Migrating to a new server

[Paul Smith]

Migrating to a new server

Hi guys/dolls

I am on the verge of migrating from my old windows 2000 server to a windows
2003 server (why not 2008?) in a few days. Actually all I will be doing is
creating a new active directory user database and move the data from one
server to another. Also I would like to do this procedure whilst users are
working on the old server without having to turn off anything ie: migrating
a user one by one.

Problem is how will I be able to create a new domain and be able to move the
data from a domain to another, and be able to retain admin permissions. Can
you perhaps suggest some tips how I can perform this procedure with minimal
problems in the way?

Many thanks
Paul Archibald Smith

 

[Meinolf Weber]

Hello Paul,

Will you change the domain name, because you talk about a new AD database
and new domain?

See here for 2003:
http://www.microsoft.com/downloads/...70-3BBB-4B9E-A8BC-01E9F7EF7342&displaylang=en

http://www.microsoft.com/downloads/...7B-533A-466D-A8E8-AFF85AD3D212&displaylang=en

for 2008:
http://www.microsoft.com/downloads/...19-1BA5-41CA-B2F3-C11BCB4857AF&displaylang=en

http://www.microsoft.com/downloads/...01-7DCA-413C-A9D2-B42DFB746059&displaylang=en


If not see this for 2003:

!!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOU DATA/MACHINE!!!

One question first:
Is the old server also Exchange server and will it be taken out of the domain
forever, when the new server is running?

- On the old server open DNS management console and check that you are running
Active directory integrated zone (easier for replication, if you have more
then one DNS server)

- run replmon from the run line or repadmin /showrepl, dcdiag and netdiag
from the command prompt on the old machine to check for errors, if you have
some post the complete output from the command here or solve them first.
For this tools you have to install the support\tools\suptools.msi from the
2000 or 2003 installation disk.

- run adprep /forestprep and adprep /domainprep from the 2003 installation
disk against the 2000 server, with an account that is member of the Schema
admins, to upgrade the schema to the new version

- Install the new machine as a member server in your existing domain

- configure a fixed ip and set the preferred DNS server to the old DNS server
only

- run dcpromo and follow the wizard to add the 2003 server to an existing
domain

- if you are prompted for DNS configuration choose Yes (also possible that
no DNS preparation occur), then install DNS after the reboot

- for DNS give the server time for replication, at least 15 minutes. Because
you use Active directory integrated zones it will automatically replicate
the zones to the new server. Open DNS management console to check that they
appear

- if the new machine is domain controller and DNS server run again replmon,
dcdiag and netdiag on both domain controllers

- if you have no errors, make the new server Global catalog server, open
Active directory Sites and Services and then double-click sitename, double-click
Servers, click your domain controller, right-click NTDS Settings, and then
click Properties, on the General tab, click to select the Global catalog
check box (http://support.microsoft.com/?id=313994)

- Transfer, NOT seize the 5 FSMO roles to the new Domain controller (http://support.microsoft.com/kb/324801)

- you can see in the event viewer (Directory service) that the roles are
transferred, also give it some time

- reconfigure the DNS configuration on your NIC of the 2003 server, preferred
DNS itself, secondary the old one

- if you use DHCP do not forget to reconfigure the scope settings to point
to the new installed DNS server

- export and import of DHCP database (if needed) (http://support.microsoft.com/kb/325473)


Demoting the old DC (if needed)

- reconfigure your clients/servers that they not longer point to the old
DC/DNS server on the NIC

- to be sure that everything runs fine, disconnect the old DC from the network
and check with clients and servers the connectivity, logon and also with
one client a restart to see that everything is ok

- then run dcpromo to demote the old DC, if it works fine the machine will
move from the DC's OU to the computers container, where you can delete it
by hand. Can be that you got an error during demoting at the beginning, then
uncheck the Global catalog on that DC and try again

- check the DNS management console, that all entries from the machine are
disappeared or delete them by hand if the machine is off the network for ever

- also you have to start AD sites and services and delete the old servername
under the site, this will not be done during promotion

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

 

[Meinolf Weber]

Hello Paul,

BTW, i think "Doll" is not the best solution for addressing the woman in
a newsgroup.


!!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOUR DATA/MACHINE!!!

- On the old server open DNS management console and check that you are running
Active directory integrated zone (easier for replication, if you have more
then one DNS server)

- run replmon from the run line or repadmin /showrepl, dcdiag and netdiag
from the command prompt on the old machine to check for errors, if you have
some post the complete output from the command here or solve them first.
For this tools you have to install the support\tools\suptools.msi from the
2000 installation disk.

- run adprep /forestprep and adprep /domainprep and adprep /rodcprep from
the 2008 installation disk against the 2000 schema master, with an account
that is member of the Schema admins, to upgrade the schema to the new version
(44), you can check the version with "schupgr" in a command prompt.

- Install the new machine as a member server in your existing domain

- configure a fixed ip and set the preferred DNS server to the old DNS server
only

- run dcpromo and follow the wizard to add the 2008 server to an existing
domain, make it also Global catalog.

- if you are prompted for DNS configuration choose Yes. If not, install DNS
role after promotion.

