Armitage318
asked on
Active Directory: Transfer roles from 2003 R2 to 2012
Hi, I have an old DC Windows Server 2003 R2 (32bit).
I need to demote this server, and transfer all roles to a Window Server 2012 Foundation (64bit).
How can I do this?
Which check should I ran before?
Thank you!
I need to demote this server, and transfer all roles to a Window Server 2012 Foundation (64bit).
How can I do this?
Which check should I ran before?
Thank you!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Before adding or removing domain controllers, a full domain health check should be done.
For starters, run this and post out.txt
For starters, run this and post out.txt
repadmin /showrepl * > out.txtASKER
Hi, I am following this url:
https://blogs.technet.micr
I installed Active Directory Domain Services. Now, I am going to promote win2012 server to a domain controller.
My domain name is correctly founded, but when I go forward, I get this message:
"a domain controller running Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 could not be located in this domain. To install a read-only domain controller, the domain must have a domain controller running Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012"
What should I do?
Thank you!
https://blogs.technet.micr
I installed Active Directory Domain Services. Now, I am going to promote win2012 server to a domain controller.
My domain name is correctly founded, but when I go forward, I get this message:
"a domain controller running Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 could not be located in this domain. To install a read-only domain controller, the domain must have a domain controller running Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012"
What should I do?
Thank you!
ASKER
Hi Shaun,
this is command output:
this is command output:
repadmin running command /showrepl against server e-server.domain.local
Default-First-Site\E-SERVER
DC Options: IS_GC
Site Options: (none)
DC object GUID: 99cdcb5c-4f5a-46cf-a526-0825bb4d7334
DC invocationID: 99cdcb5c-4f5a-46cf-a526-0825bb4d7334
==== INBOUND NEIGHBORS ======================================
DC=domain,DC=local
Default-First-Site\WINSVR2012 via RPC
DC object GUID: 27ce314d-ac50-4be3-bb5d-28d7fb5dbc23
Last attempt @ 2019-06-10 16:52:27 failed, result 1753 (0x6d9):
Nessun endpoint disponibile nel mapping degli endpoint.
25628 consecutive failure(s).
Last success @ 2016-06-30 12:55:11.
CN=Configuration,DC=domain,DC=local
Default-First-Site\WINSVR2012 via RPC
DC object GUID: 27ce314d-ac50-4be3-bb5d-28d7fb5dbc23
Last attempt @ 2019-06-10 16:52:27 failed, result 1753 (0x6d9):
Nessun endpoint disponibile nel mapping degli endpoint.
25627 consecutive failure(s).
Last success @ 2016-06-30 12:55:11.
CN=Schema,CN=Configuration,DC=domain,DC=local
Default-First-Site\WINSVR2012 via RPC
DC object GUID: 27ce314d-ac50-4be3-bb5d-28d7fb5dbc23
Last attempt @ 2019-06-10 16:52:27 failed, result 1753 (0x6d9):
Nessun endpoint disponibile nel mapping degli endpoint.
25626 consecutive failure(s).
Last success @ 2016-06-30 12:55:11.
DC=DomainDnsZones,DC=domain,DC=local
Default-First-Site\WINSVR2012 via RPC
DC object GUID: 27ce314d-ac50-4be3-bb5d-28d7fb5dbc23
Last attempt @ 2019-06-10 16:52:27 failed, result 1256 (0x4e8):
Il sistema remoto non Š disponibile. Per informazioni sulla risoluzione dei problemi di rete, consultare la Guida di Windows.
25625 consecutive failure(s).
Last success @ 2016-06-30 12:55:11.
DC=ForestDnsZones,DC=domain,DC=local
Default-First-Site\WINSVR2012 via RPC
DC object GUID: 27ce314d-ac50-4be3-bb5d-28d7fb5dbc23
Last attempt @ 2019-06-10 16:52:27 failed, result 1256 (0x4e8):
Il sistema remoto non Š disponibile. Per informazioni sulla risoluzione dei problemi di rete, consultare la Guida di Windows.
25625 consecutive failure(s).
Last success @ 2016-06-30 12:55:11.
Source: Default-First-Site\WINSVR2012
******* 25628 CONSECUTIVE FAILURES since 2016-06-30 12:55:11
Last error: 1256 (0x4e8):
Il sistema remoto non Š disponibile. Per informazioni sulla risoluzione dei problemi di rete, consultare la Guida di Windows.
repadmin running command /showrepl against server WINSVR2012.domain.local
[d:\nt\ds\ds\src\util\repadmin\repbind.c, 154] LDAP error 81 (Server non accessibile) Win32 Err 58.
Sounds like you checked the box for Read ONly Domain Controller when Promoting the 2012 server to a DC. Don't check that box. You only need DNS (unless you are using non-AD integrated DNS) and Global Catalog.
ASKER
Hi Jeff, I didn't check that box (it is greyed out).
