Search

Ads

Tuesday, November 17, 2009

Migration of DC from Windows Server 2000 to Windows Server 2003

Scenario

A Windows 2000 server domain controller running on old hardware has to be replaced with a new hardware running Windows 2003 Server as the Domain Controller. This tutorial will explain how to migrate win server 2000 to win server 2003 includes Domain Controller, DNS, DHCP, File server, Rename new win server 2003 same as your old win server 2000.


In this tutorial we are assuming that you are using same domain name as on your new win server 2003

Make sure to have the latest backup of the existing server.

1. Make Sure SP4 on the existing Windows 2000 domain controller

2. Run ADPREP to prepare the forest and domain for windows 2003

  • Put the Windows 2003 Server installation CD, into the CD drive of the windows 2000 server.
  • Go to Start -> Run and type cmd and click on OK button.
  • At the command prompt type x:\i386\adprep /forestprep where x is the drive letter of the CD drive. Make sure the command exits with a success message. Reboot is not necessary.
  • From the command prompt type x:\i386\adprep /domainprep where x is the drive letter of the CD drive on the server. Make sure the command exits with a success message. Reboot is not necessary.

Note: In case of any errors, you may look at the log files residing under %systemroot% \system32\ debug\adprep\ log\ folder.

Important Note :- If you want to upgrade win server 2000 to win server 2003 R2 insert the Windows Server 2003 R2 installation disk 2 to run the forestprep and domainprep otherwise you see the following error

The Active Directory Installation Wizard cannot continue because the forest is not prepared for installing Windows Server 2003. Use the Adprep command-line tool to prepare both the forest and the domain. For more information about using the Adprep, see Active Directory Help.

The version of the Active Directory schema of the source forest is not compatible with the version of Active Directory on this computer.

3. On the new server hardware, install Windows 2003 Server and join it to the existing domain (i.e win 2000 domain). Also, install the DNS server (need not configure). Make sure you also install all the available service packs.

Install DNS Server on win 2003 Server

Open Windows Components Wizard from the following

Click Start, click Control Panel, and then click Add or Remove Programs.

Click Add/Remove Windows Components.

In Components, select the Networking Services check box, and then click Details.

InSubcomponents of Networking Services, select the Domain Name System (DNS) check box, click OK, and then click Next.

If Windows asks for a CD-ROM, do as it requests. When it is done, click Finish and you'll have your very own DNS server.

4. On win 2003 server Run DC Promo and make this server as the additional domain controller to the existing domain:

  • Go to Start -> Run and type dcpromo and click on OK button.
  • On the Active Directory Installation Wizard screen, follow the wizard and make this server as an additional domain controller for the existing domain.
  • Reboot the Server.

5. Wait for replication to happen. This may take around 30 minutes or longer, depending on the amount of data that has to be replicated from the SYSVOL folder of Win2000 server. You can use REPLMON.EXE, to monitor the replication status, which is available from the support tools package in your win 2003 server CD, or you can even check the event log on the Win server 2003 for the file replication service (FRS) status.

6. Check the DNS on the new Win server 2003.

  • Check if all the details have been replicated
  • Check if the forwarders are setup correctly
  • Check if the event log is clear of errors

Transfer FSMO roles and GC from win server 2000 to win server 2003

a) Transfer the FSMO Roles to the new Server.

There are 5 FSMO roles: Domain naming Master, Schema Master, RID Master, PDC Emulator and Infrastructure Master. There must be a domain controller that owns each one of those roles. These roles can be transferred to another Domain Controller either by using the MMC GUI tool or by using the ntdsutil.exe command line utility. Here are the steps to transfer FSMO roles by using the MMC tool:

Transferring RID, PDC, and Infrastructure Master roles:

  • Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
  • Right-click the icon next to Active Directory Users and Computers, and then click Connect to Domain Controller.

Note: If you are not on the domain controller where you want to transfer the role, you need to take this step. It is not necessary if you are connected to the domain controller whose role you want to transfer.

  • Click the domain controller, which will be the new role holder, and then click OK.
  • Right-click Active Directory Users and Computers icon and then click Operation Masters.
  • In the Change Operations Master dialog box, click the appropriate tab (RID, PDC, or Infrastructure) for the role you want to transfer. You need to transfer all the 3 roles.
  • Click Change in the Change Operations Master dialog box.
  • Click OK to confirm that you want to transfer the role.
  • Click OK.
  • Click Cancel to close the dialog box.

Transferring the Domain Naming Master role:

  • Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Domains and Trusts.
  • Right-click the Active Directory Domains and Trusts icon, and then click Connect to Domain Controller.

Note: If you are not on the domain controller where you want to transfer the role, you need to take this step. It is not necessary if you are connected to the domain controller whose role you want to transfer.

  • Click the domain controller that will be the new role holder, and then click OK.
  • Right-click Active Directory Domains and Trusts, and then click Operation Masters.
  • In the Change Operations Master dialog box: click Change.
  • Click OK to confirm that you want to transfer the role.
  • Click OK.
  • Click Cancel to close the dialog box.

Transferring the Schema Master Role:

You can use the Schema Master tool to transfer the role. However, the Schmmgmt.dll dynamic-link library must be registered in order to make the Schema tool available as an MMC snap-in.

Registering the Schema Tool:

  • Click Start, and then click Run.
  • Type regsvr32 schmmgmt.dll, and then click OK. A message should be displayed stating that the registration was successful.

