Replacing running Win2000 DC with new Win2003 DC

[Peter Zzzz]

Hello.

My company need a new DC. The current DC is Win2000 running on old
workstation hardware. We have discussed replacing it with a Win2003 DC
running on new 'server' hardware.

Could anyone please give me a quick run down on what i need to do. You don't
have to go into details, but i would like to get the 'big picture' before i
gwet started.

- Win2000 machine is still running.
- Win2000 is just DC, not DNS-server nor DHCP server.
- Upgrading is not an option.

- I expect Win2003 to become DC, fileserver and print server.
- Win2000 DC will go away when Win2003 is running.


Best regards.

Peter Zzzz.

 

[myweb]

Hello Peter,

The point is, we have to go a littlebit in detail. DC without DNS is not
possible. Active directory is based on DNS. It must be an DNS server if it
is a Domain controller.
If you are sure with this, then let see how it's going on. Check your DNS
first! Really IMPORTANT!!!


Best regards

myweb
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.

 

[Mike Shepperd]

Buy the new 2003 server
Install Windows
Join the Domain
Run DCPROMO to promote it as a DC
Transfer the FSMO roles:
http://support.microsoft.com/kb/324801
Run DCPROMO on the old server to demote it
Join the old DC (now a member server) to a workgroup (remove from the
domain)
Turn off the old server and recycle.

--

Mike Shepperd
Sunfire Solutions LLC
Seattle, WA

[This posting is provided AS-IS, with no warranties and confers no rights]

 

[Mike Shepperd]

Well, the DC doesn't have to be running DNS (though it frequently is with
SBS), but you DO have to have a good DNS server internally. If you don't
have DNS name resolution working internally you won't be able to join the
domain by FQDN or to Transfer FSMO roles, or to Replicate, or to Demote the
other server...

You get the idea. You must have good DNS name resolution between all
servers and clients in the domain.

--

Mike Shepperd
Sunfire Solutions LLC
Seattle, WA

[This posting is provided AS-IS, with no warranties and confers no rights]

 

[Danny Sanders]

What you are doing is upgrading your domain from Win 2k to Win 2k3. It will
involve a schema update.

See:
http://support.microsoft.com/kb/555040/en-us


hth
DDS

Buy the new 2003 server
Install Windows
Join the Domain
Run DCPROMO to promote it as a DC
Transfer the FSMO roles:
http://support.microsoft.com/kb/324801
Run DCPROMO on the old server to demote it
Join the old DC (now a member server) to a workgroup (remove from the
domain)
Turn off the old server and recycle.

--

Mike Shepperd
Sunfire Solutions LLC
Seattle, WA

[This posting is provided AS-IS, with no warranties and confers no rights]

Hello.

My company need a new DC. The current DC is Win2000 running on old
workstation hardware. We have discussed replacing it with a Win2003 DC
running on new 'server' hardware.

Could anyone please give me a quick run down on what i need to do. You
don't have to go into details, but i would like to get the 'big picture'
before i gwet started.

- Win2000 machine is still running.
- Win2000 is just DC, not DNS-server nor DHCP server.
- Upgrading is not an option.

- I expect Win2003 to become DC, fileserver and print server.
- Win2000 DC will go away when Win2003 is running.


Best regards.

Peter Zzzz.

 

[Herb Martin]

Hello.

My company need a new DC. The current DC is Win2000 running on old
workstation hardware. We have discussed replacing it with a Win2003 DC
running on new 'server' hardware.

Could anyone please give me a quick run down on what i need to do. You
don't have to go into details, but i would like to get the 'big picture'
before i gwet started.

Others have helped with your exact question but we really need
to point out that you SHOULD have at least two DCs or exceptionally
good and regular backups....

- Win2000 machine is still running.
- Win2000 is just DC, not DNS-server nor DHCP server.

Where is the DNS Server? You must have a DNS server with
a "Dynamic Zone" for the same name as the AD. Usually this
best runs ON the DC. Although not a requirement, this is
especially true of a SMALL network.

- Upgrading is not an option.

Why not? Upgrading is slightly easier and most people who
think they cannot upgrade really can.

- I expect Win2003 to become DC, fileserver and print server.
- Win2000 DC will go away when Win2003 is running.

Why?

Two DCs are better than one.

 

[Enkidu]

Hello Peter,

The point is, we have to go a little bit in detail. DC without DNS is not
possible. Active directory is based on DNS. It must be an DNS server if
it is a Domain controller.

NO NO NO NO NO NO!

A DC does not have to be a DNS server!! You just have to have at least a
Windows2000 DNS service available. The DNS can be running on W2k member
servers if you want and this can be very useful in migration situations.

