New Server BUT now "fresh" Users!! :(

  • Thread starter Thread starter Dan
  • Start date Start date
D

Dan

Hi all!

I have just implemented a new server (Win2k)
I configured the server from scratch duplicating
(manually) all settings of DHCP, DNS, AD etc etc.

While i need to "unjoin" then "join" the domain on each
client PC so the PC's get added to the new servers
AD "Computers" list.
My issue is even though all users, permissions, shares,
data etc is exactly the same and i can get the user to log
in. It is as if the use is "brand new".

Ie all "documents and settings" info for that users is no
longer acessable.....under "documents and settings" on
each client PC a new folder is created with blank data.

I tried copying over this data with no luck, it just
creates a new clean directory.

Can anyone help with this issue and somehow "force" or
something so each client PC's login will appear the same
as with the old server.

Thanks

Danny
 
Every domain and every object (user, computer, group, etc) in a domain has a
long number called a SID, which identifies the user. It's the SID that
Windows uses to decide which user is which, not the username. So, these new
users are just that. They just happen to have the same names as some other
users that existed in another domain.

One solution to getting the profiles copied over is this:

Log in as your new user on their old machine joined to the new domain. Take
a note of the profile directory that's in use (echo %userprofile%) and then
log out. Reboot the machine and log in as an administrator.

Go to the user profiles dialogue under My Computer | Properties and use the
"copy to" feature to copy the old profile over the new one. Make sure you
reset the "permitted to use" field, as this will ensure that the permissions
(both on the files and on the ntuser.dat registry hive) are correct for the
new user.

Then you should be able to log on as the new user while retaining the old
user's settings.

It's a good idea to have at least two DCs in every domain. If your single
DC fails, not only will nobody be able to log in until you get a new machine
up and running, but you'll either have to restore AD from backup or go
through all this hassle again. Windows Server 2003 makes it much easier to
restore a domain controller from your system state backup (you are doing one
of them, right?), but even so you don't want to have to restore from tape
unless you can help it.

Regards

Oli
 
Thanks for the reply.

I figured as much.....stupid me :) hehe

I have put the old server back in (all is working fine as
i only "stuffed" round with 1 client machine (all others
were off being a Sunday...lucky))

Im going to attack it again tomorrow but to avoid having
to stuff round on each client machine i will take another
approach, which do you think is better?

Firstly both Servers are Windows 2000...... yes i know
but it was hard enuf getting em to spring for a proper
Dell server (the existing server is just a crap
desktop "no name" system)....let alone upgrade OS to
2003....not a huge demanding network 2k does the job.

Option one is to backup the orignal server and use
http://support.microsoft.com/?kbid=249694 to restore on
the new system. There is also
http://support.microsoft.com/default.aspx?scid=kb;en-
us;263532&Product=win2000
Which relates.

This seems perhaps the "simplest" way though does concern
me a little..... opinions?

Other option is to remove the AD setup from the new
server and disable DHCP and DNS settings temporarly.
Then install/add the AD to the new server "adding" it as
a 2nd Backup DC to the existing server. My understanding
is it should the gather the AD info over the network of
the existing server. I can then use "dcpromo" and demote
the orignial server, which as i understand should
automaticly then move the PDC roles over to the new
server?

From there i should be able to disconnect the orignal
server from the network (ensuring all data is copied) and
then rename the NEW server to the old servers name
ie "SERVER", change the IP to the old servers IP, enabled
DHCP and DNS with the same settings as he orignal server
(which im pretty sure i have right) and then it should
work?

Do i have a clue or no idea? haha?

Which option do you think is best for a novice,
the "backup' and "restore" or the AD transition thingy?

The old server is P4 2.4 on crap ECS MB with PCI Raid IDE
(2 drives Mirrored) IDE tape (travan ewww).
New system is Dell 1600SC 2.8P4 Xeon 3x 74gb SCSI (Raid5)
DAT72 SCSI tape etc.

I'd image maybe some hardware issues with "restore"
option?
Im leaning toward this as it does not involve "any"
possibly to stuff up the existing server....where when
in "demote" the existing server something could go wrong
or similar?

Ideas apreaciated.....thanks again for ya time.
 
I would dcpromo the new server into the existing domain, but leave the
existing server there as a backup DC (assuming you have an extra license, of
course).

Another tip here is to make sure your DNS is AD-integrated. Point your new
server's DNS to the old one, dcpromo it into the domain and add the DNS
Server component to the new machine. At this point, check that the DNS
records are on the new server. Then, change the DNS settings in TCP/IP to
point to itself and reboot. Then, make the new server a global catalogue
and transfer the FSMO roles to the new box. I'd be inclined to leave the
old server running for a few days just to make sure your backup routines for
the new server are working properly and that everything's OK. Then, you can
dcpromo the old server out of the domain if you wish.

I wouldn't try a backup and restore to the new server. You'll run into
hardware issues and it's unlikely to boot.

Hope this helps

Oli
 
Thanks for the reply. Sounds like the way to go.

One final question.
Say the current server is called "SERVER" 192.168.0.1
say i rename the new server to "NEWSERVER" 192.168.0.150

I then join it to the domain as discussed and all AD info
is replicated across.

When i then DEMOTE (using dcpromo) the existing server so
the new server is the then PDC taking over the roll of
the old (and the possibly later dcpromo the old out of
being a DC at all), will i NOT then be able to rename the
NEW server to SERVER? (and change IP to 192.168.0.1)?

Im guessing this is the case, which will no doubt cause
issues with mapped drives/shares amoungst other things?



-----Original Message-----
I would dcpromo the new server into the existing domain, but leave the
existing server there as a backup DC (assuming you have an extra license, of
course).

Another tip here is to make sure your DNS is AD- integrated. Point your new
server's DNS to the old one, dcpromo it into the domain and add the DNS
Server component to the new machine. At this point, check that the DNS
records are on the new server. Then, change the DNS settings in TCP/IP to
point to itself and reboot. Then, make the new server a global catalogue
and transfer the FSMO roles to the new box. I'd be inclined to leave the
old server running for a few days just to make sure your backup routines for
the new server are working properly and that
Click to expand...
everything's OK. Then, you can
 
You won't be able to rename a Windows 2000 domain controller, unfortunately.

Oli
 
Seems that way.
I have found this:
http://support.microsoft.com/default.aspx?scid=kb;en-
us;296592&Product=win2000

Which requires removing from the DC, renaming the
rejoining the DC.

BUT as the current server is called "server". I would
have to join the "newserver" to the domain. remove the
old from the domain at which point all domain control
should be handed over to new server. Then change the
name of the old server, join it to the domain again,
remove the new server from the domain, rename, then
rejoin.

Seems an awful lot of possiblity for stuff up :) haha

I think i'll try the "restore" option first. At worst it
will stuff up the new server if im unlucky and i'll have
to reload it......at best it will work exactly as the
existing server with correct name etc :)

Either way the original server will be 100% untouched and
there to connect backup if need be.
 
Back
Top