Moving Active Directory in Windows 2000 into a new server

[Guest]

Hello there,

I wonder if some can help please.

I have we have a Windows 2000 active directory which has been treated very
badly over the years. I want to move it into another Windows 2000 server.

Is there a list of commands any where that would help me to?
a) Repair it and check for its consistency?
b) Do the migration?
c) Move the FSMO Roles?
d) Move DNS?
e) Move DHCP?

The problem is to know what to expect.

Thanks
Wessam

 

[Herb Martin]

Hello there,

I wonder if some can help please.

I have we have a Windows 2000 active directory which has been treated very
badly over the years. I want to move it into another Windows 2000 server.

Is there anything actually WRONG with it?
How do you know?

DCDiag and RepAdmin (or ReplMon GUI) can help.

Is there a list of commands any where that would help me to?
a) Repair it and check for its consistency?

DCDiag and RepAdmin

[Technically NTDSUtil might be useful but its
repair facilities are NOT to be used as long as
you have other options.]

b) Do the migration?

I would suggest NOT migrating (technically a
migration refers to moving to a new domain.)

You might consider

c) Move the FSMO Roles?

GUI tools* or NTDSUtil is actually easier when
moving all 5 roles.

* All three of:
AD Users and Computers
AD Domains and Trusts
AD Schema Editor

d) Move DNS?

Build another copy of the Zone (AD Integrated or
just a Secondary) to transfer this to another DNS
server.

e) Move DHCP?

If you have enough addresses to spare it is easier
to just create a new DCHP server and scope with
different addresss range. Moving it possible but
a pain.

The problem is to know what to expect.

Probably no problems. AD is very resilient; most
AD 'problems' are actually DNS issue.

 

[Guest]

Thanks for your reply, it is appreciated.

The server is years old and crashing all the time. Based in IDE drives with
128 RAM. They used it as File and Print + AD, DHCP etc… I don’t think they
every backed it up correctly. Very often refuses to authenticate users, or
roaming profiles don’t load. And crashes a lot during the day.

Ideally they need to move into Windows 2003 AD as all other servers are
Windows 2003 including Exchange 2003. But I wanted to make sure that Windows
2000 AD is clean and healthy before moving into a new server (Sorry not
migration wrong term).

The firm has about 22 users so it is maybe easer to create a new IP scope in
the new server.

Do you think I should go to Windows 2003 directly or W2K first and then to
2003?

Thanks
Wessam

Hello there,

I wonder if some can help please.

I have we have a Windows 2000 active directory which has been treated very
badly over the years. I want to move it into another Windows 2000 server.

Is there anything actually WRONG with it?
How do you know?

DCDiag and RepAdmin (or ReplMon GUI) can help.

Is there a list of commands any where that would help me to?
a) Repair it and check for its consistency?

DCDiag and RepAdmin

[Technically NTDSUtil might be useful but its
repair facilities are NOT to be used as long as
you have other options.]

b) Do the migration?

I would suggest NOT migrating (technically a
migration refers to moving to a new domain.)

You might consider

c) Move the FSMO Roles?

GUI tools* or NTDSUtil is actually easier when
moving all 5 roles.

* All three of:
AD Users and Computers
AD Domains and Trusts
AD Schema Editor

d) Move DNS?

Build another copy of the Zone (AD Integrated or
just a Secondary) to transfer this to another DNS
server.

e) Move DHCP?

If you have enough addresses to spare it is easier
to just create a new DCHP server and scope with
different addresss range. Moving it possible but
a pain.

The problem is to know what to expect.

Probably no problems. AD is very resilient; most
AD 'problems' are actually DNS issue.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

 

[Herb Martin]

Thanks for your reply, it is appreciated.

The server is years old and crashing all the time. Based in IDE drives
with
128 RAM. They used it as File and Print + AD, DHCP etc. I don't think they
every backed it up correctly. Very often refuses to authenticate users, or
roaming profiles don't load. And crashes a lot during the day.

Failure to authenticate and profile problems are likely
due to DNS or lost role holders (i.e., DCs taken offline).

Ideally they need to move into Windows 2003 AD as all other servers are
Windows 2003 including Exchange 2003. But I wanted to make sure that
Windows
2000 AD is clean and healthy before moving into a new server (Sorry not
migration wrong term).

Add a new Server. DCPromo it. Move roles, gc, DNS,
WINS, and DHCP. DCPromo old DC to ordinary server.

The firm has about 22 users so it is maybe easer to create a new IP scope
in
the new server.

Do you think I should go to Windows 2003 directly or W2K first and then to
2003?

Normally, I would tell you to just UPGRADE the old
server to Win2003 then replace it as above. If it is as
flaky as you suggest then do it by adding a new DC
(as above) and then remove it.

Upgrading is practically always the BEST method despite
a lot of people claiming they wish to "clean it up" by
migration -- anyone who doesn't have the skills and organization
to clean up the current environment will soon have just as
big a mess in the new one and upgrades are INHERENTLY
more difficult, tedious, and error prone.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

Thanks
Wessam

Hello there,

I wonder if some can help please.