- for DNS give the server time for replication, at least 15 minutes. Because
you use Active directory integrated zones it will automatically replicate
the zones to the new server. Open DNS management console to check that they
appear

- if the new machine is domain controller and DNS server run again replmon,
dcdiag and netdiag (copy the netdiag from the 2003!!! to 2008, will work)
on both domain controllers

- Transfer, NOT seize the 5 FSMO roles to the new Domain controller (http://support.microsoft.com/kb/324801
applies also for 2008)

- you can see in the event viewer (Directory service) that the roles are
transferred, also give it some time

- reconfigure the DNS configuration on your NIC of the 2008 server, preferred
DNS itself, secondary the old one

- if you use DHCP do not forget to reconfigure the scope settings to point
to the new installed DNS server

- export and import of DHCP database for 2008 choose "netshell dhcp backup"
and "netshell dhcp restore" command (http://technet.microsoft.com/en-us/library/cc772372.aspx)



Demoting the old DC

- reconfigure your clients/servers that they not longer point to the old
DC/DNS server on the NIC

- to be sure that everything runs fine, disconnect the old DC from the network
and check with clients and servers the connectivity, logon and also with
one client a restart to see that everything is ok

- then run dcpromo to demote the old DC, if it works fine the machine will
move from the DC's OU to the computers container, where you can delete it
by hand. Can be that you got an error during demoting at the beginning, then
uncheck the Global catalog on that DC and try again

- check the DNS management console, that all entries from the machine are
disappeared or delete them by hand if the machine is off the network for ever

- also you have to start AD sites and services and delete the old servername
under the site, this will not be done during promotion

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

 

[Phillip Windell]

Hello Paul,

BTW, i think "Doll" is not the best solution for addressing the woman in a
newsgroup.

......I think he meant me! <he he>

The women would obviously be "Babes".

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

 

[Paul Smith]

Thanks for the procedure and all the details. But the problem is that my
current server (the one to be replaced) sometimes turns off on its own and I
am afraid that whilst doing the migration this will occur...

 

[Meinolf Weber]

Hello Paul,

Then you should start asap to get a new one running. Maybe start with hardware
maintenance and find the reason, check the event viewers.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

 

[Paul Smith]

I am stuck in creating the DNS role on the new server...
Can you guide me which options to choose?

right now the primary zone is on the old server with name SRV1 and ip
192.168.2.1....

which options to choose when creating DNS please?

 

[Meinolf Weber]

Hello Paul,

The easiest part is as described in my previous reply.

- On the old server open DNS management console and check that you are running
Active directory integrated zone (easier for replication, if you have more
then one DNS server) or change it this way to AD integrated, open the DNS
management console, rightclick the forward lookup zone, choose properties,
General tab, you see TYPE and on the right side the CHANGE button. The same
make also for the reverse lookup zone If the zone is AD integrated you have
just to wait on the new server at least 15 minutes and AD will replicate
all zone information to the new server.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

 

[Paul Smith]

Hey I managed to get it to work!! all users and dns were moved from old
server to the new one and clients can still logon and make use of network
resources just as it was when the old server was online. However I still
dont know how I am going to move the data and the roaming profiles from the
old server to the new one without having the need to reassign share/NTFS
permissions again from scratch....I also have some scripts to map network
drives etc...

Could you help again please?

 

[Meinolf Weber]

Hello Paul,

Nice to hear.

Robocopy can copy the data with permissions and you can export the shares
from registry and import them.

Robocopy:
http://technet.microsoft.com/en-us/library/cc733145.aspx

Registry
Export this key from the registry the path "hklm/system/currentcontrolset/services/lanmanserver/shares"
to a file and import it on the new server

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

 

[Paul Smith]

Hello again
I used robocopy to send files from old server to new server using this
command

robocopy E:\USERS\ Z:\ /e

Where E is the local drive where the data resides and users is the folder
where data is located (each user having a respective folder). Z is a mapped
drive which is the drive of the new server and the /e switch to copy
everything including subfolders. But still permissions were not moved,
everything is accessible by anyone...

any help please?

 

[Meinolf Weber]

Hello Paul,

Use "/sec" without the qoutes also. Copies files with security.


Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

 

[Paul Smith]

hi meinolf everything worked like a charm except one essential thing :S when
i have put the old server offline the pcs could not logon on their folder
again !! i even disjoined them with the domain and rejoined them, their
folder would not appear in my computer..

i had previously set the \\servername\users\%username% parameter and it used
to work

the new server is indeed the domain controller which replicated from the old
server, but still the domain looks as if its still the old server even
though the new one is operational and all.

does this mean i have to reconfigure all users with their folders etc?

 

[Meinolf Weber]

Hello Paul,

Do you map the drive with a logon script or use the user account properties
profile, Home folder path's or a GPO?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

 

[Paul Smith]

i use the the user account properties

i specify a drive letter and enter this string \\servername\users\%username%

 

[Meinolf Weber]

Hello Paul,

Can you access it from the run line with \\servername\users\%username% or
\\servername\users ? Are the DNS forward/reverse lookup zone records all
correct updated?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm