Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » DC/ DNS 2000 to 2003 Migration
DC/ DNS 2000 to 2003 Migration [message #161627] Sun, 04 October 2009 13:34 Go to next message
JimmyG  is currently offline JimmyG
Messages: 8
Registered: October 2009
Junior Member
Hello,
In our environment we have 2 Windows 2000 servers that act as DC/ DNS
servers. We bought a new server running windows 2003 which I would like to
make that our new DC/ DNS server. After this is done, I'd decommision one of
our existing Windows 2000 DC/ DNS servers and will upgrade the other to
Windows 2003.
We have serveral other Windows 2003 servers (Exchange 2003, File/ Print and
Application servers) which are all member servers. What's the best way to
accomplish this? Thank you in advance.
Re: DC/ DNS 2000 to 2003 Migration [message #161628 is a reply to message #161627] Sun, 04 October 2009 16:09 Go to previous messageGo to next message
neo  is currently offline neo  United States
Messages: 42
Registered: September 2009
Member
Assuming that your Windows 2000 DC/DNS servers are at SP4, then a quick
outline could be something as short as...

* Add Windows 2003 server to domain
* DCPromo to a domain controller
* Make it a Global Catalog if desired
* Install DNS
* Transfer FSMO Roles if desired
* Wait 24/48 hours, verify health and review that everything works the way
you want
* Retire Windows 2000

"JimmyG" <jim@mycc.us> wrote in message
news:99F560B8-B559-4E73-901B-11B39A7031B0@microsoft.com...
> Hello,
> In our environment we have 2 Windows 2000 servers that act as DC/ DNS
> servers. We bought a new server running windows 2003 which I would like to
> make that our new DC/ DNS server. After this is done, I'd decommision one
> of
> our existing Windows 2000 DC/ DNS servers and will upgrade the other to
> Windows 2003.
> We have serveral other Windows 2003 servers (Exchange 2003, File/ Print
> and
> Application servers) which are all member servers. What's the best way to
> accomplish this? Thank you in advance.
Re: DC/ DNS 2000 to 2003 Migration [message #161629 is a reply to message #161628] Sun, 04 October 2009 22:35 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"neo" <neo@discussions.microsoft.com> wrote in message
news:urH8o9TRKHA.4244@TK2MSFTNGP06.phx.gbl...
> Assuming that your Windows 2000 DC/DNS servers are at SP4, then a quick
> outline could be something as short as...
>
> * Add Windows 2003 server to domain
> * DCPromo to a domain controller
> * Make it a Global Catalog if desired
> * Install DNS
> * Transfer FSMO Roles if desired
> * Wait 24/48 hours, verify health and review that everything works the way
> you want
> * Retire Windows 2000
>


Good generalized plan, however I would like to add and point out a few
things out for the JimmyG, the original poster.

I suggest to also take inventory of type of clients, firewall vendor, model
and IOS installed, and more. Please read...

---
In one domain, all DCs are recommended to be GCs. If more than one domain,
the IM role can't be on a GC, however this doesn't apply with a single
domain.

The DNM (Domain Name Master) role must be on a GC.

When promoting a 2003 server into a 2000 domain, adprep must be run. I would
recommend running it first instead of simply promoting the 2003 server.
Reason why, is to make sure there aren't any issues with updating to the
2003 schema, especially since Exchange is involved. Read the following for
more info.

What do I need to do to prepare my Windows 2000 forest for the installation
of the first Windows Server 2003 DC?
http://www.petri.co.il/windows_2003_adprep.htm

Hotfixes to Install on Windows 2000 Domain Controllers Before Running Adprep
/Forestprep - 331161
http://www.petri.co.il/windows_2003_adprep.htm

---
It is highly recommended to not multihome a DC. A multihomed DC can be a DC
with two or more NICs, and/or IP address, or that has RRAS and/or PPPoE
installed. Read more for a comprehensive explanation.

Multihomed DCs with DNS, RRAS, multiple IPs, and/or PPPoE adapters
http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihom ed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx

---
When introducing the next release of an OS into a domain, it is minimally
recommended to move the DNM and Schema Master roles to the new DC.

Run dcpromo after installing DNS. This way after the promotion, the zone(s)
will automatically appear. Do not manually create the zone(s) in DNS, or you
will create a duplicate zone issue in the AD database. ADSI Edit is required
to fix this issue. Read the following to see what I mean.

Using ADSI Edit to Resolve Conflicting or Duplicate AD Integrated DNS zones
http://msmvps.com/blogs/acefekay/archive/2009/09/02/using-ad si-edit-to-resolve-conflicting-or-duplicate-ad-integrated-dn s-zones.aspx

---
The same thing goes with DNS management. Due to the application partitions
that are introduced with 2003, if one tries to manage DNS zone properties
and inadvertently chooses a replication scope that 2000 does not recognize,
it may also results in a duplicate zone issue. If one does not understand
the differences, and both 2000 and 2003 will be hosting the zones, it is
recommended to administer DNs from the 2000 server until all DCs are 2003.

Also when introducing Windows 2003 DNS, a feature called EDNS0 is used that
makes DNS resolution more efficient. This feature uses larger UDP packet
sizes to 1280 bytes, where the older implementation only goes to 512 bytes.
Many older firewalls, or firewalls that have not been upgraded will block
this type of traffic. YOu will need to check with your firewall vendor to
insure it will support ENDS0. Read the following for more info.

An External DNS Query May Cause an Error Message in Windows Server 2003:
http://support.microsoft.com/?id=828731

Some DNS Name Queries Are Unsuccessful After You Upgrade Your DNS Server to
Windows Server 2003:
http://support.microsoft.com/?id=832223

---
Once all DCs are all 2003, you will need to reconfigure the _msdcs zone
replication scope and set it as a delegated child zone.

How to reconfigure an _msdcs subdomain to a forest-wide DNS application
directory partition when you upgrade from Windows 2000 to Windows Server
2003
http://support.microsoft.com/?id=817470

---
As far as the original poster stating to "upgrade" the 2000 server to 2003,
I would highly advise and recommend to not upgrade, but rather once one of
the 2000 DCs have been demoted, to reinstall it with 2003 from scratch. This
insure no issues from an upgrade. I've seen too many problems with upgraded
machines.

One issue with upgraded DCs is GPO issues, especially if the default Domain
Policy or the Default Domain Controller Policy have been altered to add
additional settings. This is not recommended, but many have done so, causing
problems. One such are event logs 1030 and/or 1058 errors. Read more...

DCGPOfix tool. Restores the default Group Policy objects to their original
state (that is, the default state after initial installation.
http://technet2.microsoft.com/WindowsServer/en/Library/48872 034-1907-4149-b6aa-9788d38209d21033.mspx

---
If using OSx or legacy clients (NT4 and Win9x), there may be issues with the
ability to logon or access resources with authentication to 2003 AD with SMB
signing. Read the following for more info.

555038 How to enable Windows 98-ME-NT clients to logon to Windows 2003 based
Domains
http://support.microsoft.com/?id=555038

---
Once the PDC Emulator has been moved to the Windows 2003 DC, you will have
to reconfigure the time service on it to an external source. Don't forget to
ensure the firewall allows UDP123 to the PDC emulator.

Configuring the Windows Time Service for Windows Server
http://msmvps.com/blogs/acefekay/archive/2009/09/18/configur ing-the-windows-time-service-for-windows-server.aspx


---
Read the following for additional information.

Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003
Domain (whether it was upgraded or not, this is full of useful information
relating to AD and DNS, among other info):
http://support.microsoft.com/?id=555040

887426 Incorrect Schema extension for OSx prevents ForestPrep from
completing in Windows 2000:
http://support.microsoft.com/?id=887426

325379 How to Upgrade Windows 2000 Domain Controllers to Windows Server 2003
http://support.microsoft.com/?id=325379

324392 Enhancements to Adprep.exe in Windows Server 2003 Service Pack 1 and
in hotfix 324392
http://support.microsoft.com/?id=32439

What information is available when UPGRADING from W2K/E2K to W2K3 (R2)/E2K3?
http://blogs.dirteam.com/blogs/jorge/archive/2005/11/19/110. aspx

I hope that helps.


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS 2008, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA
Messaging
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
Re: DC/ DNS 2000 to 2003 Migration [message #161635 is a reply to message #161627] Mon, 05 October 2009 01:25 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello JimmyG,

See here for upgrading to 2003.

!!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOUR DATA/MACHINE!!!

One question first:
Is the old server also Exchange server and will it be taken out of the domain
forever, when the new server is running?