I have we have a Windows 2000 active directory which has been treated
very
badly over the years. I want to move it into another Windows 2000
server.

Is there anything actually WRONG with it?
How do you know?

DCDiag and RepAdmin (or ReplMon GUI) can help.

Is there a list of commands any where that would help me to?
a) Repair it and check for its consistency?

DCDiag and RepAdmin

[Technically NTDSUtil might be useful but its
repair facilities are NOT to be used as long as
you have other options.]

b) Do the migration?

I would suggest NOT migrating (technically a
migration refers to moving to a new domain.)

You might consider

c) Move the FSMO Roles?

GUI tools* or NTDSUtil is actually easier when
moving all 5 roles.

* All three of:
AD Users and Computers
AD Domains and Trusts
AD Schema Editor

d) Move DNS?

Build another copy of the Zone (AD Integrated or
just a Secondary) to transfer this to another DNS
server.

e) Move DHCP?

If you have enough addresses to spare it is easier
to just create a new DCHP server and scope with
different addresss range. Moving it possible but
a pain.

The problem is to know what to expect.

Probably no problems. AD is very resilient; most
AD 'problems' are actually DNS issue.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

 

[Paul Bergson [MVP-DS]]

Here is some additional info on decommissioning a dc

http://www.pbbergs.com
Select articles and click on Decommision a DC

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

Thanks for your reply, it is appreciated.

The server is years old and crashing all the time. Based in IDE drives
with
128 RAM. They used it as File and Print + AD, DHCP etc. I don't think
they
every backed it up correctly. Very often refuses to authenticate users,
or
roaming profiles don't load. And crashes a lot during the day.

Failure to authenticate and profile problems are likely
due to DNS or lost role holders (i.e., DCs taken offline).

Ideally they need to move into Windows 2003 AD as all other servers are
Windows 2003 including Exchange 2003. But I wanted to make sure that
Windows
2000 AD is clean and healthy before moving into a new server (Sorry not
migration wrong term).

Add a new Server. DCPromo it. Move roles, gc, DNS,
WINS, and DHCP. DCPromo old DC to ordinary server.

The firm has about 22 users so it is maybe easer to create a new IP scope
in
the new server.

Do you think I should go to Windows 2003 directly or W2K first and then
to
2003?

Normally, I would tell you to just UPGRADE the old
server to Win2003 then replace it as above. If it is as
flaky as you suggest then do it by adding a new DC
(as above) and then remove it.

Upgrading is practically always the BEST method despite
a lot of people claiming they wish to "clean it up" by
migration -- anyone who doesn't have the skills and organization
to clean up the current environment will soon have just as
big a mess in the new one and upgrades are INHERENTLY
more difficult, tedious, and error prone.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

Thanks
Wessam

Hello there,

I wonder if some can help please.

I have we have a Windows 2000 active directory which has been treated
very
badly over the years. I want to move it into another Windows 2000
server.

Is there anything actually WRONG with it?
How do you know?

DCDiag and RepAdmin (or ReplMon GUI) can help.

Is there a list of commands any where that would help me to?
a) Repair it and check for its consistency?

DCDiag and RepAdmin

[Technically NTDSUtil might be useful but its
repair facilities are NOT to be used as long as
you have other options.]

b) Do the migration?

I would suggest NOT migrating (technically a
migration refers to moving to a new domain.)

You might consider

c) Move the FSMO Roles?

GUI tools* or NTDSUtil is actually easier when
moving all 5 roles.

* All three of:
AD Users and Computers
AD Domains and Trusts
AD Schema Editor

d) Move DNS?

Build another copy of the Zone (AD Integrated or
just a Secondary) to transfer this to another DNS
server.

e) Move DHCP?

If you have enough addresses to spare it is easier
to just create a new DCHP server and scope with
different addresss range. Moving it possible but
a pain.

The problem is to know what to expect.

Probably no problems. AD is very resilient; most
AD 'problems' are actually DNS issue.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

 

[Guest]

On that W2k DC, do the following :

a) install W2k support tools.

b) Download MPSReports tool from microsoft.com.....the file is
mpsrpt_dirsvc.exe.....this will generate some logs.

c) Navigate to C:\windows\MPSReports and check the following logs : DCdiag,
Netdiag, GPResult and Regentries.txt.

In DCdiag and Netdiag, check for failures. In GPResult, check for the
Default domain policy and Default domain controllers policies are getting
applied or not.

In regentries.txt, check for the following keys : restrictanonymous->0 or 1,
never 2.

crashonauditfail->should be 0


These will tell you if ur AD is in good shape. The MPS reports are good for
this purpose. Once you determine everything is fine, go ahead and install W2k
on a new hardware and join it to the domain as a member server. Run Dcpromo
on that and promote it into a domain controller. Once it replicates with the
other box, you can dcpromo down the old server and if you don't want it to
stay in the network, you can take it off the network.

Hope this information helps ).