Transferring the Schema Master Role:

  • Click Start, click run, type mmc, and then click OK.
  • On the Console menu click Add/Remove Snap-in.
  • Click Add.
  • Click Active Directory Schema.
  • Click Add.
  • Click Close to close the Add Standalone Snap-in dialog box.
  • Click OK to add the snap-in to the console.
  • Right-click the Active Directory Schema icon, and then click Change Domain Controller.

Note: If you are not on the domain controller where you want to transfer the role, you need to take this step. It is not necessary if you are connected to the domain controller whose role you want to transfer.

  • Click Specify Domain Controller, type the name of the domain controller that will be the new role holder, and then click OK.
  • Right-click Active Directory Schema and then click Operation Masters.
  • In the Change Schema Master dialog box: click Change.
  • Click OK.
  • Click OK.
  • Click Cancel to close the dialog box.

Transfer the Global Catalogue role:

  • Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites and Services.
  • Under sites, expand your site name, then Servers and then your server name so that you can see NTDS Settings. Now right click on the NTDS Settings under the server that you want to demote (Win2K) and choose properties, in the window that appears, un-check Global Catalog and click OK.
  • Now right click on the NTDS Settings under the server that you want to promote (Win2K3) and choose properties, in the window that appears, check Global Catalog and click OK.
  • After making these changes wait about fifteen minutes till the Global Catalog replicates between domain controllers, after it you can continue with further configurations.
Transfer files/permissions over win server 2003

If you are using this server as file server you need to copy all your data in to the new win server 2003 with the following procedure

For this purpose you can use FSMT tool on Win2K3 server (FSMT cannot be run on Win2K), which can be downloaded from the Microsoft Website. Using FSMT all the shared files and folders can be transferred from the old Win2K server to the new Win2K3 server without losing the permissions on the shared folders.

If you want complete detailed Instructions how to use FSMT Check here

Take backup of win 2000 DHCP Server database.

  • Run DHCPEXIM.EXE utility from MS Resource Kit (download from here)and export the required DHCP Scope(s) and configurations to a text file and copy this file on to the new win server 2003.
  • Now, you can either disconnect the network cable or shutdown the win server 2000 completely. This server will again be used in the event of this migration failure.

Authorize DHCP Server on win server 2003

  • Click Start, point to All Programs, point to Administrative Tools, and then click DHCP

Note:- You must be logged on to the server by using an account that is a member of the Administrators group. In an Active Directory domain, you must be logged on to the server by using an account that is a member of the Enterprise Administrators group.

  • In the console tree of the DHCP snap-in, expand the new DHCP server. If there is a red arrow in the lower-right corner of the server object, the server has not yet been authorized.
  • Right-click the server object, and then click Authorize.

After several moments, right-click the server again, and then click Refresh. A green arrow indicates that the DHCP server is authorized.

Running domain controller (on win server 2003) diagnostics tools

From the command prompt, run DCDIAGS and make sure the command is completed successfully, without displaying any errors.If you want DCdiag GUI tool check here

Run adcheck (freeware tool from netiq) run through all the checks and make sure that the domain is healthy. Fix errors if any.You can download from here

Disconnect the old server (win server 2000)

  • Go to Start -> Run and type dcpromo and click on OK button.
  • On the Active Directory Installation Wizard screen, follow the wizard and demote it from the domain controller to a standalone server.
  • Reboot the Server.
  • Change the server membership to a Workgroup.
  • Reboot the Server.
  • Shutdown and disconnect the server from the network.

Raise the domain level functionality to native Windows 2003 in win server 2003.

For this follow this procedure

  • Log on the win server 2003 of the domain with domain administrator credentials.
  • Click Start, point to Administrative Tools, and then click Active Directory Domains and Trust.
  • In the console tree, right-click the domain for which you want to raise functionality, and then click Raise Domain Functional Level.
  • Under Select an available domain functional level, do the following
  • Click Windows Server 2003, and then click Raise to raise the domain functional level to Windows Server 2003.

Note:- You can also raise the domain functional level by right-clicking a domain that appears in the Active Directory Users and Computers MMC snap-in, and then clicking Raise Domain Functional Level. To raise the domain functional level, you must be a member of the Domain Administrators group.

The current domain functional level appears under Current domain functional level in the Raise Domain Functional Level dialog box. The level increase is performed on the PDC FSMO and requires the domain administrator

Test with a client that you can logon, check the event log for any errors.

Changing the new DC's (Win2K3) IP Address and Hostname to the same Hostname and IP Address as the old DC (Win2K)

  • Make sure the Old Domain Controller (Win2K) is disconnected from the network.
  • Make sure all the references of the old (Win2K) server name does not exist anymore In Active directory (Sites, Domain Controllers Container and DNS).
  • Make sure the domain functional level is raised to Windows 2003 native mode.
  • Change the IP Address of the new domain controller (Win2K3)
  • Change the Domain Controller hostname using Netdom tool.

Netdom tool comes with the support tools package, which is available on the Server installation CD, under \support\tools folder.

  • Install support tools and go to Command Prompt.
  • Type the following command to add the new domain controller name, and then press ENTER:

netdom computername CurrentComputerName /add:NewComputerNam e

Note: The NewComputerName must be a fully qualified domain name (FQDN). Currentcomputername can be the existing FQDN or the IP Address of the computer.

c) Type the following command to designate the new name as the primary computer name, and then press ENTER:

netdom computername CurrentComputerName /makeprimary: NewComputerName

d) Restart the computer.

e) After the computer restarts, go to Command Prompt.

f) Type the following command to remove the old domain controller name, and then press ENTER:

netdom computername NewComputerName /remove:OldComputer Name

Finally if you are using any logon scripts using kix program,Network Printers you need to make sure everything is working fine

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)