- On the old server open DNS management console and check that you are running
Active directory integrated zone (easier for replication, if you have more
then one DNS server)

- run replmon from the run line or repadmin /showreps (only if more then
one DC exist), dcdiag and netdiag from the command prompt on the old machine
to check for errors, if you have some post the complete output from the command
here or solve them first. For this tools you have to install the support\tools\suptools.msi
from the 2000 or 2003 installation disk.

- run adprep /forestprep and adprep /domainprep from the 2003 installation
disk against the 2000 server, with an account that is member of the Schema
admins, to upgrade the schema to the new version

- Install the new machine as a member server in your existing domain

- configure a fixed ip and set the preferred DNS server to the old DNS server
only

- run dcpromo and follow the wizard to add the 2003 server to an existing
domain

- if you are prompted for DNS configuration choose Yes (also possible that
no DNS preparation occur), then install DNS after the reboot

- for DNS give the server time for replication, at least 15 minutes. Because
you use Active directory integrated zones it will automatically replicate
the zones to the new server. Open DNS management console to check that they
appear

- if the new machine is domain controller and DNS server run again replmon,
dcdiag and netdiag on both domain controllers

- if you have no errors, make the new server Global catalog server, open
Active directory Sites and Services and then double-click sitename, double-click
Servers, click your domain controller, right-click NTDS Settings, and then
click Properties, on the General tab, click to select the Global catalog
check box (http://support.microsoft.com/?id=313994)

- Transfer, NOT seize the 5 FSMO roles to the new Domain controller (http://support.microsoft.com/kb/324801)

- you can see in the event viewer (Directory service) that the roles are
transferred, also give it some time

- reconfigure the DNS configuration on your NIC of the 2003 server, preferred
DNS itself, secondary the old one

- if you use DHCP do not forget to reconfigure the scope settings to point
to the new installed DNS server

- export and import of DHCP database (if needed) (http://support.microsoft.com/kb/325473)

- backup WINS (http://technet.microsoft.com/en-us/library/cc727901.aspx)

- restore WINS (http://technet.microsoft.com/en-us/library/cc727960.aspx)


Demoting the old DC (if needed)

- reconfigure your clients/servers that they not longer point to the old
DC/DNS server on the NIC

- to be sure that everything runs fine, disconnect the old DC from the network
and check with clients and servers the connectivity, logon and also with
one client a restart to see that everything is ok

- then run dcpromo to demote the old DC, if it works fine the machine will
move from the DC's OU to the computers container, where you can delete it
by hand. Can be that you got an error during demoting at the beginning, then
uncheck the Global catalog on that DC and try again

- check the DNS management console, that all entries from the machine are
disappeared or delete them by hand if the machine is off the network for ever

- also you have to start AD sites and services and delete the old servername
under the site, this will not be done during demotion

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hello,
> In our environment we have 2 Windows 2000 servers that act as DC/ DNS
> servers. We bought a new server running windows 2003 which I would
> like to
> make that our new DC/ DNS server. After this is done, I'd decommision
> one of
> our existing Windows 2000 DC/ DNS servers and will upgrade the other
> to
> Windows 2003.
> We have serveral other Windows 2003 servers (Exchange 2003, File/
> Print and
> Application servers) which are all member servers. What's the best way
> to
> accomplish this? Thank you in advance.
Re: DC/ DNS 2000 to 2003 Migration [message #161643 is a reply to message #161627] Mon, 05 October 2009 06:37 Go to previous messageGo to next message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
I have an upgrade article available for this at:
http://www.pbbergs.com/windows/articles.htm

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"JimmyG" <jim@mycc.us> wrote in message
news:99F560B8-B559-4E73-901B-11B39A7031B0@microsoft.com...
> Hello,
> In our environment we have 2 Windows 2000 servers that act as DC/ DNS
> servers. We bought a new server running windows 2003 which I would like to
> make that our new DC/ DNS server. After this is done, I'd decommision one
> of
> our existing Windows 2000 DC/ DNS servers and will upgrade the other to
> Windows 2003.
> We have serveral other Windows 2003 servers (Exchange 2003, File/ Print
> and
> Application servers) which are all member servers. What's the best way to
> accomplish this? Thank you in advance.
Re: DC/ DNS 2000 to 2003 Migration [message #161669 is a reply to message #161628] Mon, 05 October 2009 21:10 Go to previous messageGo to next message
JimmyG  is currently offline JimmyG
Messages: 8
Registered: October 2009
Junior Member
Thanks Neo. One last question.
After I retire the Windows 2000 server and shut it down, do you anticipate
any issues with assiging the same host name and IP address of the Windows
2000 server to the new Windows 2003 server?

"neo" wrote:

> Assuming that your Windows 2000 DC/DNS servers are at SP4, then a quick
> outline could be something as short as...
>
> * Add Windows 2003 server to domain
> * DCPromo to a domain controller
> * Make it a Global Catalog if desired
> * Install DNS
> * Transfer FSMO Roles if desired
> * Wait 24/48 hours, verify health and review that everything works the way
> you want
> * Retire Windows 2000
>
> "JimmyG" <jim@mycc.us> wrote in message
> news:99F560B8-B559-4E73-901B-11B39A7031B0@microsoft.com...
> > Hello,
> > In our environment we have 2 Windows 2000 servers that act as DC/ DNS
> > servers. We bought a new server running windows 2003 which I would like to
> > make that our new DC/ DNS server. After this is done, I'd decommision one
> > of
> > our existing Windows 2000 DC/ DNS servers and will upgrade the other to
> > Windows 2003.
> > We have serveral other Windows 2003 servers (Exchange 2003, File/ Print
> > and
> > Application servers) which are all member servers. What's the best way to
> > accomplish this? Thank you in advance.
>
>
Re: DC/ DNS 2000 to 2003 Migration [message #161670 is a reply to message #161629] Mon, 05 October 2009 21:11 Go to previous messageGo to next message
JimmyG  is currently offline JimmyG
Messages: 8
Registered: October 2009
Junior Member
Thanks Ace.

"Ace Fekay [MCT]" wrote:

> "neo" <neo@discussions.microsoft.com> wrote in message
> news:urH8o9TRKHA.4244@TK2MSFTNGP06.phx.gbl...
> > Assuming that your Windows 2000 DC/DNS servers are at SP4, then a quick
> > outline could be something as short as...
> >
> > * Add Windows 2003 server to domain
> > * DCPromo to a domain controller
> > * Make it a Global Catalog if desired
> > * Install DNS
> > * Transfer FSMO Roles if desired
> > * Wait 24/48 hours, verify health and review that everything works the way
> > you want
> > * Retire Windows 2000
> >
>
>
> Good generalized plan, however I would like to add and point out a few
> things out for the JimmyG, the original poster.
>
> I suggest to also take inventory of type of clients, firewall vendor, model
> and IOS installed, and more. Please read...
>
> ---
> In one domain, all DCs are recommended to be GCs. If more than one domain,
> the IM role can't be on a GC, however this doesn't apply with a single
> domain.
>
> The DNM (Domain Name Master) role must be on a GC.
>
> When promoting a 2003 server into a 2000 domain, adprep must be run. I would
> recommend running it first instead of simply promoting the 2003 server.
> Reason why, is to make sure there aren't any issues with updating to the
> 2003 schema, especially since Exchange is involved. Read the following for
> more info.
>
> What do I need to do to prepare my Windows 2000 forest for the installation
> of the first Windows Server 2003 DC?
> http://www.petri.co.il/windows_2003_adprep.htm
>
> Hotfixes to Install on Windows 2000 Domain Controllers Before Running Adprep
> /Forestprep - 331161
> http://www.petri.co.il/windows_2003_adprep.htm
>
> ---
> It is highly recommended to not multihome a DC. A multihomed DC can be a DC
> with two or more NICs, and/or IP address, or that has RRAS and/or PPPoE
> installed. Read more for a comprehensive explanation.
>
> Multihomed DCs with DNS, RRAS, multiple IPs, and/or PPPoE adapters
> http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihom ed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx
>
> ---
> When introducing the next release of an OS into a domain, it is minimally
> recommended to move the DNM and Schema Master roles to the new DC.
>
> Run dcpromo after installing DNS. This way after the promotion, the zone(s)
> will automatically appear. Do not manually create the zone(s) in DNS, or you
> will create a duplicate zone issue in the AD database. ADSI Edit is required
> to fix this issue. Read the following to see what I mean.
>
> Using ADSI Edit to Resolve Conflicting or Duplicate AD Integrated DNS zones
> http://msmvps.com/blogs/acefekay/archive/2009/09/02/using-ad si-edit-to-resolve-conflicting-or-duplicate-ad-integrated-dn s-zones.aspx
>
> ---
> The same thing goes with DNS management. Due to the application partitions
> that are introduced with 2003, if one tries to manage DNS zone properties
> and inadvertently chooses a replication scope that 2000 does not recognize,
> it may also results in a duplicate zone issue. If one does not understand
> the differences, and both 2000 and 2003 will be hosting the zones, it is
> recommended to administer DNs from the 2000 server until all DCs are 2003.
>
> Also when introducing Windows 2003 DNS, a feature called EDNS0 is used that
> makes DNS resolution more efficient. This feature uses larger UDP packet
> sizes to 1280 bytes, where the older implementation only goes to 512 bytes.
> Many older firewalls, or firewalls that have not been upgraded will block
> this type of traffic. YOu will need to check with your firewall vendor to
> insure it will support ENDS0. Read the following for more info.
>
> An External DNS Query May Cause an Error Message in Windows Server 2003:
> http://support.microsoft.com/?id=828731
>
> Some DNS Name Queries Are Unsuccessful After You Upgrade Your DNS Server to
> Windows Server 2003:
> http://support.microsoft.com/?id=832223
>
> ---
> Once all DCs are all 2003, you will need to reconfigure the _msdcs zone
> replication scope and set it as a delegated child zone.
>
> How to reconfigure an _msdcs subdomain to a forest-wide DNS application
> directory partition when you upgrade from Windows 2000 to Windows Server
> 2003
> http://support.microsoft.com/?id=817470
>
> ---
> As far as the original poster stating to "upgrade" the 2000 server to 2003,
> I would highly advise and recommend to not upgrade, but rather once one of
> the 2000 DCs have been demoted, to reinstall it with 2003 from scratch. This
> insure no issues from an upgrade. I've seen too many problems with upgraded
> machines.
>
> One issue with upgraded DCs is GPO issues, especially if the default Domain
> Policy or the Default Domain Controller Policy have been altered to add
> additional settings. This is not recommended, but many have done so, causing
> problems. One such are event logs 1030 and/or 1058 errors. Read more...
>
> DCGPOfix tool. Restores the default Group Policy objects to their original
> state (that is, the default state after initial installation.
> http://technet2.microsoft.com/WindowsServer/en/Library/48872 034-1907-4149-b6aa-9788d38209d21033.mspx
>
> ---
> If using OSx or legacy clients (NT4 and Win9x), there may be issues with the
> ability to logon or access resources with authentication to 2003 AD with SMB
> signing. Read the following for more info.
>
> 555038 How to enable Windows 98-ME-NT clients to logon to Windows 2003 based
> Domains
> http://support.microsoft.com/?id=555038
>
> ---
> Once the PDC Emulator has been moved to the Windows 2003 DC, you will have
> to reconfigure the time service on it to an external source. Don't forget to
> ensure the firewall allows UDP123 to the PDC emulator.
>
> Configuring the Windows Time Service for Windows Server
> http://msmvps.com/blogs/acefekay/archive/2009/09/18/configur ing-the-windows-time-service-for-windows-server.aspx
>
>
> ---
> Read the following for additional information.
>
> Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003
> Domain (whether it was upgraded or not, this is full of useful information
> relating to AD and DNS, among other info):
> http://support.microsoft.com/?id=555040
>
> 887426 Incorrect Schema extension for OSx prevents ForestPrep from
> completing in Windows 2000:
> http://support.microsoft.com/?id=887426
>
> 325379 How to Upgrade Windows 2000 Domain Controllers to Windows Server 2003
> http://support.microsoft.com/?id=325379
>
> 324392 Enhancements to Adprep.exe in Windows Server 2003 Service Pack 1 and
> in hotfix 324392
> http://support.microsoft.com/?id=32439
>
> What information is available when UPGRADING from W2K/E2K to W2K3 (R2)/E2K3?
> http://blogs.dirteam.com/blogs/jorge/archive/2005/11/19/110. aspx
>
> I hope that helps.
>
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Please reply back to the newsgroup or forum for collaboration benefit among
> responding engineers, and to help others benefit from your resolution.
>
> Ace Fekay, MCT, MCTS 2008, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA
> Messaging
> Microsoft Certified Trainer
>
> For urgent issues, please contact Microsoft PSS directly. Please check
> http://support.microsoft.com for regional support phone numbers.
>
>
>
>
>
Re: DC/ DNS 2000 to 2003 Migration [message #161671 is a reply to message #161635] Mon, 05 October 2009 21:16 Go to previous messageGo to next message
JimmyG  is currently offline JimmyG
Messages: 8
Registered: October 2009
Junior Member
The old server is not an exchange server and will be taken out of the domain
and will be shut down.
Thanks for your response.
One more question:
After I retire the Windows 2000 server and shut it down, do you anticipate
any issues with assiging the same host name and IP address of the Windows
2000 server to the new Windows 2003 server?

"Meinolf Weber [MVP-DS]" wrote:

> Hello JimmyG,
>
> See here for upgrading to 2003.
>
> !!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOUR DATA/MACHINE!!!
>
> One question first:
> Is the old server also Exchange server and will it be taken out of the domain
> forever, when the new server is running?
>
> - On the old server open DNS management console and check that you are running
> Active directory integrated zone (easier for replication, if you have more
> then one DNS server)
>
> - run replmon from the run line or repadmin /showreps (only if more then
> one DC exist), dcdiag and netdiag from the command prompt on the old machine
> to check for errors, if you have some post the complete output from the command
> here or solve them first. For this tools you have to install the support\tools\suptools.msi
> from the 2000 or 2003 installation disk.
>
> - run adprep /forestprep and adprep /domainprep from the 2003 installation
> disk against the 2000 server, with an account that is member of the Schema
> admins, to upgrade the schema to the new version
>
> - Install the new machine as a member server in your existing domain
>
> - configure a fixed ip and set the preferred DNS server to the old DNS server
> only
>
> - run dcpromo and follow the wizard to add the 2003 server to an existing
> domain
>
> - if you are prompted for DNS configuration choose Yes (also possible that
> no DNS preparation occur), then install DNS after the reboot
>
> - for DNS give the server time for replication, at least 15 minutes. Because
> you use Active directory integrated zones it will automatically replicate
> the zones to the new server. Open DNS management console to check that they
> appear
>
> - if the new machine is domain controller and DNS server run again replmon,
> dcdiag and netdiag on both domain controllers
>
> - if you have no errors, make the new server Global catalog server, open
> Active directory Sites and Services and then double-click sitename, double-click
> Servers, click your domain controller, right-click NTDS Settings, and then
> click Properties, on the General tab, click to select the Global catalog
> check box (http://support.microsoft.com/?id=313994)
>
> - Transfer, NOT seize the 5 FSMO roles to the new Domain controller (http://support.microsoft.com/kb/324801)
>
> - you can see in the event viewer (Directory service) that the roles are
> transferred, also give it some time
>
> - reconfigure the DNS configuration on your NIC of the 2003 server, preferred
> DNS itself, secondary the old one
>
> - if you use DHCP do not forget to reconfigure the scope settings to point
> to the new installed DNS server
>
> - export and import of DHCP database (if needed) (http://support.microsoft.com/kb/325473)
>
> - backup WINS (http://technet.microsoft.com/en-us/library/cc727901.aspx)
>
> - restore WINS (http://technet.microsoft.com/en-us/library/cc727960.aspx)
>
>
> Demoting the old DC (if needed)
>
> - reconfigure your clients/servers that they not longer point to the old
> DC/DNS server on the NIC
>
> - to be sure that everything runs fine, disconnect the old DC from the network
> and check with clients and servers the connectivity, logon and also with
> one client a restart to see that everything is ok
>
> - then run dcpromo to demote the old DC, if it works fine the machine will
> move from the DC's OU to the computers container, where you can delete it
> by hand. Can be that you got an error during demoting at the beginning, then
> uncheck the Global catalog on that DC and try again
>
> - check the DNS management console, that all entries from the machine are
> disappeared or delete them by hand if the machine is off the network for ever
>
> - also you have to start AD sites and services and delete the old servername
> under the site, this will not be done during demotion
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > Hello,
> > In our environment we have 2 Windows 2000 servers that act as DC/ DNS
> > servers. We bought a new server running windows 2003 which I would
> > like to
> > make that our new DC/ DNS server. After this is done, I'd decommision
> > one of
> > our existing Windows 2000 DC/ DNS servers and will upgrade the other
> > to
> > Windows 2003.
> > We have serveral other Windows 2003 servers (Exchange 2003, File/
> > Print and
> > Application servers) which are all member servers. What's the best way
> > to
> > accomplish this? Thank you in advance.
>
>
>
Re: DC/ DNS 2000 to 2003 Migration [message #161672 is a reply to message #161643] Mon, 05 October 2009 21:17 Go to previous messageGo to next message
JimmyG  is currently offline JimmyG
Messages: 8
Registered: October 2009
Junior Member
Thanks Paul for your response.
One more question:
After I retire the Windows 2000 server and shut it down, do you anticipate
any issues with assiging the same host name and IP address of the Windows
2000 server to the new Windows 2003 server?

