Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Adding a 2003 server to 2000 server Active Directory
- Thread starter wfse
- Start date
No
1. Load the Windows 2003 OS (if slipstreamed with SP1, you need to disable RPC bind time negotiation-query on google to get kb number..takes hotfix and registry entry)
2. Point the new 2003 server to the current DC for preferred DNS
3. Run dcpromo to promote it to a DC (install DNS too)
4. Move FSMO roles to new 2003 DC
5. Make new DC a GC
6. Point 2003 server to itself for primary DNS, and the 2000 DC as alternate (do NOT use 127.0.0.1)
7. Point the 2000 DC to the 2003 DC for preferred DNS, and itself as alternate
8. Re-establish any trusts you have (on both sides) to ensure the TDO (trusted domain object) and the LMHOSTS files are all in tact
9. Adjust DHCP scopes for clients to include the new DC as a DNS server (can be preferred or alternate on clients-recommend alternate to ensure it has more resource availability when its needed)
If you don't do the DNS steps outlined above, expect replication problems.
If you need any more help, just let us know
-Brandon Wilson
MCSE:Security00/03
MCSA:Messaging00
MCSA:Security03
A+
1. Load the Windows 2003 OS (if slipstreamed with SP1, you need to disable RPC bind time negotiation-query on google to get kb number..takes hotfix and registry entry)
2. Point the new 2003 server to the current DC for preferred DNS
3. Run dcpromo to promote it to a DC (install DNS too)
4. Move FSMO roles to new 2003 DC
5. Make new DC a GC
6. Point 2003 server to itself for primary DNS, and the 2000 DC as alternate (do NOT use 127.0.0.1)
7. Point the 2000 DC to the 2003 DC for preferred DNS, and itself as alternate
8. Re-establish any trusts you have (on both sides) to ensure the TDO (trusted domain object) and the LMHOSTS files are all in tact
9. Adjust DHCP scopes for clients to include the new DC as a DNS server (can be preferred or alternate on clients-recommend alternate to ensure it has more resource availability when its needed)
If you don't do the DNS steps outlined above, expect replication problems.
If you need any more help, just let us know
-Brandon Wilson
MCSE:Security00/03
MCSA:Messaging00
MCSA:Security03
A+
Actually, the answer is yes.
You must first run the adprep on the 2000 domain's schema master. If the 2003 server is an R2, then you need to run this from the 2nd CD from the R2 server CD's. You'll need to run forestprep and domainprep first before you can dcpromo the 2003 server into the domain.
You can stop there, or you can tranfer the roles if you prefer, but you don't have to.
I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
You must first run the adprep on the 2000 domain's schema master. If the 2003 server is an R2, then you need to run this from the 2nd CD from the R2 server CD's. You'll need to run forestprep and domainprep first before you can dcpromo the 2003 server into the domain.
You can stop there, or you can tranfer the roles if you prefer, but you don't have to.
I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
- Thread starter
- #4
ah there ya go davetoo...i forgot to put down the first and most important step
without adprep though, a dcpromo should fail to complete...good good catch though
best practice is that if a 2003 DC is introduced to a 2000 domain, the 2003 should take over the fsmo roles if at all possible...but true, you don't necessarily have to
-Brandon Wilson
MCSE:Security00/03
MCSA:Messaging00
MCSA:Security03
A+
without adprep though, a dcpromo should fail to complete...good good catch though
best practice is that if a 2003 DC is introduced to a 2000 domain, the 2003 should take over the fsmo roles if at all possible...but true, you don't necessarily have to
-Brandon Wilson
MCSE:Security00/03
MCSA:Messaging00
MCSA:Security03
A+
They'll both be domain controllers (the existing 2000 DC and the new 2003 DC). It's just a matter of which roles each handles via the FSMO.
As Brandon indicates, best to give them to the 2003 server...my assumption is that it's going to be a newer/faster system and can handle the chores better...as well as having all the properties of being a 2003 server.
I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
As Brandon indicates, best to give them to the 2003 server...my assumption is that it's going to be a newer/faster system and can handle the chores better...as well as having all the properties of being a 2003 server.
I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
- Thread starter
- #7
This new server is also going to be a database server for a custom large program. Would the fact that it is a domain controller cause any performance or other issues?
I have a secondary domain 2K server. Sounds like it might be better to upgrade the secondary to 2003, make it the domain controller and make the current 2K domain sever the secondary.
I have a secondary domain 2K server. Sounds like it might be better to upgrade the secondary to 2003, make it the domain controller and make the current 2K domain sever the secondary.
There are no primary's secondarys like there were in NT4. There are DC's that handle FSMO roles.
Will it cause performance issues? Sure...how bad? No way of knowing. Depends on many factors. Can it handle the chore? Probably..but again, variables we're not aware of as far as system specs, etc.
If you have the money, I'd put in two identical 2003 R2 servers, let them handle AD and nothing else.
I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
Will it cause performance issues? Sure...how bad? No way of knowing. Depends on many factors. Can it handle the chore? Probably..but again, variables we're not aware of as far as system specs, etc.
If you have the money, I'd put in two identical 2003 R2 servers, let them handle AD and nothing else.
I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
yea putting anything else on the DC will make it the first thing taken off if you ever call MS support
the fact is, nothing at all should ever run on a DC except for the DC functions. Especially processor and memory intensive functions.
I'd suggest virtual server. Then you can make the new server a member server, and add a new DC onto VS (that is supported, but vmware is not)...then you could either use another VM as the db server, or that member itself (suggest another VM though).
-Brandon Wilson
MCSE:Security00/03
MCSA:Messaging00
MCSA:Security03
A+
the fact is, nothing at all should ever run on a DC except for the DC functions. Especially processor and memory intensive functions.
I'd suggest virtual server. Then you can make the new server a member server, and add a new DC onto VS (that is supported, but vmware is not)...then you could either use another VM as the db server, or that member itself (suggest another VM though).
-Brandon Wilson
MCSE:Security00/03
MCSA:Messaging00
MCSA:Security03
A+
- Status
Similar threads
- Locked
- Question