Strictly speaking the DNS does not even have to run on Windows, provided
it supports a few special DNS record types and optionally dynamic updates.

If you are sure with this, then let see how it's going on. Check your
DNS first! Really IMPORTANT!!!

DNS is very important. However he is already running an Active Directory
domain since his existing DC is Windows 2000, so his DNS (where ever it
is) is almost certainly OK.

Cheers,

Cliff

 

[Ryan Hanisco]

Peter,

I would still recommend checking DNS. If the assumption that running
Windows 2000 and DNS made it likely to be healthy were true, 75% of the
postings to the Active Directory group would be gone.

While it is probable that everything is ok, it is well worth looking at
the DNS health even with one DC in the mix. The short amount of time
that takes, is worth every second as the troubleshooting in a bad
situation can be so much more painful.

At the very least, run DC Diag and Net Diag to look for obvious problems
and deal with any bad events hitting the Event log.

And I agree with Herb (whom I learn from all the time). Keep the 2000
DC in the mix as two is most certainly better than one. Yes, there are
security and functionality compromises by not being in 2003 domain/
forest functional mode, but with one site and on a modest budget, the
savings brought by the stability is worth it. Just get any apps you
might have off of the old DC.

Ryan Hanisco
FlagShip Integration Services

 

[myweb]

Hello Enkidu,


Got it guys!

Best regards

myweb
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.

 

[Enkidu]

I agree, Ryan, but that 75% is probably only a sub-decimal proportion of
the population of AD setups! I react strongly to the assertion that DNS
is somehow tied to DCs. A lot of DNS problems become simpler if the DNS
setup is considered *separately* from the AD setup.

Cheers,

Cliff

 

[Enkidu]

Great! Thanks for taking it so well, and sorry to be so hard on you.
That particular mistake (and it is SOOOO common) really presses my
button. Sorry about that. My prob, not yours....

Cheers,

Cliff

 

[Peter Zzzz]

Many thanks to Mike and Danny.

That was exactly the kind of info i needed. I feel confident that I can read
up on how to do DCPROMO.

I guess I kind of gave to litlle info. Just look at the discussion about DNS
servers. So i better try to fix that. ....

Network contain a mix of computeres. Some running Windows and some runining
L.... Ouuchh I almost used the L-word. Is that legal in here ???
We do have both DNS and DHCP, but they are running on the L-stuff. ... Not
my decission , I just started in the company 4 months ago.

Current DC is running on old hardware... I guess it's a retired worlstation
at least 8 years old. Only 1 IDE disk, that crashed a few moths ago. Had to
reinstall and rebuild the DC. No back-up of old stuff existed.
I'm not a trained / experienced Admin and I just need the transition to be
smooth.

Just one question though . When installing win2003 on new server, shall I
install AD on that ?


Best Regards & thanks
Peter

What you are doing is upgrading your domain from Win 2k to Win 2k3. It
will involve a schema update.

See:
http://support.microsoft.com/kb/555040/en-us


hth
DDS

Buy the new 2003 server
Install Windows
Join the Domain
Run DCPROMO to promote it as a DC
Transfer the FSMO roles:
http://support.microsoft.com/kb/324801
Run DCPROMO on the old server to demote it
Join the old DC (now a member server) to a workgroup (remove from the
domain)
Turn off the old server and recycle.

--

Mike Shepperd
Sunfire Solutions LLC
Seattle, WA

[This posting is provided AS-IS, with no warranties and confers no
rights]

Hello.

My company need a new DC. The current DC is Win2000 running on old
workstation hardware. We have discussed replacing it with a Win2003 DC
running on new 'server' hardware.

Could anyone please give me a quick run down on what i need to do. You
don't have to go into details, but i would like to get the 'big picture'
before i gwet started.

- Win2000 machine is still running.
- Win2000 is just DC, not DNS-server nor DHCP server.
- Upgrading is not an option.

- I expect Win2003 to become DC, fileserver and print server.
- Win2000 DC will go away when Win2003 is running.


Best regards.

Peter Zzzz.

 

[Peter Zzzz]

Hello Herb.

Thanks for answering.

Old hardware is OOOlddd. At leat 8 years. Retired workstation with only one
IDE HD. I really doubt that it will be able to handle Win2003. Thats why I
don't think upgrading is possible. I believe old hardware is ready for the
'secret computer burial grounds'.

I will consider keeping the old DC running to support new DC.

New setup should include backup options.

DNS and DHCP is running on linux based servers.

Bets regards & thanks.

Peter

Hello.

My company need a new DC. The current DC is Win2000 running on old
workstation hardware. We have discussed replacing it with a Win2003 DC
running on new 'server' hardware.

