Managing Active Directory can get complicated. Often, the native tools for managing AD are just not up to the task. The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.
Course Of The Month
7 days, 19 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Migrating DC server 2003 sp2 32bit AD, DNS, DHCP to Server 2008 R2
Posted on 2014-01-07
I currently have 2 DC on seperate boxes running Server 2003 sp2 32bit. 1 DC replicates to the other DC. The roles are AD, DNS, DHCP. I will also be upgrading my Exchange server 2003 to a new server box as well. (do I need to prep for that during this migration even though the current exchange resides on a seperate box and I will be migrating that over to a new server box as well?)
I currently have 300 users, 275 computers, a few GPO's, etc... I have searched online for step by step but find different answers, so I just want to make sure what the easiest way to migrate this all over flawlessly.
Thank you for your help
I currently have 300 users, 275 computers, a few GPO's, etc... I have searched online for step by step but find different answers, so I just want to make sure what the easiest way to migrate this all over flawlessly.
Thank you for your help
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
7
5
3- +2
18 Comments
First step is to introduce new Domain Controller in your environment. If you're interested,please follow an article on my blog for that at
http://kpytko.pl/2011/08/25/adding-first-windows-server-2008-r2-domain-controller-within-windows-2003-network/
After that DC with Global Catalog and DNS is done. Now, you need to transfer FSMO roles from the old DC into Windows Server 2008R2
http://kpytko.pl/2011/08/26/transferring-fsmo-roles-from-gui/
http://kpytko.pl/2011/08/26/transferring-fsmo-roles-from-command-line/
When you transfer PDC Emulator role to another DC, you need to advertise new time server in your environment
http://kpytko.pl/2013/12/02/advertising-new-time-server-in-domain-environment/
and the last step is to migrate DHCP database. For that you may follow this article
http://blogs.technet.com/b/networking/archive/2008/06/27/steps-to-move-a-dhcp-database-from-a-windows-server-2003-or-2008-to-another-windows-server-2008-machine.aspx
and the most important part! You need to remember that you have to update option no 006 under server/scope settings (depends on your configuration) on DHCP server to add new DNS servers and remove the old ones.
Each server/workstation with fixed IP address need to be manually reconfigured to point only to new DNS servers.
After that, switch off your Windows Server 2003 Domain Controllers for few days and observe if everything is working fine. If so, you can decommission them
http://kpytko.pl/2011/08/29/decommissioning-the-old-domain-controller/
and that's all! You don't have to worry about your Exchange because it is on separate server and during introduction new version, you will be extending AD Schema but this will be done later and it is a different story :)
Regards,
Krzysztof
http://kpytko.pl/2011/08/25/adding-first-windows-server-2008-r2-domain-controller-within-windows-2003-network/
After that DC with Global Catalog and DNS is done. Now, you need to transfer FSMO roles from the old DC into Windows Server 2008R2
http://kpytko.pl/2011/08/26/transferring-fsmo-roles-from-gui/
http://kpytko.pl/2011/08/26/transferring-fsmo-roles-from-command-line/
When you transfer PDC Emulator role to another DC, you need to advertise new time server in your environment
http://kpytko.pl/2013/12/02/advertising-new-time-server-in-domain-environment/
and the last step is to migrate DHCP database. For that you may follow this article
http://blogs.technet.com/b/networking/archive/2008/06/27/steps-to-move-a-dhcp-database-from-a-windows-server-2003-or-2008-to-another-windows-server-2008-machine.aspx
and the most important part! You need to remember that you have to update option no 006 under server/scope settings (depends on your configuration) on DHCP server to add new DNS servers and remove the old ones.
Each server/workstation with fixed IP address need to be manually reconfigured to point only to new DNS servers.
After that, switch off your Windows Server 2003 Domain Controllers for few days and observe if everything is working fine. If so, you can decommission them
http://kpytko.pl/2011/08/29/decommissioning-the-old-domain-controller/
and that's all! You don't have to worry about your Exchange because it is on separate server and during introduction new version, you will be extending AD Schema but this will be done later and it is a different story :)
Regards,
Krzysztof
These articles are great however all of them seem to be showing how to upgrade your current server box from 2003 to 2008, I'm not doing it that way, I'm going from one server box (2003 32bit) to a completely seperate new server box (2008 r2 64bit)
Do I have to run any of the ADPREP stuff if I'm doing it this way? Or do I just install server 2008 on the new server box, then load the roles AD, DNS, DHCP and then what?
