Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to join existing 2003 servers to a new 2008 domain

Status
Not open for further replies.
FratorPR

FratorPR

MIS
Feb 14, 2006
25
US
Hi... Hope you can point me in the right direction on this... I currently have 3 locations connected via VPN and each location has a 2003 R2 server. These servers are not in the same domain, each server is its own Domain. I am connecting another location to the VPN and that new location will have a brand new 2008 R2 (64) server (not yet configured). I would like to consolidate these multiple domains into a single domain, having the 2008 R2 be the DC of the new domain and the existing 2003 R2 be members of this new domain. I want all servers to replicate AD in order to authenticate users if a VPN link to the main server goes down.

What would be the best way to accomplish this?

I have looked around for a post on this specific scenario but most of them are relating to either adding a 2008 to a 2003 domain or upgrading 2003 to 2008.

Your assistance would be greatly appreciated... Thank you in advanced!
 
Sort by date Sort by votes
You're going to need to use Microsoft ADMT to migrate resources to the "new" forest. This will require you create trusts between the domains.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
Upvote 0 Downvote
You'll need the Active Directory migration tool;

Active Directory Migration Tool version 3.2


Active Directory Migration Tool (ADMT) Guide: Migrating and Restructuring Active Directory Domains



If the current 2003 Domain controllers at each site are to also be the domain controllers in the new domain you would need to demote them and promote them to DCs in the new domain, this would be done after you have migrated the users and computers to the new domain.

If these 2003 DCs are to remain running Windows 2003 then you will need to ensure that when you create your new 2008 domain you set the functional levels to 2003.

What Are Active Directory Functional Levels?



Paul
VCP4

RFC 2795 - The Infinite Monkey Protocol Suite (IMPS)

Difficult takes a day, impossible takes a week
 
Upvote 0 Downvote
I appreciate your input 58sniper and pagy... Quick question on the ADMT tool. Since these are 3 separate domains (each office has its own domain, currently I have to create the same user 3 times in order for them to gain access to each server resource), can I use ADMT for all three domains into one 2008 R2 server? I was thinking of building the 2008 R2 with a new domain name and creating objects (users, computers, policies, etc...) from scratch. Once tested, I was going to demote the 2003 servers and join the new domain as DCs.

Also... Been that these are connected via VPN and are on different subnets, what type of DNS setup would you recommend?

EXISTING
Server 2 (2003 R2 SP2) - DOMAIN2 - 192.168.1.252
Server 3 (2003 R2 SP2) - DOMAIN3 - 192.168.6.250
Server 4 (2003 R2 SP2) - DOMAIN4 - 192.168.0.250

PROPOSED
SERVER 1 (2008 R2 NEW) - DOMAIN1 - 192.168.100.250
Server 2 (2003 R2 SP2) - DOMAIN1 - 192.168.1.252
Server 3 (2003 R2 SP2) - DOMAIN1 - 192.168.6.250
Server 4 (2003 R2 SP2) - DOMAIN1 - 192.168.0.250

Thanks again.
 
Upvote 0 Downvote
You don't create the users from scratch. You create trusts and use the ADMT to move the users and computers from the various domains (source) into the new domain (target).

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
Upvote 0 Downvote
I would probably go with ADMT or a 3rd-party tool like QMM for the migration aspect, unless those three domains are very small with only a few users and resources in each one. Recreating the users from scratch may seem easy at first glance, but then you have to take into consideration group members, ACLs on domain resources (file shares, printers, etc), Exchange accounts (if present), etc.

A proper migration is probably your best bet.

________________________________________
CompTIA A+, Network+, Server+, Security+
MCTS:Windows 7
MCSE:Security 2003
MCITP:Server Administrator
MCITP:Enterprise Administrator
MCITP:Virtualization Administrator 2008 R2
Certified Quest vWorkspace Administrator
 
Upvote 0 Downvote
I got it... But what happens if there are duplicate objects on the 3 different domains? I inherited this setup, whoever installed these servers did not create trust relationships so we've been creating the same user 3 times (one on each domain). If I do ADMT on all of the separate domains (source), how will the new domain (target) manage duplicate objects?

Also, can I use my 2003 servers as DNS servers for their respective subnet (which they currently are) once they become DCs of my new domain?

Lastly, would I need to join each individual computer to the new domain or would the domain change propagate into the PCs? I think I know the answer but you might know something I don't which might make my life a little easier :)

Thanks for taking time to reply.
 
Upvote 0 Downvote
ADMT would migrate the computer object to the target domain.

In all seriousness, I'd recommend bringing in a consultant to evaluate your infrastructure and assist with getting things migrated over.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
Upvote 0 Downvote
Thanks for your input 58sniper... I appreciate the time you have taken to answer my questions... I'm opting to start my domain from the ground up since I inherited a mess to begin with. Maybe it is the right time to do it right. It is not a big volume of machines and users. Thanks again.

 
Upvote 0 Downvote
The answers to your questions will depend on the tools that you use. Some tools will do the migrations from all three source domains, merge duplicates users/groups, update/re-ACL resources and manage the workstation migration as well. But it's going to depend on how much you need to migrate whether a third-party tool makes sense, or if you should use ADMT and then manually do some steps, or just manually do everything.

________________________________________
CompTIA A+, Network+, Server+, Security+
MCTS:Windows 7
MCSE:Security 2003
MCITP:Server Administrator
MCITP:Enterprise Administrator
MCITP:Virtualization Administrator 2008 R2
Certified Quest vWorkspace Administrator
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
351
goombawaho
goombawaho
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
190
DTGMI
DTGMI
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
373
gbaughma
gbaughma
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
220
microsGuy16
microsGuy16
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
133
ADB100
ADB100

Part and Inventory Search

Sponsor

Back
Top