Could anyone please give me a quick run down on what i need to do. You
don't have to go into details, but i would like to get the 'big picture'
before i gwet started.

Others have helped with your exact question but we really need
to point out that you SHOULD have at least two DCs or exceptionally
good and regular backups....

- Win2000 machine is still running.
- Win2000 is just DC, not DNS-server nor DHCP server.

Where is the DNS Server? You must have a DNS server with
a "Dynamic Zone" for the same name as the AD. Usually this
best runs ON the DC. Although not a requirement, this is
especially true of a SMALL network.

- Upgrading is not an option.

Why not? Upgrading is slightly easier and most people who
think they cannot upgrade really can.

- I expect Win2003 to become DC, fileserver and print server.
- Win2000 DC will go away when Win2003 is running.

Why?

Two DCs are better than one.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

Best regards.

Peter Zzzz.

 

[Herb Martin]

Hello Herb.

Thanks for answering.

Old hardware is OOOlddd. At leat 8 years. Retired workstation with only
one IDE HD. I really doubt that it will be able to handle Win2003. Thats
why I don't think upgrading is possible. I believe old hardware is ready
for the 'secret computer burial grounds'.

Upgrade isn't impossible in that case but you really
should consider a new DC to help anyway.

(Machines can be migrated then upgraded to new hardware
too -- or upgraded then migrated if upgrade works.)

I will consider keeping the old DC running to support new DC.
New setup should include backup options.

DNS and DHCP is running on linux based servers.

DNS for AD should generally be on your DCs, especially
for small domains. (Dynamic "Secure Updates Only" is
the main reason.)


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

Bets regards & thanks.

Peter

Hello.

My company need a new DC. The current DC is Win2000 running on old
workstation hardware. We have discussed replacing it with a Win2003 DC
running on new 'server' hardware.

Could anyone please give me a quick run down on what i need to do. You
don't have to go into details, but i would like to get the 'big picture'
before i gwet started.

Others have helped with your exact question but we really need
to point out that you SHOULD have at least two DCs or exceptionally
good and regular backups....

- Win2000 machine is still running.
- Win2000 is just DC, not DNS-server nor DHCP server.

Where is the DNS Server? You must have a DNS server with
a "Dynamic Zone" for the same name as the AD. Usually this
best runs ON the DC. Although not a requirement, this is
especially true of a SMALL network.

- Upgrading is not an option.

Why not? Upgrading is slightly easier and most people who
think they cannot upgrade really can.

- I expect Win2003 to become DC, fileserver and print server.
- Win2000 DC will go away when Win2003 is running.

Why?

Two DCs are better than one.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

Best regards.

Peter Zzzz.

 

[Danny Sanders]

Just one question though . When installing win2003 on new server, shall I

install AD on that ?

Yes. You run dcpromo to install AD. The installation of AD is what changes a
member/standalone server into a domain controller.

hth
DDS

Many thanks to Mike and Danny.

That was exactly the kind of info i needed. I feel confident that I can
read up on how to do DCPROMO.

I guess I kind of gave to litlle info. Just look at the discussion about
DNS servers. So i better try to fix that. ....

Network contain a mix of computeres. Some running Windows and some
runining L.... Ouuchh I almost used the L-word. Is that legal in here
???
We do have both DNS and DHCP, but they are running on the L-stuff. ... Not
my decission , I just started in the company 4 months ago.

Current DC is running on old hardware... I guess it's a retired
worlstation at least 8 years old. Only 1 IDE disk, that crashed a few
moths ago. Had to reinstall and rebuild the DC. No back-up of old stuff
existed.
I'm not a trained / experienced Admin and I just need the transition to be
smooth.

Just one question though . When installing win2003 on new server, shall I
install AD on that ?


Best Regards & thanks
Peter

What you are doing is upgrading your domain from Win 2k to Win 2k3. It
will involve a schema update.

See:
http://support.microsoft.com/kb/555040/en-us


hth
DDS

Buy the new 2003 server
Install Windows
Join the Domain
Run DCPROMO to promote it as a DC
Transfer the FSMO roles:
http://support.microsoft.com/kb/324801
Run DCPROMO on the old server to demote it
Join the old DC (now a member server) to a workgroup (remove from the
domain)
Turn off the old server and recycle.

--

Mike Shepperd
Sunfire Solutions LLC
Seattle, WA

[This posting is provided AS-IS, with no warranties and confers no
rights]


Hello.

My company need a new DC. The current DC is Win2000 running on old
workstation hardware. We have discussed replacing it with a Win2003 DC
running on new 'server' hardware.

Could anyone please give me a quick run down on what i need to do. You
don't have to go into details, but i would like to get the 'big
picture' before i gwet started.