I just realized that in the past we already tried to add win2012 as DC. I suspect there is some metadata to clean.
In fact, if I go to old server (win2003) and check Active Directory Sites and Services, I see "WIN2012" under Servers menu.
Should I first try a metadata cleanup for every entry related to WIN2012? How can I proceed?
Thank you
I just realized that in the past we already tried to add win2012 as DC. I suspect there is some metadata to clean.
In fact, if I go to old server (win2003) and check Active Directory Sites and Services, I see "WIN2012" under Servers menu.
Should I first try a metadata cleanup for every entry related to WIN2012? How can I proceed?
Thank you
Yeah, that would probably be best. You really need to clean up AD before trying this. I would do a Metadata cleanup. Then make sure there are no mentions of the failed 2012 server in Sites and services and in DNS.
Then once DCDiag is clean and repadmin is good, try again. As long as you have the Schema admin and Enterprise Admin roles, along with the Domain Admin roles, it should be fine. Although, since you tried a 2012 server before, the schema may already be updated.
Then once DCDiag is clean and repadmin is good, try again. As long as you have the Schema admin and Enterprise Admin roles, along with the Domain Admin roles, it should be fine. Although, since you tried a 2012 server before, the schema may already be updated.
ASKER
Hi Jeff, I never did a Metadata cleanup on Windows 2003. Can you suggest me some reference?
What's about the functional level of the domain. It has to be at least Windows Server 2003.
ASKER
Hi tkoenigs, I confirm it's Windows 2003.
Thank you
Thank you
Haven't dealt with 2003 AD in a long time and most Microsoft stuff will steer you towards 2016 stuff. But Petri still has 2003 directions on it and that site is really good.
https://www.petri.com/delete_failed_dcs_from_ad
https://www.petri.com/delete_failed_dcs_from_ad
Double check the DNS entries on the 2012 r2 server and make sure
1) add file share for Windows 2003 to add the ntfrs which is how sysvol is replicating in 2003.
2) make sure when you run you get an answer.
nslookup -q=SRV _tcp._ldap..dc._msdcs.<you
1) add file share for Windows 2003 to add the ntfrs which is how sysvol is replicating in 2003.
2) make sure when you run you get an answer.
nslookup -q=SRV _tcp._ldap..dc._msdcs.<you
Another thought if this is a sole DC, convert the ntfrs sysvol replication to dfs before ..
You are using a foundation server double check whether this version can be a DC.
You are using a foundation server double check whether this version can be a DC.
ASKER
Hi Arnold,
currently the only DC is Windows 2003. My goal is to add Windows 2012 as DC, and then remove (demote) Windows 2003.
It seems 2012 can be a DC:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-foundation/jj679892(v=ws.11)
In the Windows Server 2012 Foundation operating system, the server must be a member of a workgroup or, if joined to a domain, joined at the root of the forest as a domain controller.
currently the only DC is Windows 2003. My goal is to add Windows 2012 as DC, and then remove (demote) Windows 2003.
It seems 2012 can be a DC:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-foundation/jj679892(v=ws.11)
In the Windows Server 2012 Foundation operating system, the server must be a member of a workgroup or, if joined to a domain, joined at the root of the forest as a domain controller.
Yes, rechecked myself after posting. Foundation is a micro SBS (essential). (15 users versus 50 )
Is the system already a member of the domain? make sure there are no external IP addresses listed in the Name server section of the Network Detail (ipconfig /all | find /i "Name server"
if you have a foreign DNS server, when the promotion to the DC is run, it queries DNS for certain records, if it sends this request to the external DNS it will never get a response it expects.
As others pointed out, your error seems to suggest that you are trying to install a read-only DC.
if you do not have the windows 2003 fileserver role/features. it might be why it defaults to REad-only.
without ntfrs sysvol can not replicate, DC needs this to be writeable in a 2003 .....
Look at transitioning sysvol from ntfrs to dfs on the only dC you currently have.
https://www.microsoft.com/en-us/download/details.aspx?id=4843
Is the system already a member of the domain? make sure there are no external IP addresses listed in the Name server section of the Network Detail (ipconfig /all | find /i "Name server"
if you have a foreign DNS server, when the promotion to the DC is run, it queries DNS for certain records, if it sends this request to the external DNS it will never get a response it expects.
As others pointed out, your error seems to suggest that you are trying to install a read-only DC.
if you do not have the windows 2003 fileserver role/features. it might be why it defaults to REad-only.
without ntfrs sysvol can not replicate, DC needs this to be writeable in a 2003 .....
Look at transitioning sysvol from ntfrs to dfs on the only dC you currently have.
https://www.microsoft.com/en-us/download/details.aspx?id=4843
First you need to make the 2012 server as additional DC in the existing domain. Then transfer the FSMO roles to it. Demote the old DC.