Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Server 2003 to 2008 AD Migration

Status
Not open for further replies.

ITschoolGuy

Instructor
Jun 3, 2002
128
US
Hello -

I have been tasked with installing a new 64-bit Windows Server 2008 file server in a small, single server network. The existing server is running 32-bit Server 2003 and is configured as a DC. It is showing signs of an imminent failure so it needs to be replaced ASAP.

While I have a good general understanding of what's involved, I'm pretty weak on the specifics. Nevertheless, it has to be done and there is no one else in the company to do it. I'm hoping one of the experts here can assist me with a bit of troubleshooting or, at least, guidance as to how best to complete this task.

Here is what I've done so far: I setup the new Server 2008 box on the LAN and assigned static IPs to both its Ethernet interfaces (only one of which is going to be used - I disabled the other). On the existing Server 2003 machine, I made sure the domain functional level was bumped up to the 2003 level (as opposed to Windows 2000 native). Then, using the adprep32 tool from the Server 2008 DVD, I did the forestprep and domainprep. Then I went to the new Server 2008 machine and added it to the domain, making sure DNS and DHCP services were installed and enabled. I ran dcpromo on the 2008 box to make it a DC. Then, using the AD Schema snap-in in MMC, I tried to set the new server as the domain controller (this initially failed but, then, it seemed to work). Then I transferred the FSMO roles to the new server...which didn't work either initially but, after waiting a while and trying again, it seemed to. I also checked in the Sites and Services console to make sure the new server was shown as a GC. Finally, I grabbed the DHCP scope from the old server and copied it to the new one.

I ran into some snags along the way - for example, I had to manually configure the interface binding before my DCHP would work. Also, the DNS forward lookup zone didn't come over to the new server right away - it took a while.

Anyway, as of right now, everything functions normally as long as the old 2003 server is up and running. If I take it offline (either by shutting down or disconnecting it from the LAN) I run into trouble - client PCs can't logon and the various management consoles on the new server (DNS, AD Users & Computers, AD Sites & Services, etc.) won't work because they indicate that the domain can't be found.

I went into DNS and placed checkmarks in the boxes for "allow zone transfers" but that didn't seem to do any good. I also tried forcing replication from the NTDS Settings in the AD Sites & Services console - also to no avail.

HEEEEELLLLPPPPPP!!! Sorry for "yelling" in all caps but I am pulling my hair out!

Does anyone have any idea what I might have missed?

Any assistance would be greatly appreciated.

Thanks.

Chris
 
What makes you think it is going to fail? Also is the new server configured with a RAID 5? Here is an article take a look it may help. Personally it is much easier to create a new domain and move all clients to that unless this is a large environment.

[]
 
Hi dberg35 -

The old server is a degraded RAID1 (one dead drive)and is exhibiting other odd symptoms as well - e.g. random shutdowns, various software errors, etc. The powers that be opted to just buy a new server and then, I got thrown into the mix after the fact. BTW, yes, the new server is RAID5.

Normally I would agree re: creating a new domain. However, this environment, while not large, has dozens of users all with highly specialized group memberships, etc. In addition there is an RRAS VPN that needed to come over to the new server as well - again with particular users having specific dial-in privileges and so on. I didn't want to reinvent the wheel so to speak with all of that.

Thankfully, it seems like the users, groups, VPN settings, etc. all migrated correctly. My biggest issue is that the domain doesn't seem to function correctly when I bring down the original 2003 server. Some part of AD did not replicate I guess.

I'm not sure how best to correct that.

Any insight would be helpful.

Thanks so so much!!! :)

C-
 
Maybe DNS related, make sure that the primary (preferred) DNS server on all your clients and servers is set to the new 2008 DC and not still the original 2003 server which you are turning off.

-------------------------------

If it doesn't leak oil it must be empty!!
 
Thanks for the suggestions thus far. I did transfer the FSMO roles and I do have the primary DNS on all the clients (as well as the server itself) set to the LAN IP of the new 2008 server.

An interesting thing I noticed today is that the new server has no NETLOGON or SYSVOL shares. Am I right in thinking that this means replication of AD from the old server to the new one did not occur properly? I wish I knew more about this. Does anyone know how I can ensure that the AD replicates fully across to the new server?

Thanks in advance for any helpful suggestions! :)

Chris
 
The Netlogon and Sysvol shares should be created automatically when the server is promoted to a DC (obviously this stage wasn't 100% successful). Might be worth running dcpromo again to demote the server back to a member server and try again.

-------------------------------

If it doesn't leak oil it must be empty!!
 
On the new server, run REPADMIN /SHOWREPS and see if it shows successful replication from the other server.

Also, on the first server, check the File Replication Service event logs and see if the server has any error log entries that says it is in "journal wrap." It probably does, and if so, it would not have been able to replicate the NETLOGON share data to the new server when you first ran DCPROMO. The Directory Services data may have replicated properly (check REPADMIN results) but the NETLOGON data did not. If you resolve the journal wrap condition on the old server, you should be able to have the new one start pulling that data and then the SYSVOL and NETLOGON shares should come online.

Dave Shackelford
ThirdTier.net
TrainSignal.com
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top