AD Upgrade Question

M

msadexchman

Hello,

We have a native multi site W2K AD environment. Our hub site has two W2K
DC's which are running on aging hardware. We've purchased two new servers
and have Windows 2003 Server running on them. We would like to upgrade our
AD to Windows 2003 by adding these two new servers as 2k3 CD's and
decommisioning the existing 2 DC's. What process would I follow? Don't I
run adprep first on the schema master? One of the two existing DC's is
holding all 5 FSMO roles and we would like to transfer them to the 2 new
DC's (so we can seperate the Infrastructur Master from the GC server). At
what point can we raise the domain functional level to Windows 2003? After
the OS has been upgraded to 2003 on all our remote site W2K DC's?

If anyone who has been in this situation can shed some light, I'd appreciate
it. I also heard that you should disable outbound replication on the DC
that is becoming the first W2K3 box in case something goes wrong?

Thanks
 
A

Ace Fekay [MVP]

In
msadexchman said:
Hello,

We have a native multi site W2K AD environment. Our hub site has two
W2K DC's which are running on aging hardware. We've purchased two
new servers and have Windows 2003 Server running on them. We would
like to upgrade our AD to Windows 2003 by adding these two new
servers as 2k3 CD's and decommisioning the existing 2 DC's. What
process would I follow? Don't I run adprep first on the schema
master? One of the two existing DC's is holding all 5 FSMO roles and
we would like to transfer them to the 2 new DC's (so we can seperate
the Infrastructur Master from the GC server). At what point can we
raise the domain functional level to Windows 2003? After the OS has
been upgraded to 2003 on all our remote site W2K DC's?
If anyone who has been in this situation can shed some light, I'd
appreciate it. I also heard that you should disable outbound
replication on the DC that is becoming the first W2K3 box in case
something goes wrong?
Thanks

Rather easy, just time consuming.

I just posted something similar for someone else:
============================
Do you have Exchange 2000 in use?
If so, you may get an error running adprep/forest prep beacuse of mangled
attributes, follow this article:

Windows Server 2003 adprep -forestprep Command Causes Mangled Attributes in
Windows 2000 Forests That Contain Exchange 2000 Servers:
http://support.microsoft.com/default.aspx?scid=kb;en-us;314649

You should upgrade the machine that holds the token for the the Schema
Master and Domain Name Master. If you don't want to upgrade it (say if it's
too old), then run the adprep /forestprep on the existing Schema Master,
then install a fresh DC with 2003, then move those roles over to it. Don't
forget the GC as well. After that, you can choose any order you like.

More info:
How to upgrade Windows 2000 domain controllers to Windows Server 2003:
http://support.microsoft.com/default.aspx?scid=kb;en-us;325379

Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003
Domain:
http://support.microsoft.com/default.aspx?scid=kb;en-us;555040

This just a summary. There are numerous other scenarios and issues as well,
depending on what else has been installed, and if the Schema has been
altered by other non-Microsoft programs, which can cause issues.
============================



Also take a look at this by Jorge:
http://blogs.dirteam.com/blogs/jorge/archive/2005/11/19/110.aspx



As far as the FSMO, I mentioned the DNM and SM, and moving the GC over to
the machine that is the DNM. After that you can transfer the other roles,
which will be no problem, and highly recommended. Move DNS over to the new
ones too by installing DNS, then just wait for the next replication, and the
zone auto appears in DNS. Then uninstall (don't delete the zones) off the
2000 DCs. If you delete the zone, then it removes it from AD. Don't mess
with the zone replication scopes yet until after the current 2000 DNS
servers have been uninstalled. THen you can change the scope. Then after
you've verified everything's operational and working, demote the old DCs.
Once ALL of the 2000 are gone, you can raise the level to 2003 for the
domain and forest.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.

It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only thing in life is change. Anything more is a blackhole consuming
unnecessary energy. - [Me]
 
M

msadexchman

Much appreciated !
Ace Fekay said:
In
msadexchman said:
Hello,

We have a native multi site W2K AD environment. Our hub site has two
W2K DC's which are running on aging hardware. We've purchased two
new servers and have Windows 2003 Server running on them. We would
like to upgrade our AD to Windows 2003 by adding these two new
servers as 2k3 CD's and decommisioning the existing 2 DC's. What
process would I follow? Don't I run adprep first on the schema
master? One of the two existing DC's is holding all 5 FSMO roles and
we would like to transfer them to the 2 new DC's (so we can seperate
the Infrastructur Master from the GC server). At what point can we
raise the domain functional level to Windows 2003? After the OS has
been upgraded to 2003 on all our remote site W2K DC's?
If anyone who has been in this situation can shed some light, I'd
appreciate it. I also heard that you should disable outbound
replication on the DC that is becoming the first W2K3 box in case
something goes wrong?
Thanks

Rather easy, just time consuming.

I just posted something similar for someone else:
============================
Do you have Exchange 2000 in use?
If so, you may get an error running adprep/forest prep beacuse of mangled
attributes, follow this article:

Windows Server 2003 adprep -forestprep Command Causes Mangled Attributes
in
Windows 2000 Forests That Contain Exchange 2000 Servers:
http://support.microsoft.com/default.aspx?scid=kb;en-us;314649

You should upgrade the machine that holds the token for the the Schema
Master and Domain Name Master. If you don't want to upgrade it (say if
it's
too old), then run the adprep /forestprep on the existing Schema Master,
then install a fresh DC with 2003, then move those roles over to it. Don't
forget the GC as well. After that, you can choose any order you like.

More info:
How to upgrade Windows 2000 domain controllers to Windows Server 2003:
http://support.microsoft.com/default.aspx?scid=kb;en-us;325379

Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003
Domain:
http://support.microsoft.com/default.aspx?scid=kb;en-us;555040

This just a summary. There are numerous other scenarios and issues as
well,
depending on what else has been installed, and if the Schema has been
altered by other non-Microsoft programs, which can cause issues.
============================



Also take a look at this by Jorge:
http://blogs.dirteam.com/blogs/jorge/archive/2005/11/19/110.aspx



As far as the FSMO, I mentioned the DNM and SM, and moving the GC over to
the machine that is the DNM. After that you can transfer the other roles,
which will be no problem, and highly recommended. Move DNS over to the new
ones too by installing DNS, then just wait for the next replication, and
the zone auto appears in DNS. Then uninstall (don't delete the zones) off
the 2000 DCs. If you delete the zone, then it removes it from AD. Don't
mess with the zone replication scopes yet until after the current 2000 DNS
servers have been uninstalled. THen you can change the scope. Then after
you've verified everything's operational and working, demote the old DCs.
Once ALL of the 2000 are gone, you can raise the level to 2003 for the
domain and forest.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows
you to easily find, track threads, cross-post, sort by date, poster's
name, watched threads or subject.

It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only thing in life is change. Anything more is a blackhole consuming
unnecessary energy. - [Me]
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top