Upload
others
View
8
Download
0
Embed Size (px)
Citation preview
Domain Controller Migration
(Windows server 2003 DC to Server 2008 R2)
Index
Part-1: Preparing source server (2003) for migration 03-05 Part-2: Installing Additional DC in Server 2008 in Replication mode (transition mode) 06-17 Part-3: Transferring FSMO (Flexible single Master Operations) Roles to 2008DC 18-34 Part-4: Test and Demote server 2003 34-40
Part-1
Prepare source server for migration:
1. Prepare Forest and Domain in 2003 DC using ADPREP utilities , copy adprep from windows server
2008 (32bit) DVD
Path: d:\sources\adprep\adprep32.exe to c:\ to server 2003 and Run,
(Note: you can run directly run by using 2008 dvd)
2. Run >cmd> adprep32.exe /forestprep
During the forest preparation you will be asked to press C to continue to forest preparation.
2) Domain preparation:
Here we need to set domain to server 2003 mode. Path: Admistrative tools> AD>domain and trust> domain (right click) >Raise the domain functional level. Note: you need to raise both forest and domain fictional level to server 2003 level And rerun domainprep.
Part -2
Now, I assume you already have Windows server 2008 installed, Join server 2008 to domain and login as a domain administrator. Install AD DS in source server 2008 by using Server manager > add roles >
1. DNS > install (Don’t configure just install)
2. ADDS >install.
After preparing source server , install active directory in replication mode by running dcpromo in run command,
4. Here you need to select Existing forest > Add a domain controller to an existing forest.
Then Press Next
5. Type name of the domain “banana.com” and click on set, a pop will appear for admin user
name and password.
6. Click next, here a pop up will appear for Read only domain controller, because we haven’t
run “Adprep /RODPREP” this is an optional, click yes to continue
8. Check for additional domain controller options check box, DNS and global catalog box and
click next
9. Here you need to assign a static IP(some reason it was not taking static IP which I have
already assigned) select dynamically assign an ip address
A popup will appear “A Delegation for this dns server cannot be created because-----) click YES to
continue.
Click next to continue
Click next to continue
Here you can see installation under progress
The AD Installation is successful, Reboot the server.
Part-3
Transfer FSMO ( Flexible Single Master operations ) ROLEs to DC-2008 server,
There are 5 FSMO roles they are
1. Schema Master
2. Domain Naming Master
3. Infrastructure Master
4. Relative ID (RID) Master
5. PDC Emulator The FSMO roles are going to be transferred, using the following three MMC snap-ins:
Active Directory Schema snap-in : Will be used to transfer the Schema Master role
Active Directory Domains and Trusts snap-in : Will be used to transfer the Domain Naming Master role
Active Directory Users and Computers snap-in : Will be used to transfer the RID Master, PDC Emulator,
and Infrastructure Master roles Note: The following steps are done on the Windows Server 2008 machine that I intend to set as the roles holder ( transfer the roles to it ) Let us start transferring the FSMO roles.
Using Active Directory Schema snap-in to transfer the Schema Master roleYou have to register schmmgmt.dll in
order to be able to use the Active Directory Schema snap-in
1. Click Start > Run
2. Type regsvr32 schmmgmt.dll
3. Click ok
A popup message will confirm that schmmgmt.dll was successfully registered. Click OK
4. Click Start > Run, type mmc, then click OK
5. Click File > then click Add/Remove Snap-in...
6. From the left side, under Available Snap-ins, click on Active Directory Schema, then click Add > and then
click OK
8. From the listed Domain Controllers, click on the domain controller that you want to be the schema master role
holder and then click on OK
You will receive a message box stating that the schema snap-in is not connected to a schema operations master.
That is for sure, as we have not yet set this Windows Server 2008 domain controller as a Schema Master role
holder. This will be done in the next step. Click OK
9. In the console tree, right click Active Directory Schema [DomainController.DomainName], and then
click Operations Master.
10. On the Change Schema Master page, the current schema master role holder will be displayed (ex. Server
2003) and the targeted schema holder as well (ex:2k8). Once you click Change, the schema master holder will
become
dc 2k8, Click Yes to confirm the role transfer
The role will be transferred and a confirmation message will be displayed.
Click OK
Then click Close, as you can see in the below snapshot, the current schema master is Exchange08.banana.com
Using Active Directory Domains and Trusts snap-in to transfer the Domain Naming Master Role
1. Click Start > Administrative Tools > then click Active Directory Domains and Trusts
2. Right click Active Directory Domains and Trusts, then click Change Active Directory Domain Controller...
3. From the listed Domain Controllers, click on the domain controller that you want to be the Domain
Naming master role holder and then click onOK
4. Right click Active Directory Domains and Trusts, then click Operations Master.
5. On the Operations Master page, we are going to change the Domain Naming role holder
from 2003domain.banana.com toexchange08.banana.com, Click Change
Click YES to confirm the transfer of the Domain Naming role
The role will be transferred and a confirmation message will be displayed. Click OK, and then click Close
Till now, we have successfully transferred two FSMO roles, the Schema Master role and the Domain Naming role.
The last three roles can be transferred using a single Snap-in
Using Active Directory Users and Computers snap-in to transfer the RID Master, PDC Emulator, and
Infrastructure Master Roles
1. Click Start > Administrative Tools > then click Active Directory Users and Computers
2. Right click Active Directory Users and Computers, then click All Tasks > Operations Master...
3. You will have three Tabs, representing three FSMO roles (RID, PDC, Infrastructure). Click the Change button under
each of these three tabs to transfer the roles. Click Yes to confirm the role transfer The role will be transferred and a confirmation message will be displayed. Click OK
Infrastructure:
As for the Infrastructure role, once you click on the Change button you will receive the below message
By default, when you first install your first Domain Controller, it holds the five roles and beside that it is a Global Catalog. If your environment is a multi-domain/forest, then you should think about structuring your FSMO roles and transfer the Infrastructure role to a none Global Catalog domain controller. Else if you have small number of domain controllers ( ex. two domain controllers) then you should not worry about this. Click Yes
That's it, by now; I have successfully transferred the five FSMO roles to the Windows Server 2008 Domain
Controller.
Note: Before you demote Server 2003 from the domain, make sure you test all the applications and wait for at
least 3 weeks to have testing done turn off the server 2003 for 2 weeks and then demote the retiring server 2003
DC from the domain if everything works 2008 environment.
============================================================================
After successful migration demote (decommission) server 2003 by running DCPROMO:-
Before you demoting server 2003, run the following commands, and (better run on both the server) On the W2K3
Server:
Make the Preferred DNS for the W2K3 server to point to 10.10.1.10 (IP address of server 2008 dc)
then do an ipconfig /flushdns and ipconfig /registerdns
then net stop dns & net start dns
the net stop netlogons & net start netlogons
wait about 15-30 minutes and try the netdiag again. Here netdiag and dcdiag on both the servers should pass all the tests, then demote the server 2003.
============================================================================