"Paul Bergson [MVP-DS]" wrote:

> I have an upgrade article available for this at:
> http://www.pbbergs.com/windows/articles.htm
>
> --
> Paul Bergson
> MVP - Directory Services
> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
> 2008, 2003, 2000 (Early Achiever), NT4
> Microsoft's Thrive IT Pro of the Month - June 2009
>
> http://www.pbbergs.com
>
> Please no e-mails, any questions should be posted in the NewsGroup This
> posting is provided "AS IS" with no warranties, and confers no rights.
>
> "JimmyG" <jim@mycc.us> wrote in message
> news:99F560B8-B559-4E73-901B-11B39A7031B0@microsoft.com...
> > Hello,
> > In our environment we have 2 Windows 2000 servers that act as DC/ DNS
> > servers. We bought a new server running windows 2003 which I would like to
> > make that our new DC/ DNS server. After this is done, I'd decommision one
> > of
> > our existing Windows 2000 DC/ DNS servers and will upgrade the other to
> > Windows 2003.
> > We have serveral other Windows 2003 servers (Exchange 2003, File/ Print
> > and
> > Application servers) which are all member servers. What's the best way to
> > accomplish this? Thank you in advance.
>
>
>
Re: DC/ DNS 2000 to 2003 Migration [message #161673 is a reply to message #161670] Mon, 05 October 2009 21:58 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"JimmyG" <jim@mycc.us> wrote in message
news:DFBEE152-9022-4EEC-815C-2281945A4891@microsoft.com...
> Thanks Ace.

You are welcome!

Ace



>
> "Ace Fekay [MCT]" wrote:
>
>> "neo" <neo@discussions.microsoft.com> wrote in message
>> news:urH8o9TRKHA.4244@TK2MSFTNGP06.phx.gbl...
>> > Assuming that your Windows 2000 DC/DNS servers are at SP4, then a quick
>> > outline could be something as short as...
>> >
>> > * Add Windows 2003 server to domain
>> > * DCPromo to a domain controller
>> > * Make it a Global Catalog if desired
>> > * Install DNS
>> > * Transfer FSMO Roles if desired
>> > * Wait 24/48 hours, verify health and review that everything works the
>> > way
>> > you want
>> > * Retire Windows 2000
>> >
>>
>>
>> Good generalized plan, however I would like to add and point out a few
>> things out for the JimmyG, the original poster.
>>
>> I suggest to also take inventory of type of clients, firewall vendor,
>> model
>> and IOS installed, and more. Please read...
>>
>> ---
>> In one domain, all DCs are recommended to be GCs. If more than one
>> domain,
>> the IM role can't be on a GC, however this doesn't apply with a single
>> domain.
>>
>> The DNM (Domain Name Master) role must be on a GC.
>>
>> When promoting a 2003 server into a 2000 domain, adprep must be run. I
>> would
>> recommend running it first instead of simply promoting the 2003 server.
>> Reason why, is to make sure there aren't any issues with updating to the
>> 2003 schema, especially since Exchange is involved. Read the following
>> for
>> more info.
>>
>> What do I need to do to prepare my Windows 2000 forest for the
>> installation
>> of the first Windows Server 2003 DC?
>> http://www.petri.co.il/windows_2003_adprep.htm
>>
>> Hotfixes to Install on Windows 2000 Domain Controllers Before Running
>> Adprep
>> /Forestprep - 331161
>> http://www.petri.co.il/windows_2003_adprep.htm
>>
>> ---
>> It is highly recommended to not multihome a DC. A multihomed DC can be a
>> DC
>> with two or more NICs, and/or IP address, or that has RRAS and/or PPPoE
>> installed. Read more for a comprehensive explanation.
>>
>> Multihomed DCs with DNS, RRAS, multiple IPs, and/or PPPoE adapters
>> http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihom ed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx
>>
>> ---
>> When introducing the next release of an OS into a domain, it is minimally
>> recommended to move the DNM and Schema Master roles to the new DC.
>>
>> Run dcpromo after installing DNS. This way after the promotion, the
>> zone(s)
>> will automatically appear. Do not manually create the zone(s) in DNS, or
>> you
>> will create a duplicate zone issue in the AD database. ADSI Edit is
>> required
>> to fix this issue. Read the following to see what I mean.
>>
>> Using ADSI Edit to Resolve Conflicting or Duplicate AD Integrated DNS
>> zones
>> http://msmvps.com/blogs/acefekay/archive/2009/09/02/using-ad si-edit-to-resolve-conflicting-or-duplicate-ad-integrated-dn s-zones.aspx
>>
>> ---
>> The same thing goes with DNS management. Due to the application
>> partitions
>> that are introduced with 2003, if one tries to manage DNS zone properties
>> and inadvertently chooses a replication scope that 2000 does not
>> recognize,
>> it may also results in a duplicate zone issue. If one does not understand
>> the differences, and both 2000 and 2003 will be hosting the zones, it is
>> recommended to administer DNs from the 2000 server until all DCs are
>> 2003.
>>
>> Also when introducing Windows 2003 DNS, a feature called EDNS0 is used
>> that
>> makes DNS resolution more efficient. This feature uses larger UDP packet
>> sizes to 1280 bytes, where the older implementation only goes to 512
>> bytes.
>> Many older firewalls, or firewalls that have not been upgraded will block
>> this type of traffic. YOu will need to check with your firewall vendor to
>> insure it will support ENDS0. Read the following for more info.
>>
>> An External DNS Query May Cause an Error Message in Windows Server 2003:
>> http://support.microsoft.com/?id=828731
>>
>> Some DNS Name Queries Are Unsuccessful After You Upgrade Your DNS Server
>> to
>> Windows Server 2003:
>> http://support.microsoft.com/?id=832223
>>
>> ---
>> Once all DCs are all 2003, you will need to reconfigure the _msdcs zone
>> replication scope and set it as a delegated child zone.
>>
>> How to reconfigure an _msdcs subdomain to a forest-wide DNS application
>> directory partition when you upgrade from Windows 2000 to Windows Server
>> 2003
>> http://support.microsoft.com/?id=817470
>>
>> ---
>> As far as the original poster stating to "upgrade" the 2000 server to
>> 2003,
>> I would highly advise and recommend to not upgrade, but rather once one
>> of
>> the 2000 DCs have been demoted, to reinstall it with 2003 from scratch.
>> This
>> insure no issues from an upgrade. I've seen too many problems with
>> upgraded
>> machines.
>>
>> One issue with upgraded DCs is GPO issues, especially if the default
>> Domain
>> Policy or the Default Domain Controller Policy have been altered to add
>> additional settings. This is not recommended, but many have done so,
>> causing
>> problems. One such are event logs 1030 and/or 1058 errors. Read more...
>>
>> DCGPOfix tool. Restores the default Group Policy objects to their
>> original
>> state (that is, the default state after initial installation.
>> http://technet2.microsoft.com/WindowsServer/en/Library/48872 034-1907-4149-b6aa-9788d38209d21033.mspx
>>
>> ---
>> If using OSx or legacy clients (NT4 and Win9x), there may be issues with
>> the
>> ability to logon or access resources with authentication to 2003 AD with
>> SMB
>> signing. Read the following for more info.
>>
>> 555038 How to enable Windows 98-ME-NT clients to logon to Windows 2003
>> based
>> Domains
>> http://support.microsoft.com/?id=555038
>>
>> ---
>> Once the PDC Emulator has been moved to the Windows 2003 DC, you will
>> have
>> to reconfigure the time service on it to an external source. Don't forget
>> to
>> ensure the firewall allows UDP123 to the PDC emulator.
>>
>> Configuring the Windows Time Service for Windows Server
>> http://msmvps.com/blogs/acefekay/archive/2009/09/18/configur ing-the-windows-time-service-for-windows-server.aspx
>>
>>
>> ---
>> Read the following for additional information.
>>
>> Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003
>> Domain (whether it was upgraded or not, this is full of useful
>> information
>> relating to AD and DNS, among other info):
>> http://support.microsoft.com/?id=555040
>>
>> 887426 Incorrect Schema extension for OSx prevents ForestPrep from
>> completing in Windows 2000:
>> http://support.microsoft.com/?id=887426
>>
>> 325379 How to Upgrade Windows 2000 Domain Controllers to Windows Server
>> 2003
>> http://support.microsoft.com/?id=325379
>>
>> 324392 Enhancements to Adprep.exe in Windows Server 2003 Service Pack 1
>> and
>> in hotfix 324392
>> http://support.microsoft.com/?id=32439
>>
>> What information is available when UPGRADING from W2K/E2K to W2K3
>> (R2)/E2K3?
>> http://blogs.dirteam.com/blogs/jorge/archive/2005/11/19/110. aspx
>>
>> I hope that helps.
>>
>>
>> --
>> Ace
>>
>> This posting is provided "AS-IS" with no warranties or guarantees and
>> confers no rights.
>>
>> Please reply back to the newsgroup or forum for collaboration benefit
>> among
>> responding engineers, and to help others benefit from your resolution.
>>
>> Ace Fekay, MCT, MCTS 2008, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA
>> Messaging
>> Microsoft Certified Trainer
>>
>> For urgent issues, please contact Microsoft PSS directly. Please check
>> http://support.microsoft.com for regional support phone numbers.
>>
>>
>>
>>
>>
Re: DC/ DNS 2000 to 2003 Migration [message #161674 is a reply to message #161669] Mon, 05 October 2009 22:04 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"JimmyG" <jim@mycc.us> wrote in message
news:31A00C45-6176-4EB4-BC62-803E5D3E0B7F@microsoft.com...
> Thanks Neo. One last question.
> After I retire the Windows 2000 server and shut it down, do you anticipate
> any issues with assiging the same host name and IP address of the Windows
> 2000 server to the new Windows 2003 server?
>


