Solved

Migrating DC server 2003 sp2 32bit AD, DNS, DHCP to Server 2008 R2

Posted on 2014-01-07
18
1,578 Views
Last Modified: 2014-03-15
I currently have 2 DC on seperate boxes running Server 2003 sp2 32bit. 1 DC replicates to the other DC. The roles are AD, DNS, DHCP. I will also be upgrading my Exchange server 2003 to a new server box as well. (do I need to prep for that during this migration even though the current exchange resides on a seperate box and I will be migrating that over to a new server box as well?)

I currently have 300 users, 275 computers, a few GPO's, etc... I have searched online for step by step but find different answers, so I just want to make sure what the easiest way to migrate this all over flawlessly.

Thank you for your help
0
Comment
Question by:Neogeo147
  • 7
  • 5
  • 3
  • +2
18 Comments
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 400 total points
ID: 39761469
First step is to introduce new Domain Controller in your environment. If you're interested,please follow an article on my blog for that at
http://kpytko.pl/2011/08/25/adding-first-windows-server-2008-r2-domain-controller-within-windows-2003-network/

After that DC with Global Catalog and DNS is done. Now, you need to transfer FSMO roles from the old DC into Windows Server 2008R2
http://kpytko.pl/2011/08/26/transferring-fsmo-roles-from-gui/
http://kpytko.pl/2011/08/26/transferring-fsmo-roles-from-command-line/

When you transfer PDC Emulator role to another DC, you need to advertise new time server in your environment
http://kpytko.pl/2013/12/02/advertising-new-time-server-in-domain-environment/

and the last step is to migrate DHCP database. For that you may follow this article
http://blogs.technet.com/b/networking/archive/2008/06/27/steps-to-move-a-dhcp-database-from-a-windows-server-2003-or-2008-to-another-windows-server-2008-machine.aspx

and the most important part! You need to remember that you have to update option no 006 under server/scope settings (depends on your configuration) on DHCP server to add new DNS servers and remove the old ones.

Each server/workstation with fixed IP address need to be manually reconfigured to point only to new DNS servers.

After that, switch off your Windows Server 2003 Domain Controllers for few days and observe if everything is working fine. If so, you can decommission them
http://kpytko.pl/2011/08/29/decommissioning-the-old-domain-controller/

and that's all! You don't have to worry about your Exchange because it is on separate server and during introduction new version, you will be extending AD Schema but this will be done later and it is a different story :)

Regards,
Krzysztof
0
 
LVL 9

Assisted Solution

by:djsharma
djsharma earned 50 total points
ID: 39761550
0
 
LVL 4

Assisted Solution

by:Pradeep VIshwakarma
Pradeep VIshwakarma earned 50 total points
ID: 39761707
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Author Comment

by:Neogeo147
ID: 39762642
These articles are great however all of them seem to be showing how to upgrade your current server box from 2003 to 2008, I'm not doing it that way, I'm going from one server box (2003 32bit) to a completely seperate new server box (2008 r2 64bit)

Do I have to run any of the ADPREP stuff if I'm doing it this way? Or do I just install server 2008 on the new server box, then load the roles AD, DNS, DHCP and then what?
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 39763351
Nope, this procedure is exactly suitable for your scenario :) Yes, you need to perform adprep as it is shown in article.

We do not show you how to do in-place upgrade (which is not supported in your scenario) but valid procedure to add the first 2008 R2 Domain Controller in current environment.

So, first of all you need this one
http://kpytko.pl/2011/08/25/adding-first-windows-server-2008-r2-domain-controller-within-windows-2003-network/

If you have more questiosn, do not hesitate to ask

Krzysztof
0
 
LVL 4

Expert Comment

by:Pradeep VIshwakarma
ID: 39764178
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39765078
Looking at the description of your environment you have to be cautious.

I'm guessing (hoping) you have more than one DHCP and DNS, if not you should be even more cautious.

I will recommend to add the 2008 and just make it DNS and GC, wait for replication to take place, if your 2003 holds all your DHCP tables, I will recommend you to split them to at least 2 servers physical or virtual. This part is tricky as you will have to create the scopes but not start them yet.  When you are ready you will have to change/reduce the scope of your current DHCP and then start the corresponding segment on the new DHCP server.  This will prevent DHCP collisions and will make it easy to machines to renew their IPs automatically without rebooting.  This process takes time depending on your settings, you can lower the time your DHCP keeps IPs alive to reduce wait period but if it's not too long you can leave it and work on other things on your new server.

