Solved

Migrating DC server 2003 sp2 32bit AD, DNS, DHCP to Server 2008 R2

Posted on 2014-01-07
18
1,544 Views
Last Modified: 2014-03-15
I currently have 2 DC on seperate boxes running Server 2003 sp2 32bit. 1 DC replicates to the other DC. The roles are AD, DNS, DHCP. I will also be upgrading my Exchange server 2003 to a new server box as well. (do I need to prep for that during this migration even though the current exchange resides on a seperate box and I will be migrating that over to a new server box as well?)

I currently have 300 users, 275 computers, a few GPO's, etc... I have searched online for step by step but find different answers, so I just want to make sure what the easiest way to migrate this all over flawlessly.

Thank you for your help
0
Comment
Question by:Neogeo147
  • 7
  • 5
  • 3
  • +2
18 Comments
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 400 total points
Comment Utility
First step is to introduce new Domain Controller in your environment. If you're interested,please follow an article on my blog for that at
http://kpytko.pl/2011/08/25/adding-first-windows-server-2008-r2-domain-controller-within-windows-2003-network/

After that DC with Global Catalog and DNS is done. Now, you need to transfer FSMO roles from the old DC into Windows Server 2008R2
http://kpytko.pl/2011/08/26/transferring-fsmo-roles-from-gui/
http://kpytko.pl/2011/08/26/transferring-fsmo-roles-from-command-line/

When you transfer PDC Emulator role to another DC, you need to advertise new time server in your environment
http://kpytko.pl/2013/12/02/advertising-new-time-server-in-domain-environment/

and the last step is to migrate DHCP database. For that you may follow this article
http://blogs.technet.com/b/networking/archive/2008/06/27/steps-to-move-a-dhcp-database-from-a-windows-server-2003-or-2008-to-another-windows-server-2008-machine.aspx

and the most important part! You need to remember that you have to update option no 006 under server/scope settings (depends on your configuration) on DHCP server to add new DNS servers and remove the old ones.

Each server/workstation with fixed IP address need to be manually reconfigured to point only to new DNS servers.

After that, switch off your Windows Server 2003 Domain Controllers for few days and observe if everything is working fine. If so, you can decommission them
http://kpytko.pl/2011/08/29/decommissioning-the-old-domain-controller/

and that's all! You don't have to worry about your Exchange because it is on separate server and during introduction new version, you will be extending AD Schema but this will be done later and it is a different story :)

Regards,
Krzysztof
0
 
LVL 9

Assisted Solution

by:djsharma
djsharma earned 50 total points
Comment Utility
0
 
LVL 4

Assisted Solution

by:Pradeep VIshwakarma
Pradeep VIshwakarma earned 50 total points
Comment Utility
0
 

Author Comment

by:Neogeo147
Comment Utility
These articles are great however all of them seem to be showing how to upgrade your current server box from 2003 to 2008, I'm not doing it that way, I'm going from one server box (2003 32bit) to a completely seperate new server box (2008 r2 64bit)

Do I have to run any of the ADPREP stuff if I'm doing it this way? Or do I just install server 2008 on the new server box, then load the roles AD, DNS, DHCP and then what?
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
Comment Utility
Nope, this procedure is exactly suitable for your scenario :) Yes, you need to perform adprep as it is shown in article.

We do not show you how to do in-place upgrade (which is not supported in your scenario) but valid procedure to add the first 2008 R2 Domain Controller in current environment.

So, first of all you need this one
http://kpytko.pl/2011/08/25/adding-first-windows-server-2008-r2-domain-controller-within-windows-2003-network/

If you have more questiosn, do not hesitate to ask

Krzysztof
0
 
LVL 4

Expert Comment

by:Pradeep VIshwakarma
Comment Utility
0
 
LVL 11

Expert Comment

by:hecgomrec
Comment Utility
Looking at the description of your environment you have to be cautious.

I'm guessing (hoping) you have more than one DHCP and DNS, if not you should be even more cautious.

I will recommend to add the 2008 and just make it DNS and GC, wait for replication to take place, if your 2003 holds all your DHCP tables, I will recommend you to split them to at least 2 servers physical or virtual. This part is tricky as you will have to create the scopes but not start them yet.  When you are ready you will have to change/reduce the scope of your current DHCP and then start the corresponding segment on the new DHCP server.  This will prevent DHCP collisions and will make it easy to machines to renew their IPs automatically without rebooting.  This process takes time depending on your settings, you can lower the time your DHCP keeps IPs alive to reduce wait period but if it's not too long you can leave it and work on other things on your new server.

When you have finished all updates on your 2008... DHCP, DNS, etc... then transfer your FSMO from 2003.... do not remove/demote the server... test everything works correctly... specially your exchange... test... test... demote the server only when you know every single client is working fine with the new DC.
0
 

Author Comment

by:Neogeo147
Comment Utility
Thank you all for you answers on this and I will give credit out soon, However I did have one more question which could turn into more questions later

Would it be easier to just go from Windows 2003 to Windows 2012 R2?
0
 
LVL 4

Expert Comment

by:Pradeep VIshwakarma
Comment Utility
HI,

 this installation just transfer FSMO role to this windows server 2012, right?" IF you have checked the domain with command line tools dcdiag, repadmin, ADREPLSTATUS(GUI version) and DNSLint for errors transfer the FSMO roles to the new DC.

BEFORE demoting the server follow this steps:

- reconfigure your clients/servers that they not longer point to the old DC/DNS server on the NIC

- to be sure that everything runs fine, disconnect the old DC from the network and check with clients and servers the connectivity, logon and also with one client a restart to see that everything is ok

- then run dcpromo to demote the old DC, if it works fine the machine will move from the DC's OU to the computers container, where you can delete it by hand. Can be that you got an error during demoting at the beginning, then uncheck the Global catalog on that DC and try again

- check the DNS management console, that all entries from the machine are disappeared or delete them by hand if the machine is off the network for ever

- also you have to start AD sites and services and delete the old server name under the site, this will not be done during demotion.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 11

Expert Comment

by:hecgomrec
Comment Utility
The installation of 2012 is somewhat similar.

In my case I was not able to find or run ADPREP command.

So I end up doing the installation without it and I'm still in a "hybrid-transition" with 2003 DC, DNS, DHCP servers, Exchange 2003 and 2012 PDC, DNS, DHCP.

In other words, yes you can do it... you won't find many docs about it... you will find to 2008 but basically is the same... I did it like that...
0
 

Author Comment

by:Neogeo147
Comment Utility
Ok so I went with the 2008 R2 operating system as my new DC

I followed all the steps that iSiek posted as a link http://kpytko.pl/2011/08/25/adding-first-windows-server-2008-r2-domain-controller-within-windows-2003-network/

Now DNS is installed on this server, what do I do now, add the DHCP role and then what?
0
 
LVL 11

Expert Comment

by:hecgomrec
Comment Utility
If you can't shutdown your clients connections, you must do a progressive pass of the DHCP to your new box.

Yes, you can install the DHCP role, just make sure you don't have any collision in the scopes.  To prevent that, you should reduce your actual DHCP scope or prevent this server from giving some IPs out; Those IPs left out you should put them on the new DHCP server and wait for the renovation process to take place... this can be long depending on your DHCP settings.

You can always turn one off and start the other one right away but you can't have 2 DHCP giving the same range of addresses in a LAN.

Then, you should transfer FSMO. You got some links for this but here is another: How to view and transfer FSMO roles in Windows Server 2003
0
 

Author Comment

by:Neogeo147
Comment Utility
I migrated over the DHCP scopes and my New Server 2008 shows it in there and its authorized.

However when I turn off the old 2003 server my clients will not grab a vaild license from the new server

I do have a cisco 6506 switch and can see in the config that is shows ip helper-address as 10.128.xxx.xx which is my old 2003 server, do I need to switch these entries, could that be causing my problem?

Is there a way I can change the IP address of the old server to something else and change the new one to what the old one was instead?
0
 
LVL 11

Expert Comment

by:hecgomrec
Comment Utility
As I mentioned before, when you are migrating DHCP Server scopes from only 1 DHCP server you will not have the results you are expecting unless you shutdown all the computers in your organization.  They have a valid IP and still alive!, they won't get a new one until the current one expires.

If your old 2003 box is just that a box with a file server only role left, then yes... everything should be pointing to your new 2008 box.
0
 

Assisted Solution

by:Neogeo147
Neogeo147 earned 0 total points
Comment Utility
Well here is what I did, after I transfered all my scopes from the old server and turning it off clients still couldn't grab the addresses from the new server. they kept grabbing the 169.xx.xx.xx address.

So I changed the old server box to a different static IP, then changed the new box to that same IP the old one use to be on and updated the DNS records and SOA records and then everyone was now connecting to the new server for DHCP licences.
0
 
LVL 11

Expert Comment

by:hecgomrec
Comment Utility
So you never turn off your old DHCP!!!!
0
 

Author Comment

by:Neogeo147
Comment Utility
No I did turn it off but for some reason the clients couldn't grab a vaild IP address from the new server even though I imported all the IP address scopes.
0
 

Author Closing Comment

by:Neogeo147
Comment Utility
Thank you all for your help
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now