YOu can use the same name. Just give it some time for replication to occur
once you've demoted the old server, and have renamed it or shut it down.
Make sure it's name is out of WINS, if using WINS. If it's still showing up
in DNS, delete it out. Check Sites and Services and make sure it is not
listed. If it is, delete the server object.

After replication has occured and you've made sure the old name no longer
exists anywhere, then change the name of the server, reboot, then change the
IP, install DNS, then promote it.

Ace
Re: DC/ DNS 2000 to 2003 Migration [message #161676 is a reply to message #161671] Mon, 05 October 2009 23:25 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello JimmyG,

You have to demote the DC not only shutdown, to remove it complete form AD
database, then delete it from AD sites and services and all DNS zones.

If all the changes above are replicated to all DCs you can use the name again.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> The old server is not an exchange server and will be taken out of the
> domain
> and will be shut down.
> Thanks for your response.
> One more question:
> After I retire the Windows 2000 server and shut it down, do you
> anticipate
> any issues with assiging the same host name and IP address of the
> Windows
> 2000 server to the new Windows 2003 server?
>
> "Meinolf Weber [MVP-DS]" wrote:
>
>> Hello JimmyG,
>>
>> See here for upgrading to 2003.
>>
>> !!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOUR
>> DATA/MACHINE!!!
>>
>> One question first:
>> Is the old server also Exchange server and will it be taken out of
>> the domain
>> forever, when the new server is running?
>> - On the old server open DNS management console and check that you
>> are running Active directory integrated zone (easier for replication,
>> if you have more then one DNS server)
>>
>> - run replmon from the run line or repadmin /showreps (only if more
>> then one DC exist), dcdiag and netdiag from the command prompt on the
>> old machine to check for errors, if you have some post the complete
>> output from the command here or solve them first. For this tools you
>> have to install the support\tools\suptools.msi from the 2000 or 2003
>> installation disk.
>>
>> - run adprep /forestprep and adprep /domainprep from the 2003
>> installation disk against the 2000 server, with an account that is
>> member of the Schema admins, to upgrade the schema to the new version
>>
>> - Install the new machine as a member server in your existing domain
>>
>> - configure a fixed ip and set the preferred DNS server to the old
>> DNS server only
>>
>> - run dcpromo and follow the wizard to add the 2003 server to an
>> existing domain
>>
>> - if you are prompted for DNS configuration choose Yes (also possible
>> that no DNS preparation occur), then install DNS after the reboot
>>
>> - for DNS give the server time for replication, at least 15 minutes.
>> Because you use Active directory integrated zones it will
>> automatically replicate the zones to the new server. Open DNS
>> management console to check that they appear
>>
>> - if the new machine is domain controller and DNS server run again
>> replmon, dcdiag and netdiag on both domain controllers
>>
>> - if you have no errors, make the new server Global catalog server,
>> open Active directory Sites and Services and then double-click
>> sitename, double-click Servers, click your domain controller,
>> right-click NTDS Settings, and then click Properties, on the General
>> tab, click to select the Global catalog check box
>> (http://support.microsoft.com/?id=313994)
>>
>> - Transfer, NOT seize the 5 FSMO roles to the new Domain controller
>> (http://support.microsoft.com/kb/324801)
>>
>> - you can see in the event viewer (Directory service) that the roles
>> are transferred, also give it some time
>>
>> - reconfigure the DNS configuration on your NIC of the 2003 server,
>> preferred DNS itself, secondary the old one
>>
>> - if you use DHCP do not forget to reconfigure the scope settings to
>> point to the new installed DNS server
>>
>> - export and import of DHCP database (if needed)
>> (http://support.microsoft.com/kb/325473)
>>
>> - backup WINS
>> (http://technet.microsoft.com/en-us/library/cc727901.aspx)
>>
>> - restore WINS
>> (http://technet.microsoft.com/en-us/library/cc727960.aspx)
>>
>> Demoting the old DC (if needed)
>>
>> - reconfigure your clients/servers that they not longer point to the
>> old DC/DNS server on the NIC
>>
>> - to be sure that everything runs fine, disconnect the old DC from
>> the network and check with clients and servers the connectivity,
>> logon and also with one client a restart to see that everything is ok
>>
>> - then run dcpromo to demote the old DC, if it works fine the machine
>> will move from the DC's OU to the computers container, where you can
>> delete it by hand. Can be that you got an error during demoting at
>> the beginning, then uncheck the Global catalog on that DC and try
>> again
>>
>> - check the DNS management console, that all entries from the machine
>> are disappeared or delete them by hand if the machine is off the
>> network for ever
>>
>> - also you have to start AD sites and services and delete the old
>> servername under the site, this will not be done during demotion
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Hello,
>>> In our environment we have 2 Windows 2000 servers that act as DC/
>>> DNS
>>> servers. We bought a new server running windows 2003 which I would
>>> like to
>>> make that our new DC/ DNS server. After this is done, I'd
>>> decommision
>>> one of
>>> our existing Windows 2000 DC/ DNS servers and will upgrade the
>>> other
>>> to
>>> Windows 2003.
>>> We have serveral other Windows 2003 servers (Exchange 2003, File/
>>> Print and
>>> Application servers) which are all member servers. What's the best
>>> way
>>> to
>>> accomplish this? Thank you in advance.
Re: DC/ DNS 2000 to 2003 Migration [message #161693 is a reply to message #161672] Tue, 06 October 2009 06:18 Go to previous messageGo to next message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
As long as you do a dcpromo on the old machine there should be no problems
at all.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"JimmyG" <jim@mycc.us> wrote in message
news:E1E0B17C-90E8-4CD1-89C3-952AA091BA27@microsoft.com...
>
> Thanks Paul for your response.
> One more question:
> After I retire the Windows 2000 server and shut it down, do you anticipate
> any issues with assiging the same host name and IP address of the Windows
> 2000 server to the new Windows 2003 server?
>
> "Paul Bergson [MVP-DS]" wrote:
>
>> I have an upgrade article available for this at:
>> http://www.pbbergs.com/windows/articles.htm
>>
>> --
>> Paul Bergson
>> MVP - Directory Services
>> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
>> 2008, 2003, 2000 (Early Achiever), NT4
>> Microsoft's Thrive IT Pro of the Month - June 2009
>>
>> http://www.pbbergs.com
>>
>> Please no e-mails, any questions should be posted in the NewsGroup This
>> posting is provided "AS IS" with no warranties, and confers no rights.
>>
>> "JimmyG" <jim@mycc.us> wrote in message
>> news:99F560B8-B559-4E73-901B-11B39A7031B0@microsoft.com...
>> > Hello,
>> > In our environment we have 2 Windows 2000 servers that act as DC/ DNS
>> > servers. We bought a new server running windows 2003 which I would like
>> > to
>> > make that our new DC/ DNS server. After this is done, I'd decommision
>> > one
>> > of
>> > our existing Windows 2000 DC/ DNS servers and will upgrade the other
>> > to
>> > Windows 2003.
>> > We have serveral other Windows 2003 servers (Exchange 2003, File/ Print
>> > and
>> > Application servers) which are all member servers. What's the best way
>> > to
>> > accomplish this? Thank you in advance.
>>
>>
>>
Re: DC/ DNS 2000 to 2003 Migration [message #289826 is a reply to message #161676] Sun, 18 October 2009 11:41 Go to previous messageGo to next message
JimmyG  is currently offline JimmyG
Messages: 8
Registered: October 2009
Junior Member
Hi Meinolf:
I setup the new 2003 DC and installed adminpack and when I ru active
directory users and computers, I don't see the Exchange tasks (I have
advanced features enabled). Do you know why? Exchange 2003 is running on a
member 2003 server.
Thx.

