Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » AD Migration from win 2000 to win 2008 server
AD Migration from win 2000 to win 2008 server [message #159611] Sun, 02 August 2009 00:51 Go to next message
saqib ahmad  is currently offline saqib ahmad
Messages: 49
Registered: August 2009
Member
Dear,

We are migrating AD windows server 2000 to AD DS windows server 2008 but the
GPO is not healthy how can we migrate without GPO coz we want to customise
the new GPO in new 2008 server.

saqib
Re: AD Migration from win 2000 to win 2008 server [message #159614 is a reply to message #159611] Sun, 02 August 2009 03:45 Go to previous messageGo to next message
florian  is currently offline florian  Germany
Messages: 484
Registered: July 2009
Senior Member
Howdie!

saqib ahmad schrieb:
> We are migrating AD windows server 2000 to AD DS windows server 2008 but the
> GPO is not healthy how can we migrate without GPO coz we want to customise
> the new GPO in new 2008 server.

Can you elaborate a little on what you are trying to do? Is that a real
migration from one domain to another is it that you want to replace the
Win2000 DCs and have 2008DCs for the very same domain?

Also, what with the Group Policy isn't working? Most GP errors relate to
DNS or other core AD component mis-configurations which could
potentially bite you back during other procedures in your
migration/transition.

Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste
Re: AD Migration from win 2000 to win 2008 server [message #159615 is a reply to message #159614] Sun, 02 August 2009 05:50 Go to previous messageGo to next message
saqib ahmad  is currently offline saqib ahmad
Messages: 49
Registered: August 2009
Member
Dear,

Well we are upgrading our hardware and sofware but with the same domain as
we want to design new GPO and policies in new 2008 server. further more its a
real production environment and cant afford long downtimes.

"Florian Frommherz [MVP]" wrote:

> Howdie!
>
> saqib ahmad schrieb:
> > We are migrating AD windows server 2000 to AD DS windows server 2008 but the
> > GPO is not healthy how can we migrate without GPO coz we want to customise
> > the new GPO in new 2008 server.
>
> Can you elaborate a little on what you are trying to do? Is that a real
> migration from one domain to another is it that you want to replace the
> Win2000 DCs and have 2008DCs for the very same domain?
>
> Also, what with the Group Policy isn't working? Most GP errors relate to
> DNS or other core AD component mis-configurations which could
> potentially bite you back during other procedures in your
> migration/transition.
>
> Cheers,
> Florian
> --
> Microsoft MVP - Group Policy
> eMail: prename [at] frickelsoft [dot] net.
> blog: http://www.frickelsoft.net/blog.
> Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste
>
Re: AD Migration from win 2000 to win 2008 server [message #159616 is a reply to message #159615] Sun, 02 August 2009 07:01 Go to previous messageGo to next message
florian  is currently offline florian  Germany
Messages: 484
Registered: July 2009
Senior Member
Howdie!

saqib ahmad schrieb:
> Well we are upgrading our hardware and sofware but with the same domain as
> we want to design new GPO and policies in new 2008 server. further more its a
> real production environment and cant afford long downtimes.

Actually, there's no downtime necessary if you do it correctly:
1) take a backup of the current domain (system state)
2) update the current AD schema to Server 2008 (you'll find a lot of
howtos on the web).
3) install Windows 2008 on a new machine (new hardware)
4) while the current DCs are running, promote the new 2008 machine to a
domain controller. Make sure the DNS server is also installed and that
the new DC can resolve all FQDNs of all other DCs correctly.
5) repeat the steps 3 and 4 for every new DC you're going add.
6) To remove old DCs, check whether they have any special roles/any
applications rely on them.
7) Check whether the DCs to be removed have FSMO role ownership. If so,
move (transfer!) the roles to one of the new DCs.
8) run dcpromo on the DCs to be removed and uninstall AD from them.

The steps above may not complete all the work you need to do but should
give you an idea on how you should proceed. Also, when you're currently
experiencing GP problems (you still didn't mention what problems
specifically!) they will still persist. GP Preferences won't solve GP
application problems. Neither will 2008 do that. Again, most GP problems
relate to DNS misconfiguration.

Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste
Re: AD Migration from win 2000 to win 2008 server [message #159619 is a reply to message #159611] Sun, 02 August 2009 08:12 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello saqib,

With adding 2008 DC to the existing domain, you will not change the existing
GPOs. If there are some problems with, i suggest to solve them before starting
with the new OS version DC.