Do I have to run any of the ADPREP stuff if I'm doing it this way? Or do I just install server 2008 on the new server box, then load the roles AD, DNS, DHCP and then what?
Nope, this procedure is exactly suitable for your scenario :) Yes, you need to perform adprep as it is shown in article.
We do not show you how to do in-place upgrade (which is not supported in your scenario) but valid procedure to add the first 2008 R2 Domain Controller in current environment.
So, first of all you need this one
http://kpytko.pl/2011/08/2
If you have more questiosn, do not hesitate to ask
Krzysztof
We do not show you how to do in-place upgrade (which is not supported in your scenario) but valid procedure to add the first 2008 R2 Domain Controller in current environment.
So, first of all you need this one
http://kpytko.pl/2011/08/2
If you have more questiosn, do not hesitate to ask
Krzysztof
Looking at the description of your environment you have to be cautious.
I'm guessing (hoping) you have more than one DHCP and DNS, if not you should be even more cautious.
I will recommend to add the 2008 and just make it DNS and GC, wait for replication to take place, if your 2003 holds all your DHCP tables, I will recommend you to split them to at least 2 servers physical or virtual. This part is tricky as you will have to create the scopes but not start them yet. When you are ready you will have to change/reduce the scope of your current DHCP and then start the corresponding segment on the new DHCP server. This will prevent DHCP collisions and will make it easy to machines to renew their IPs automatically without rebooting. This process takes time depending on your settings, you can lower the time your DHCP keeps IPs alive to reduce wait period but if it's not too long you can leave it and work on other things on your new server.
When you have finished all updates on your 2008... DHCP, DNS, etc... then transfer your FSMO from 2003.... do not remove/demote the server... test everything works correctly... specially your exchange... test... test... demote the server only when you know every single client is working fine with the new DC.
I'm guessing (hoping) you have more than one DHCP and DNS, if not you should be even more cautious.
I will recommend to add the 2008 and just make it DNS and GC, wait for replication to take place, if your 2003 holds all your DHCP tables, I will recommend you to split them to at least 2 servers physical or virtual. This part is tricky as you will have to create the scopes but not start them yet. When you are ready you will have to change/reduce the scope of your current DHCP and then start the corresponding segment on the new DHCP server. This will prevent DHCP collisions and will make it easy to machines to renew their IPs automatically without rebooting. This process takes time depending on your settings, you can lower the time your DHCP keeps IPs alive to reduce wait period but if it's not too long you can leave it and work on other things on your new server.
When you have finished all updates on your 2008... DHCP, DNS, etc... then transfer your FSMO from 2003.... do not remove/demote the server... test everything works correctly... specially your exchange... test... test... demote the server only when you know every single client is working fine with the new DC.
Thank you all for you answers on this and I will give credit out soon, However I did have one more question which could turn into more questions later
Would it be easier to just go from Windows 2003 to Windows 2012 R2?
Would it be easier to just go from Windows 2003 to Windows 2012 R2?
HI,
this installation just transfer FSMO role to this windows server 2012, right?" IF you have checked the domain with command line tools dcdiag, repadmin, ADREPLSTATUS(GUI version) and DNSLint for errors transfer the FSMO roles to the new DC.
BEFORE demoting the server follow this steps:
- reconfigure your clients/servers that they not longer point to the old DC/DNS server on the NIC
- to be sure that everything runs fine, disconnect the old DC from the network and check with clients and servers the connectivity, logon and also with one client a restart to see that everything is ok
- then run dcpromo to demote the old DC, if it works fine the machine will move from the DC's OU to the computers container, where you can delete it by hand. Can be that you got an error during demoting at the beginning, then uncheck the Global catalog on that DC and try again
- check the DNS management console, that all entries from the machine are disappeared or delete them by hand if the machine is off the network for ever
- also you have to start AD sites and services and delete the old server name under the site, this will not be done during demotion.
this installation just transfer FSMO role to this windows server 2012, right?" IF you have checked the domain with command line tools dcdiag, repadmin, ADREPLSTATUS(GUI version) and DNSLint for errors transfer the FSMO roles to the new DC.
BEFORE demoting the server follow this steps:
- reconfigure your clients/servers that they not longer point to the old DC/DNS server on the NIC
- to be sure that everything runs fine, disconnect the old DC from the network and check with clients and servers the connectivity, logon and also with one client a restart to see that everything is ok
- then run dcpromo to demote the old DC, if it works fine the machine will move from the DC's OU to the computers container, where you can delete it by hand. Can be that you got an error during demoting at the beginning, then uncheck the Global catalog on that DC and try again
- check the DNS management console, that all entries from the machine are disappeared or delete them by hand if the machine is off the network for ever
- also you have to start AD sites and services and delete the old server name under the site, this will not be done during demotion.