"Meinolf Weber [MVP-DS]" wrote:

> Hello JimmyG,
>
> You have to demote the DC not only shutdown, to remove it complete form AD
> database, then delete it from AD sites and services and all DNS zones.
>
> If all the changes above are replicated to all DCs you can use the name again.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > The old server is not an exchange server and will be taken out of the
> > domain
> > and will be shut down.
> > Thanks for your response.
> > One more question:
> > After I retire the Windows 2000 server and shut it down, do you
> > anticipate
> > any issues with assiging the same host name and IP address of the
> > Windows
> > 2000 server to the new Windows 2003 server?
> >
> > "Meinolf Weber [MVP-DS]" wrote:
> >
> >> Hello JimmyG,
> >>
> >> See here for upgrading to 2003.
> >>
> >> !!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOUR
> >> DATA/MACHINE!!!
> >>
> >> One question first:
> >> Is the old server also Exchange server and will it be taken out of
> >> the domain
> >> forever, when the new server is running?
> >> - On the old server open DNS management console and check that you
> >> are running Active directory integrated zone (easier for replication,
> >> if you have more then one DNS server)
> >>
> >> - run replmon from the run line or repadmin /showreps (only if more
> >> then one DC exist), dcdiag and netdiag from the command prompt on the
> >> old machine to check for errors, if you have some post the complete
> >> output from the command here or solve them first. For this tools you
> >> have to install the support\tools\suptools.msi from the 2000 or 2003
> >> installation disk.
> >>
> >> - run adprep /forestprep and adprep /domainprep from the 2003
> >> installation disk against the 2000 server, with an account that is
> >> member of the Schema admins, to upgrade the schema to the new version
> >>
> >> - Install the new machine as a member server in your existing domain
> >>
> >> - configure a fixed ip and set the preferred DNS server to the old
> >> DNS server only
> >>
> >> - run dcpromo and follow the wizard to add the 2003 server to an
> >> existing domain
> >>
> >> - if you are prompted for DNS configuration choose Yes (also possible
> >> that no DNS preparation occur), then install DNS after the reboot
> >>
> >> - for DNS give the server time for replication, at least 15 minutes.
> >> Because you use Active directory integrated zones it will
> >> automatically replicate the zones to the new server. Open DNS
> >> management console to check that they appear
> >>
> >> - if the new machine is domain controller and DNS server run again
> >> replmon, dcdiag and netdiag on both domain controllers
> >>
> >> - if you have no errors, make the new server Global catalog server,
> >> open Active directory Sites and Services and then double-click
> >> sitename, double-click Servers, click your domain controller,
> >> right-click NTDS Settings, and then click Properties, on the General
> >> tab, click to select the Global catalog check box
> >> (http://support.microsoft.com/?id=313994)
> >>
> >> - Transfer, NOT seize the 5 FSMO roles to the new Domain controller
> >> (http://support.microsoft.com/kb/324801)
> >>
> >> - you can see in the event viewer (Directory service) that the roles
> >> are transferred, also give it some time
> >>
> >> - reconfigure the DNS configuration on your NIC of the 2003 server,
> >> preferred DNS itself, secondary the old one
> >>
> >> - if you use DHCP do not forget to reconfigure the scope settings to
> >> point to the new installed DNS server
> >>
> >> - export and import of DHCP database (if needed)
> >> (http://support.microsoft.com/kb/325473)
> >>
> >> - backup WINS
> >> (http://technet.microsoft.com/en-us/library/cc727901.aspx)
> >>
> >> - restore WINS
> >> (http://technet.microsoft.com/en-us/library/cc727960.aspx)
> >>
> >> Demoting the old DC (if needed)
> >>
> >> - reconfigure your clients/servers that they not longer point to the
> >> old DC/DNS server on the NIC
> >>
> >> - to be sure that everything runs fine, disconnect the old DC from
> >> the network and check with clients and servers the connectivity,
> >> logon and also with one client a restart to see that everything is ok
> >>
> >> - then run dcpromo to demote the old DC, if it works fine the machine
> >> will move from the DC's OU to the computers container, where you can
> >> delete it by hand. Can be that you got an error during demoting at
> >> the beginning, then uncheck the Global catalog on that DC and try
> >> again
> >>
> >> - check the DNS management console, that all entries from the machine
> >> are disappeared or delete them by hand if the machine is off the
> >> network for ever
> >>
> >> - also you have to start AD sites and services and delete the old
> >> servername under the site, this will not be done during demotion
> >>
> >> Best regards
> >>
> >> Meinolf Weber
> >> Disclaimer: This posting is provided "AS IS" with no warranties, and
> >> confers
> >> no rights.
> >> ** Please do NOT email, only reply to Newsgroups
> >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>> Hello,
> >>> In our environment we have 2 Windows 2000 servers that act as DC/
> >>> DNS
> >>> servers. We bought a new server running windows 2003 which I would
> >>> like to
> >>> make that our new DC/ DNS server. After this is done, I'd
> >>> decommision
> >>> one of
> >>> our existing Windows 2000 DC/ DNS servers and will upgrade the
> >>> other
> >>> to
> >>> Windows 2003.
> >>> We have serveral other Windows 2003 servers (Exchange 2003, File/
> >>> Print and
> >>> Application servers) which are all member servers. What's the best
> >>> way
> >>> to
> >>> accomplish this? Thank you in advance.
>
>
>
Re: DC/ DNS 2000 to 2003 Migration [message #289827 is a reply to message #161693] Sun, 18 October 2009 11:41 Go to previous messageGo to next message
JimmyG  is currently offline JimmyG
Messages: 8
Registered: October 2009
Junior Member
Hi Paul:
I setup the new 2003 DC and installed adminpack and when I ru active
directory users and computers, I don't see the Exchange tasks (I have
advanced features enabled). Do you know why? Exchange 2003 is running on a
member 2003 server.
Thx.

"Paul Bergson [MVP-DS]" wrote:

> As long as you do a dcpromo on the old machine there should be no problems
> at all.
>
> --
> Paul Bergson
> MVP - Directory Services
> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
> 2008, 2003, 2000 (Early Achiever), NT4
> Microsoft's Thrive IT Pro of the Month - June 2009
>
> http://www.pbbergs.com
>
> Please no e-mails, any questions should be posted in the NewsGroup This
> posting is provided "AS IS" with no warranties, and confers no rights.
>
> "JimmyG" <jim@mycc.us> wrote in message
> news:E1E0B17C-90E8-4CD1-89C3-952AA091BA27@microsoft.com...
> >
> > Thanks Paul for your response.
> > One more question:
> > After I retire the Windows 2000 server and shut it down, do you anticipate
> > any issues with assiging the same host name and IP address of the Windows
> > 2000 server to the new Windows 2003 server?
> >
> > "Paul Bergson [MVP-DS]" wrote:
> >
> >> I have an upgrade article available for this at:
> >> http://www.pbbergs.com/windows/articles.htm
> >>
> >> --
> >> Paul Bergson
> >> MVP - Directory Services
> >> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
> >> 2008, 2003, 2000 (Early Achiever), NT4
> >> Microsoft's Thrive IT Pro of the Month - June 2009
> >>
> >> http://www.pbbergs.com
> >>
> >> Please no e-mails, any questions should be posted in the NewsGroup This
> >> posting is provided "AS IS" with no warranties, and confers no rights.
> >>
> >> "JimmyG" <jim@mycc.us> wrote in message
> >> news:99F560B8-B559-4E73-901B-11B39A7031B0@microsoft.com...
> >> > Hello,
> >> > In our environment we have 2 Windows 2000 servers that act as DC/ DNS
> >> > servers. We bought a new server running windows 2003 which I would like
> >> > to
> >> > make that our new DC/ DNS server. After this is done, I'd decommision
> >> > one
> >> > of
> >> > our existing Windows 2000 DC/ DNS servers and will upgrade the other
> >> > to
> >> > Windows 2003.
> >> > We have serveral other Windows 2003 servers (Exchange 2003, File/ Print
> >> > and
> >> > Application servers) which are all member servers. What's the best way
> >> > to
> >> > accomplish this? Thank you in advance.
> >>
> >>
> >>
>
>
>
Re: DC/ DNS 2000 to 2003 Migration [message #289828 is a reply to message #161674] Sun, 18 October 2009 11:42 Go to previous messageGo to next message
JimmyG  is currently offline JimmyG
Messages: 8
Registered: October 2009
Junior Member
Hi Ace:

I setup the new 2003 DC and installed adminpack and when I ru active
directory users and computers, I don't see the Exchange tasks (I have
advanced features enabled). Do you know why? Exchange 2003 is running on a
member 2003 server.
Thx.
"Ace Fekay [MCT]" wrote:

> "JimmyG" <jim@mycc.us> wrote in message
> news:31A00C45-6176-4EB4-BC62-803E5D3E0B7F@microsoft.com...
> > Thanks Neo. One last question.
> > After I retire the Windows 2000 server and shut it down, do you anticipate
> > any issues with assiging the same host name and IP address of the Windows
> > 2000 server to the new Windows 2003 server?
> >
>
>
> YOu can use the same name. Just give it some time for replication to occur
> once you've demoted the old server, and have renamed it or shut it down.
> Make sure it's name is out of WINS, if using WINS. If it's still showing up
> in DNS, delete it out. Check Sites and Services and make sure it is not
> listed. If it is, delete the server object.
>
> After replication has occured and you've made sure the old name no longer
> exists anywhere, then change the name of the server, reboot, then change the
> IP, install DNS, then promote it.
>
> Ace
>
>
>
Re: DC/ DNS 2000 to 2003 Migration [message #289848 is a reply to message #289826] Sun, 18 October 2009 12:02 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello JimmyG,

You have to install the Exchange management tools from the exchange installation
disk.
http://technet.microsoft.com/en-us/library/bb123850(EXCHG.65).aspx

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hi Meinolf:
> I setup the new 2003 DC and installed adminpack and when I ru active
> directory users and computers, I don't see the Exchange tasks (I have
> advanced features enabled). Do you know why? Exchange 2003 is running
> on a
> member 2003 server.
> Thx.
> "Meinolf Weber [MVP-DS]" wrote:
>
>> Hello JimmyG,
>>
>> You have to demote the DC not only shutdown, to remove it complete
>> form AD database, then delete it from AD sites and services and all
>> DNS zones.
>>
>> If all the changes above are replicated to all DCs you can use the
>> name again.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> The old server is not an exchange server and will be taken out of
>>> the
>>> domain
>>> and will be shut down.
>>> Thanks for your response.
>>> One more question:
>>> After I retire the Windows 2000 server and shut it down, do you
>>> anticipate
>>> any issues with assiging the same host name and IP address of the
>>> Windows
>>> 2000 server to the new Windows 2003 server?
>>> "Meinolf Weber [MVP-DS]" wrote:
>>>
>>>> Hello JimmyG,
>>>>
>>>> See here for upgrading to 2003.
>>>>
>>>> !!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOUR
>>>> DATA/MACHINE!!!
>>>>
>>>> One question first:
>>>> Is the old server also Exchange server and will it be taken out of
>>>> the domain
>>>> forever, when the new server is running?
>>>> - On the old server open DNS management console and check that you
>>>> are running Active directory integrated zone (easier for
>>>> replication,
>>>> if you have more then one DNS server)
>>>> - run replmon from the run line or repadmin /showreps (only if more
>>>> then one DC exist), dcdiag and netdiag from the command prompt on
>>>> the old machine to check for errors, if you have some post the
>>>> complete output from the command here or solve them first. For this
>>>> tools you have to install the support\tools\suptools.msi from the
>>>> 2000 or 2003 installation disk.
>>>>
>>>> - run adprep /forestprep and adprep /domainprep from the 2003
>>>> installation disk against the 2000 server, with an account that is
>>>> member of the Schema admins, to upgrade the schema to the new
>>>> version
>>>>
>>>> - Install the new machine as a member server in your existing
>>>> domain
>>>>
>>>> - configure a fixed ip and set the preferred DNS server to the old
>>>> DNS server only
>>>>
>>>> - run dcpromo and follow the wizard to add the 2003 server to an
>>>> existing domain
>>>>
>>>> - if you are prompted for DNS configuration choose Yes (also
>>>> possible that no DNS preparation occur), then install DNS after the
>>>> reboot
>>>>
>>>> - for DNS give the server time for replication, at least 15
>>>> minutes. Because you use Active directory integrated zones it will
>>>> automatically replicate the zones to the new server. Open DNS
>>>> management console to check that they appear
>>>>
>>>> - if the new machine is domain controller and DNS server run again
>>>> replmon, dcdiag and netdiag on both domain controllers
>>>>
>>>> - if you have no errors, make the new server Global catalog server,
>>>> open Active directory Sites and Services and then double-click
>>>> sitename, double-click Servers, click your domain controller,
>>>> right-click NTDS Settings, and then click Properties, on the
>>>> General tab, click to select the Global catalog check box
>>>> (http://support.microsoft.com/?id=313994)
>>>>
>>>> - Transfer, NOT seize the 5 FSMO roles to the new Domain controller
>>>> (http://support.microsoft.com/kb/324801)
>>>>
>>>> - you can see in the event viewer (Directory service) that the
>>>> roles are transferred, also give it some time
>>>>
>>>> - reconfigure the DNS configuration on your NIC of the 2003 server,
>>>> preferred DNS itself, secondary the old one
>>>>
>>>> - if you use DHCP do not forget to reconfigure the scope settings
>>>> to point to the new installed DNS server
>>>>
>>>> - export and import of DHCP database (if needed)
>>>> (http://support.microsoft.com/kb/325473)
>>>> - backup WINS
>>>> (http://technet.microsoft.com/en-us/library/cc727901.aspx)
>>>> - restore WINS
>>>> (http://technet.microsoft.com/en-us/library/cc727960.aspx)
>>>> Demoting the old DC (if needed)
>>>>
>>>> - reconfigure your clients/servers that they not longer point to
>>>> the old DC/DNS server on the NIC
>>>>
>>>> - to be sure that everything runs fine, disconnect the old DC from
>>>> the network and check with clients and servers the connectivity,
>>>> logon and also with one client a restart to see that everything is
>>>> ok
>>>>
>>>> - then run dcpromo to demote the old DC, if it works fine the
>>>> machine will move from the DC's OU to the computers container,
>>>> where you can delete it by hand. Can be that you got an error
>>>> during demoting at the beginning, then uncheck the Global catalog
>>>> on that DC and try again
>>>>
>>>> - check the DNS management console, that all entries from the
>>>> machine are disappeared or delete them by hand if the machine is
>>>> off the network for ever
>>>>
>>>> - also you have to start AD sites and services and delete the old
>>>> servername under the site, this will not be done during demotion
>>>>
>>>> Best regards
>>>>
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>> and
>>>> confers
>>>> no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> Hello,
>>>>> In our environment we have 2 Windows 2000 servers that act as DC/
>>>>> DNS
>>>>> servers. We bought a new server running windows 2003 which I would
>>>>> like to
>>>>> make that our new DC/ DNS server. After this is done, I'd
>>>>> decommision
>>>>> one of
>>>>> our existing Windows 2000 DC/ DNS servers and will upgrade the
>>>>> other
>>>>> to
>>>>> Windows 2003.
>>>>> We have serveral other Windows 2003 servers (Exchange 2003, File/
>>>>> Print and
>>>>> Application servers) which are all member servers. What's the best
>>>>> way
>>>>> to
>>>>> accomplish this? Thank you in advance.
Re: DC/ DNS 2000 to 2003 Migration [message #290276 is a reply to message #289828] Sun, 18 October 2009 20:50 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"JimmyG" <jim@mycc.us> wrote in message
news:ED6A1C28-A75D-4257-B430-39DDDAABA8CE@microsoft.com...
> Hi Ace:
>
> I setup the new 2003 DC and installed adminpack and when I ru active
> directory users and computers, I don't see the Exchange tasks (I have
> advanced features enabled). Do you know why? Exchange 2003 is running on a
> member 2003 server.
> Thx.