When you have finished all updates on your 2008... DHCP, DNS, etc... then transfer your FSMO from 2003.... do not remove/demote the server... test everything works correctly... specially your exchange... test... test... demote the server only when you know every single client is working fine with the new DC.
0
 

Author Comment

by:Neogeo147
ID: 39769309
Thank you all for you answers on this and I will give credit out soon, However I did have one more question which could turn into more questions later

Would it be easier to just go from Windows 2003 to Windows 2012 R2?
0
 
LVL 4

Expert Comment

by:Pradeep VIshwakarma
ID: 39770204
HI,

 this installation just transfer FSMO role to this windows server 2012, right?" IF you have checked the domain with command line tools dcdiag, repadmin, ADREPLSTATUS(GUI version) and DNSLint for errors transfer the FSMO roles to the new DC.

BEFORE demoting the server follow this steps:

- reconfigure your clients/servers that they not longer point to the old DC/DNS server on the NIC

- to be sure that everything runs fine, disconnect the old DC from the network and check with clients and servers the connectivity, logon and also with one client a restart to see that everything is ok

- then run dcpromo to demote the old DC, if it works fine the machine will move from the DC's OU to the computers container, where you can delete it by hand. Can be that you got an error during demoting at the beginning, then uncheck the Global catalog on that DC and try again

- check the DNS management console, that all entries from the machine are disappeared or delete them by hand if the machine is off the network for ever

- also you have to start AD sites and services and delete the old server name under the site, this will not be done during demotion.
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39771377
The installation of 2012 is somewhat similar.

In my case I was not able to find or run ADPREP command.

So I end up doing the installation without it and I'm still in a "hybrid-transition" with 2003 DC, DNS, DHCP servers, Exchange 2003 and 2012 PDC, DNS, DHCP.

In other words, yes you can do it... you won't find many docs about it... you will find to 2008 but basically is the same... I did it like that...
0
 

Author Comment

by:Neogeo147
ID: 39819702
Ok so I went with the 2008 R2 operating system as my new DC

I followed all the steps that iSiek posted as a link http://kpytko.pl/2011/08/25/adding-first-windows-server-2008-r2-domain-controller-within-windows-2003-network/

Now DNS is installed on this server, what do I do now, add the DHCP role and then what?
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39820656
If you can't shutdown your clients connections, you must do a progressive pass of the DHCP to your new box.

Yes, you can install the DHCP role, just make sure you don't have any collision in the scopes.  To prevent that, you should reduce your actual DHCP scope or prevent this server from giving some IPs out; Those IPs left out you should put them on the new DHCP server and wait for the renovation process to take place... this can be long depending on your DHCP settings.

You can always turn one off and start the other one right away but you can't have 2 DHCP giving the same range of addresses in a LAN.

Then, you should transfer FSMO. You got some links for this but here is another: How to view and transfer FSMO roles in Windows Server 2003
0
 

Author Comment

by:Neogeo147
ID: 39915265
I migrated over the DHCP scopes and my New Server 2008 shows it in there and its authorized.

However when I turn off the old 2003 server my clients will not grab a vaild license from the new server

I do have a cisco 6506 switch and can see in the config that is shows ip helper-address as 10.128.xxx.xx which is my old 2003 server, do I need to switch these entries, could that be causing my problem?

Is there a way I can change the IP address of the old server to something else and change the new one to what the old one was instead?
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39917310
As I mentioned before, when you are migrating DHCP Server scopes from only 1 DHCP server you will not have the results you are expecting unless you shutdown all the computers in your organization.  They have a valid IP and still alive!, they won't get a new one until the current one expires.

If your old 2003 box is just that a box with a file server only role left, then yes... everything should be pointing to your new 2008 box.
0
 

Assisted Solution

by:Neogeo147
Neogeo147 earned 0 total points
ID: 39918061
Well here is what I did, after I transfered all my scopes from the old server and turning it off clients still couldn't grab the addresses from the new server. they kept grabbing the 169.xx.xx.xx address.

So I changed the old server box to a different static IP, then changed the new box to that same IP the old one use to be on and updated the DNS records and SOA records and then everyone was now connecting to the new server for DHCP licences.
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39918186
So you never turn off your old DHCP!!!!
0
 

Author Comment

by:Neogeo147
ID: 39918265
No I did turn it off but for some reason the clients couldn't grab a vaild IP address from the new server even though I imported all the IP address scopes.
0
 

Author Closing Comment

by:Neogeo147
ID: 39931058
Thank you all for your help
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In-place Upgrading Dirsync to Azure AD Connect
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question