Which problems do you have with GPO exactly, can you provide some error messages?
Also an unedited ipconfig /all from a client machine and the DC/DNS server
can help to exclude as a basic problem. How many DCs are you using in the
domain, all in one site or multiple sites?

And if you will keep the same domain name and all existing user accounts,
computer accounts, security groups etc.etc.etc. you have to add the 2008
DC to the existing domain.

Do you use Exchange in the domain or any other applications, especially on
the DCs? Upgrading AD itself will not cause downtimes normally.

To add a 2008 DC to the domain follow this way:
!!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOUR DATA/MACHINE!!!

- On the old server open DNS management console and check that you are running
Active directory integrated zone (easier for replication, if you have more
then one DNS server)

- run replmon from the run line or repadmin /showrepl(only if more then one
DC exist), dcdiag and netdiag from the command prompt on the old machine
to check for errors, if you have some post the complete output from the command
here or solve them first. For this tools you have to install the support\tools\suptools.msi
from the 2000 installation disk.

- run adprep /forestprep and adprep /domainprep and adprep /rodcprep from
the 2008 installation disk against the 2000 schema master, with an account
that is member of the Schema admins, to upgrade the schema to the new version
(44), you can check the version with "schupgr" in a command prompt.

- Install the new machine as a member server in your existing domain

- configure a fixed ip and set the preferred DNS server to the old DNS server
only

- run dcpromo and follow the wizard to add the 2008 server to an existing
domain, make it also Global catalog and DNS server.

- for DNS give the server time for replication, at least 15 minutes. Because
you use Active directory integrated zones it will automatically replicate
the zones to the new server. Open DNS management console to check that they
appear

- if the new machine is domain controller and DNS server run again replmon,
dcdiag and netdiag (copy the netdiag from the 2003 to 2008, will work) on
both domain controllers

- Transfer, NOT seize the 5 FSMO roles to the new Domain controller (http://support.microsoft.com/kb/324801
applies also for 2008), FSMO should always be on the newest OS DC

- you can see in the event viewer (Directory service) that the roles are
transferred, also give it some time

- reconfigure the DNS configuration on your NIC of the 2008 server, preferred
DNS itself, secondary the old one

- if you use DHCP do not forget to reconfigure the scope settings to point
to the new installed DNS server


Demoting the old DC

- reconfigure your clients/servers that they not longer point to the old
DC/DNS server on the NIC

- to be sure that everything runs fine, disconnect the old DC from the network
and check with clients and servers the connectivity, logon and also with
one client a restart to see that everything is ok

- then run dcpromo to demote the old DC, if it works fine the machine will
move from the DC's OU to the computers container, where you can delete it
by hand. Can be that you got an error during demoting at the beginning, then
uncheck the Global catalog on that DC and try again

- check the DNS management console, that all entries from the machine are
disappeared or delete them by hand if the machine is off the network for ever

- also you have to start AD sites and services and delete the old servername
under the site, this will not be done during demotion

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Dear,
>
> We are migrating AD windows server 2000 to AD DS windows server 2008
> but the GPO is not healthy how can we migrate without GPO coz we want
> to customise the new GPO in new 2008 server.
>
> saqib
>
Re: AD Migration from win 2000 to win 2008 server [message #159659 is a reply to message #159611] Mon, 03 August 2009 06:46 Go to previous message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
Not sure what state your gpo's are in but if you want to reset the default
domain and domain controllers gpo you could run RecreateDefPol. This should
only be run on Windows 2000 machines. dcgpofix can be run on 2003 and
beyonds o/s's to fix them.
http://www.microsoft.com/downloads/details.aspx?FamilyID=B5B 685AE-B7DD-4BB5-AB2A-976D6873129D&displaylang=en


A nice tutorial on upgrading from 2000 to 2008
http://www.petri.co.il/windows-server-2008-adprep.htm


--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"saqib ahmad" <saqibahmad@discussions.microsoft.com> wrote in message
news:32813407-638D-47A6-BD6B-EB177F0C01FA@microsoft.com...
> Dear,
>
> We are migrating AD windows server 2000 to AD DS windows server 2008 but
> the
> GPO is not healthy how can we migrate without GPO coz we want to customise
> the new GPO in new 2008 server.
>
> saqib
Previous Topic:Implementing AD sites
Next Topic:Difference between Certificate Authorities
Goto Forum:
  


Current Time: Wed Jan 17 05:35:57 MST 2018

Total time taken to generate the page: 0.02564 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software