Installing the Adminpak was superfluous, since the adminpak is installed as
part of the dcpromo process.

If you want to administer Exchange user properties on your domain
controller, you have to install the Exchange Management Tools. That is done
by putting in the Exchange 2003 cdrom and go through the installation
process, but ONLY opting to install the management tools.

However, to install the Exchange 2003 tools, you need to install IIS, SMTP
and NNTP on the DC first. This is usually not advised nor recommended due to
security reasons. Therefore if you decide that you want to do this, then go
into Add/Remove, Windows components, and add IIS components, as well as SMTP
and NNTP. Under World Wide Web, you also need to check off ASP. Do not check
Server side includes.

I hope that helps, and installing IIS security risks have been taken under
advisement. I would honeslty not do it, and simply administer Exchange user
account properties from the ADUC in Exchange.

Ace
Re: DC/ DNS 2000 to 2003 Migration [message #290277 is a reply to message #289848] Sun, 18 October 2009 20:52 Go to previous message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
news:6cb2911d7c4c8cc1e44fdf611cb@msnews.microsoft.com...

Hi Meinolf,

Sorry, I didn't see your response before I hit the Send button when
responding to JimmyG's duplicate question he asked in the other portion of
this thread.

Ace



> Hello JimmyG,
>
> You have to install the Exchange management tools from the exchange
> installation disk.
> http://technet.microsoft.com/en-us/library/bb123850(EXCHG.65).aspx
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Hi Meinolf:
>> I setup the new 2003 DC and installed adminpack and when I ru active
>> directory users and computers, I don't see the Exchange tasks (I have
>> advanced features enabled). Do you know why? Exchange 2003 is running
>> on a
>> member 2003 server.
>> Thx.
>> "Meinolf Weber [MVP-DS]" wrote:
>>
>>> Hello JimmyG,
>>>
>>> You have to demote the DC not only shutdown, to remove it complete
>>> form AD database, then delete it from AD sites and services and all
>>> DNS zones.
>>>
>>> If all the changes above are replicated to all DCs you can use the
>>> name again.
>>>
>>> Best regards
>>>
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers
>>> no rights.
>>> ** Please do NOT email, only reply to Newsgroups
>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>> The old server is not an exchange server and will be taken out of
>>>> the
>>>> domain
>>>> and will be shut down.
>>>> Thanks for your response.
>>>> One more question:
>>>> After I retire the Windows 2000 server and shut it down, do you
>>>> anticipate
>>>> any issues with assiging the same host name and IP address of the
>>>> Windows
>>>> 2000 server to the new Windows 2003 server?
>>>> "Meinolf Weber [MVP-DS]" wrote:
>>>>
>>>>> Hello JimmyG,
>>>>>
>>>>> See here for upgrading to 2003.
>>>>>
>>>>> !!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOUR
>>>>> DATA/MACHINE!!!
>>>>>
>>>>> One question first:
>>>>> Is the old server also Exchange server and will it be taken out of
>>>>> the domain
>>>>> forever, when the new server is running?
>>>>> - On the old server open DNS management console and check that you
>>>>> are running Active directory integrated zone (easier for
>>>>> replication,
>>>>> if you have more then one DNS server)
>>>>> - run replmon from the run line or repadmin /showreps (only if more
>>>>> then one DC exist), dcdiag and netdiag from the command prompt on
>>>>> the old machine to check for errors, if you have some post the
>>>>> complete output from the command here or solve them first. For this
>>>>> tools you have to install the support\tools\suptools.msi from the
>>>>> 2000 or 2003 installation disk.
>>>>>
>>>>> - run adprep /forestprep and adprep /domainprep from the 2003
>>>>> installation disk against the 2000 server, with an account that is
>>>>> member of the Schema admins, to upgrade the schema to the new
>>>>> version
>>>>>
>>>>> - Install the new machine as a member server in your existing
>>>>> domain
>>>>>
>>>>> - configure a fixed ip and set the preferred DNS server to the old
>>>>> DNS server only
>>>>>
>>>>> - run dcpromo and follow the wizard to add the 2003 server to an
>>>>> existing domain
>>>>>
>>>>> - if you are prompted for DNS configuration choose Yes (also
>>>>> possible that no DNS preparation occur), then install DNS after the
>>>>> reboot
>>>>>
>>>>> - for DNS give the server time for replication, at least 15
>>>>> minutes. Because you use Active directory integrated zones it will
>>>>> automatically replicate the zones to the new server. Open DNS
>>>>> management console to check that they appear
>>>>>
>>>>> - if the new machine is domain controller and DNS server run again
>>>>> replmon, dcdiag and netdiag on both domain controllers
>>>>>
>>>>> - if you have no errors, make the new server Global catalog server,
>>>>> open Active directory Sites and Services and then double-click
>>>>> sitename, double-click Servers, click your domain controller,
>>>>> right-click NTDS Settings, and then click Properties, on the
>>>>> General tab, click to select the Global catalog check box
>>>>> (http://support.microsoft.com/?id=313994)
>>>>>
>>>>> - Transfer, NOT seize the 5 FSMO roles to the new Domain controller
>>>>> (http://support.microsoft.com/kb/324801)
>>>>>
>>>>> - you can see in the event viewer (Directory service) that the
>>>>> roles are transferred, also give it some time
>>>>>
>>>>> - reconfigure the DNS configuration on your NIC of the 2003 server,
>>>>> preferred DNS itself, secondary the old one
>>>>>
>>>>> - if you use DHCP do not forget to reconfigure the scope settings
>>>>> to point to the new installed DNS server
>>>>>
>>>>> - export and import of DHCP database (if needed)
>>>>> (http://support.microsoft.com/kb/325473)
>>>>> - backup WINS
>>>>> (http://technet.microsoft.com/en-us/library/cc727901.aspx)
>>>>> - restore WINS
>>>>> (http://technet.microsoft.com/en-us/library/cc727960.aspx)
>>>>> Demoting the old DC (if needed)
>>>>>
>>>>> - reconfigure your clients/servers that they not longer point to
>>>>> the old DC/DNS server on the NIC
>>>>>
>>>>> - to be sure that everything runs fine, disconnect the old DC from
>>>>> the network and check with clients and servers the connectivity,
>>>>> logon and also with one client a restart to see that everything is
>>>>> ok
>>>>>
>>>>> - then run dcpromo to demote the old DC, if it works fine the
>>>>> machine will move from the DC's OU to the computers container,
>>>>> where you can delete it by hand. Can be that you got an error
>>>>> during demoting at the beginning, then uncheck the Global catalog
>>>>> on that DC and try again
>>>>>
>>>>> - check the DNS management console, that all entries from the
>>>>> machine are disappeared or delete them by hand if the machine is
>>>>> off the network for ever
>>>>>
>>>>> - also you have to start AD sites and services and delete the old
>>>>> servername under the site, this will not be done during demotion
>>>>>
>>>>> Best regards
>>>>>
>>>>> Meinolf Weber
>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>> and
>>>>> confers
>>>>> no rights.
>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>> Hello,
>>>>>> In our environment we have 2 Windows 2000 servers that act as DC/
>>>>>> DNS
>>>>>> servers. We bought a new server running windows 2003 which I would
>>>>>> like to
>>>>>> make that our new DC/ DNS server. After this is done, I'd
>>>>>> decommision
>>>>>> one of
>>>>>> our existing Windows 2000 DC/ DNS servers and will upgrade the
>>>>>> other
>>>>>> to
>>>>>> Windows 2003.
>>>>>> We have serveral other Windows 2003 servers (Exchange 2003, File/
>>>>>> Print and
>>>>>> Application servers) which are all member servers. What's the best
>>>>>> way
>>>>>> to
>>>>>> accomplish this? Thank you in advance.
>
>
Previous Topic:re-organize AD
Next Topic:"Access denied" error in a subfolder that the user has "full-contr
Goto Forum:
  


Current Time: Tue Jan 23 16:46:55 MST 2018

Total time taken to generate the page: 0.11181 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software