  Any ideas that would cause that?
0
 
LVL 11

Expert Comment

by:Pradeep Dubey
ID: 39170564
Network type change to domain, and then try again.
0
 

Author Comment

by:zotfarms
ID: 39180772
I ran dcdiag on the new server.  I noticed that there were errors regarding sysvol being synchronized.  I then looked at the shares on the server.  NETLOGON and SYSVOL shares were not created on the new server.  Also the folders Policies and Scripts under C:\windows\Sysvol\sysvol\{domain}\ were not created either.  I moved all the fsmo roles back to 2k3, demoted the 2k8 and then repromoted it, but same result.
0
 
LVL 11

Expert Comment

by:Pradeep Dubey
ID: 39180790
Can you do a force replication once and after that run dcdiag, check what other error you are getting..
post that errors here.
0
 

Accepted Solution

by:
zotfarms earned 0 total points
ID: 39424064
I never was able to resolve this issue, so I formatted the server and created a new domain that was clean and healthy.
0
 

Author Closing Comment

by:zotfarms
ID: 39436745
I wish there had been a way to preserve the old domain, but with only 10 users, it was more practical to create a fresh AD.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question