AD/DC * GC switch

[pskibitzki]

I have 3 Domain Controllers under a single domain that
are replicating. The primary AD/DC & GC is W2k(Also is
inside DNS Server). The second is a W2K, the Third is a
Win 2003 Server. I want to switch my Win 2003 to my
primary AD/DC & GC but retain the current AD as a
replication DC & DNS server. What is the easiet and most
painless way to acomplish this task? I would do in place
upgrades of the (2) w2k Servers but the are upgrades from
NT4 with 4gig primary partitions and several other drive
letter partitions which could get messy.

 

[Cary Shultz [A.D. MVP]]

I am not sure that I follow your question.

You have three DCs in a single domain / tree / forest. Two of them are
WIN2000 DCs and the third one is WIN2003. I assume by this that you have
'upgraded' the schema by running 'adprep /forestprep' and 'adprep
/domainprep' on the WIN2000 DC that holds the FSMO Role of Schema Master and
Infrastructure Master, respectively.

It sounds to me like you are interested in upgrading the two WIN2000 DCs to
WIN2003 but are concerned about the C:\ partition and space. Is this
accurate?

Cary

 

[pskibitzki]

I have update the schema by running adprep and forest
prep. I want to make the Win 2003 the GC and AD server so
that I can take the old AD box offline and do some major
clean up without causing down time to users.

 

[Cary Shultz [A.D. MVP]]

Okay,

Thank you for the clarification. This is what I thought but wanted to make
sure.

Unless there is something that I am missing ( due to the fact that I have
not played with WIN2003 a whole lot ) and someone else can correct me, if
you have the three domain controllers you should not have any problems.
Let's use an example.

Let's call the two WIN2000 Domain Controllers W2KDC01 and W2KSC02 and the
one WIN2003 Domain Controller W2K3DC01. It looks like W2KDC01 is the big
gun - probably holds all five FSMO Roles ( Schema Master, Domain Naming
Master, PDC Emulator, RID Master and Infrastructure Master ) as well as
being the Global Catalog Server and the DNS Server. Since you did not
mention any other services that these DCs offer ( such as DHCP, file and
print, etc. ) let's go assume that another server / device takes care of
them. Should this not be the case you will simply need to make sure that
you move that 'service' to another DC / Server.

I would start by transferring the five FSMO Roles from W2KDC01 to W2K3DC01.
The key word is transfer. A bit of information: there are two
possibilities - transfer and seize. You only seize the FSMO Roles when the
DC that held them went down in an ungraceful manner and is no longer
available so that you could transfer the roles to another DC. So, since
this is not the case you would transfer them.

Please look at the following two articles on how to do this:

Using ntdsutil to transfer / seize roles:
http://support.microsoft.com/?id=255504

Using the GUI to transfer roles:
http://support.microsoft.com/?id=255690

The second thing that I would do is to make the two other Domain Controllers
Global Catalog Servers. I would opt for this situation vs. simply making
W2K3DC01 a Global Catalog due to the fact that you have a smaller
environment in a single domain / tree / forest in one physical Site. In
cases like this it is often advisable to make all of your Domain Controllers
a Global Catalog Server. A bit of information: if you should ever add
another Domain in your environment ( for example, a Child Domain ) you will
need to make sure that either all of your DCs are indeed made a Global
Catalog Server -OR- that the DCs that hold the domain-wide FSMO role of
Infrastructure Master are not Global Catalog Servers.

Please look at the following article on how to do this:

Creating / Moving a Global Catalog Server:
http://support.microsoft.com/?id=313994

The third thing that I would do ( and this is a part where I am not sure ) I
would either make all three of your DCs a DNS Server -OR- make just W2K3DC01
your DNS Server and make sure to use Active Directory Integrated DNS ( aka
Dynamic DNS aka DDNS ). Make sure that you update the device ( either
Server or Firewall/Router ) to include this information so that your clients
will have this very important updated information. Generally speaking it is
better to have multiple DNS Servers than to have only one - where possible.

The fourth thing that I would do would be to make sure that any other
services ( DHCP, File and Print, etc. ) is moved to another Server / DC.

HTH,

Cary