- Win2000 machine is still running.
- Win2000 is just DC, not DNS-server nor DHCP server.
- Upgrading is not an option.

- I expect Win2003 to become DC, fileserver and print server.
- Win2000 DC will go away when Win2003 is running.


Best regards.

Peter Zzzz.

 

[Enkidu]

Upgrade isn't impossible in that case but you really should consider
a new DC to help anyway.

(Machines can be migrated then upgraded to new hardware too -- or
upgraded then migrated if upgrade works.)


DNS for AD should generally be on your DCs, especially for small
domains.

Hmm, I've generally favoured separate DNS for small Domains. Why do you
say that, Herb?

(Dynamic "Secure Updates Only" is the main reason.)

Replication of DNS changes is another, and maybe the main reason people
use integrated DNS, perhaps?

Cheers,

Cliff

 

[Herb Martin]

DNS for AD should generally be on your DCs, especially for small

Hmm, I've generally favoured separate DNS for small Domains. Why do you
say that, Herb?

For many reasons, starting with the increased security
of a DC running AD Integrated DNS, the better replication,
and the practical fact that most "small" domains don't have
additional servers they can devote to DNS.

But not excluding even minor features such as DCPromo
will setup DNS automatically for those who are new to
DNS (and AD.)

 

[Peter Zzzz]

Thanks * 1000 to Shaibal.

Could'nt ask for a better description.

Best regards
Peter.

The following steps you need to follow :

a) Install W2k3 on a new hardware.

b) Join it to the domain as a member server.

c) On the W2k DC, put in cd and run adprep /forestprep (updates
configuration and schema partitions) first, then when it finishes, run
adprep
/domainprep on it.

d) run dcpromo on the W2k3 member server.

e) Make it a GC...check after 5 minutes with ldp->connect to port
3268->check for value Is_Global_Catalog_Ready->True, or run nltest
/dsgetdc:domain name /gc /force and check the keys...if you see GC, then
its
advertising as a GC.

f) force a replication from W2k DC using cmd : repadmin /syncall domain
name->u should see "syncall terminated with no errors".

g) Once replication is finished, run dcpromo on W2k DC to demote it.

h) On new W2k3 DC, run netdom query fsmo and check to see if its
advertising
all fsmo roles.

i) Run a dcdiag /v and netdiag /v and make sure they are clean.

j) Once all this is done, your new W2k3 DC will be roaring to go ).

Many thanks to Mike and Danny.

That was exactly the kind of info i needed. I feel confident that I can
read
up on how to do DCPROMO.

I guess I kind of gave to litlle info. Just look at the discussion about
DNS
servers. So i better try to fix that. ....

Network contain a mix of computeres. Some running Windows and some
runining
L.... Ouuchh I almost used the L-word. Is that legal in here ???
We do have both DNS and DHCP, but they are running on the L-stuff. ...
Not
my decission , I just started in the company 4 months ago.

Current DC is running on old hardware... I guess it's a retired
worlstation
at least 8 years old. Only 1 IDE disk, that crashed a few moths ago. Had
to
reinstall and rebuild the DC. No back-up of old stuff existed.
I'm not a trained / experienced Admin and I just need the transition to
be
smooth.

Just one question though . When installing win2003 on new server, shall I
install AD on that ?


Best Regards & thanks
Peter

What you are doing is upgrading your domain from Win 2k to Win 2k3. It
will involve a schema update.

See:
http://support.microsoft.com/kb/555040/en-us


hth
DDS
"Mike Shepperd" <newsgroups a t sunfiresolutions d o t com> wrote in
message Buy the new 2003 server
Install Windows
Join the Domain
Run DCPROMO to promote it as a DC
Transfer the FSMO roles:
http://support.microsoft.com/kb/324801
Run DCPROMO on the old server to demote it
Join the old DC (now a member server) to a workgroup (remove from the
domain)
Turn off the old server and recycle.

--

Mike Shepperd
Sunfire Solutions LLC
Seattle, WA

[This posting is provided AS-IS, with no warranties and confers no
rights]


Hello.

My company need a new DC. The current DC is Win2000 running on old
workstation hardware. We have discussed replacing it with a Win2003
DC
running on new 'server' hardware.

Could anyone please give me a quick run down on what i need to do.
You
don't have to go into details, but i would like to get the 'big
picture'
before i gwet started.

- Win2000 machine is still running.
- Win2000 is just DC, not DNS-server nor DHCP server.
- Upgrading is not an option.

- I expect Win2003 to become DC, fileserver and print server.
- Win2000 DC will go away when Win2003 is running.


Best regards.

Peter Zzzz.