The installation of 2012 is somewhat similar.
In my case I was not able to find or run ADPREP command.
So I end up doing the installation without it and I'm still in a "hybrid-transition" with 2003 DC, DNS, DHCP servers, Exchange 2003 and 2012 PDC, DNS, DHCP.
In other words, yes you can do it... you won't find many docs about it... you will find to 2008 but basically is the same... I did it like that...
In my case I was not able to find or run ADPREP command.
So I end up doing the installation without it and I'm still in a "hybrid-transition" with 2003 DC, DNS, DHCP servers, Exchange 2003 and 2012 PDC, DNS, DHCP.
In other words, yes you can do it... you won't find many docs about it... you will find to 2008 but basically is the same... I did it like that...
Ok so I went with the 2008 R2 operating system as my new DC
I followed all the steps that iSiek posted as a link http://kpytko.pl/2011/08/25/adding-first-windows-server-2008-r2-domain-controller-within-windows-2003-network/
Now DNS is installed on this server, what do I do now, add the DHCP role and then what?
I followed all the steps that iSiek posted as a link http://kpytko.pl/2011/08/25/adding-first-windows-server-2008-r2-domain-controller-within-windows-2003-network/
Now DNS is installed on this server, what do I do now, add the DHCP role and then what?
If you can't shutdown your clients connections, you must do a progressive pass of the DHCP to your new box.
Yes, you can install the DHCP role, just make sure you don't have any collision in the scopes. To prevent that, you should reduce your actual DHCP scope or prevent this server from giving some IPs out; Those IPs left out you should put them on the new DHCP server and wait for the renovation process to take place... this can be long depending on your DHCP settings.
You can always turn one off and start the other one right away but you can't have 2 DHCP giving the same range of addresses in a LAN.
Then, you should transfer FSMO. You got some links for this but here is another: How to view and transfer FSMO roles in Windows Server 2003
Yes, you can install the DHCP role, just make sure you don't have any collision in the scopes. To prevent that, you should reduce your actual DHCP scope or prevent this server from giving some IPs out; Those IPs left out you should put them on the new DHCP server and wait for the renovation process to take place... this can be long depending on your DHCP settings.
You can always turn one off and start the other one right away but you can't have 2 DHCP giving the same range of addresses in a LAN.
Then, you should transfer FSMO. You got some links for this but here is another: How to view and transfer FSMO roles in Windows Server 2003
I migrated over the DHCP scopes and my New Server 2008 shows it in there and its authorized.
However when I turn off the old 2003 server my clients will not grab a vaild license from the new server
I do have a cisco 6506 switch and can see in the config that is shows ip helper-address as 10.128.xxx.xx which is my old 2003 server, do I need to switch these entries, could that be causing my problem?
Is there a way I can change the IP address of the old server to something else and change the new one to what the old one was instead?
However when I turn off the old 2003 server my clients will not grab a vaild license from the new server
I do have a cisco 6506 switch and can see in the config that is shows ip helper-address as 10.128.xxx.xx which is my old 2003 server, do I need to switch these entries, could that be causing my problem?
Is there a way I can change the IP address of the old server to something else and change the new one to what the old one was instead?
As I mentioned before, when you are migrating DHCP Server scopes from only 1 DHCP server you will not have the results you are expecting unless you shutdown all the computers in your organization. They have a valid IP and still alive!, they won't get a new one until the current one expires.
If your old 2003 box is just that a box with a file server only role left, then yes... everything should be pointing to your new 2008 box.
If your old 2003 box is just that a box with a file server only role left, then yes... everything should be pointing to your new 2008 box.
Well here is what I did, after I transfered all my scopes from the old server and turning it off clients still couldn't grab the addresses from the new server. they kept grabbing the 169.xx.xx.xx address.
So I changed the old server box to a different static IP, then changed the new box to that same IP the old one use to be on and updated the DNS records and SOA records and then everyone was now connecting to the new server for DHCP licences.
So I changed the old server box to a different static IP, then changed the new box to that same IP the old one use to be on and updated the DNS records and SOA records and then everyone was now connecting to the new server for DHCP licences.
Featured Post
Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies. Only from Platform Scholar.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed.
Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
A hard and fast method for reducing Active Directory Administrators members.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008.
Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses
Course of the Month7 days, 19 hours left to enroll
728 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.