Upgrading to 2003 R2 2

[ouzojd]

Hi, at the end of this week I'll be upgrading 2 DCs to 2003 R2. I've read a lot on the subject and am quite confident in all going well. I have 2 silly questions that are so stupid I cannot find answers anywhere.

1. My functional level is currently 2000 native, will that automatically change to 2003 interim after I run adprep /domain prep or will it stay at 2000 native and I need to select it manually?

2. The 2 2003R2 servers are currently member servers in the computers OU. Will they be moved as part of DCpromo into the Domain Controllers OU? If not at what point would I manually do it?

Sorry for the ignorance

 

[pagy]

1. No, you up domain and forest functional levels manually through AD domains and trusts.

2.Yes they would be moved automatically to the domain controllers OU.

Before makiing these r2 servers domain controllers though you need to upgrade the AD schema by running adprep /domainprep and adprep /forestprep from the 2nd r2 CD, this should be run on which ever server currently holds the schema master role.

Paul
MCSE


"Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe."
Albert Einstein

 

[ouzojd]

Thanks. fingers crossed all goes well.

 

[FloDiggs]

Another quick note: Make sure you have the appropriate version of adprep to do your domain and forest prep. We recently did exactly what you are talking about, but were using 2003 R2 64 bit edition. We had to get a hold of the adprep off of disk 2 for the 32 bit 2003 R2 cds to work properly with our 2000 DCs.

 

[ouzojd]

No worries thanks. Can I ask another quick question. My DNS is AD integrated on both the current DCs. Will demoting the DC also remove DNS or should I uninstall DNS before demotion or after demotion?

My plan is as follows (simplified)

promote existing 2003r2 server to dc called tempdc
install dns on it.
demote dc1
Rename another 2003r2 server to Dc1 with old DC1s ip address
Promote new dc1 to dc
Demote dc2
rename another prebuilt 2003r2 server to dc2
promote that to a dc
demote tempdc

Of course there will be a lot of dcdiags and netdiags as well as moving roles, dhcp, wins etc.

 

[58sniper]

I would remove DNS, and then manually verify that any related records are removed from your zones. Then demote the DC.

Pat Richard
Microsoft Exchange MVP

 

[ouzojd]

Thanks, I'll post back after the weekend and let you all know how it went. Much appreciated.

 

[ouzojd]

Sorry to bother you all again, I just read something that has scared me a bit about removing DNS.

http://msmvps.com/blogs/systmprog/a...-_2800_Active-Directory-Integrated_2900_.aspx

I know mine is AD integrated and both DCs currently running DNS show themselves as SOA. Is there any chance that when I remove DNS from the first DC before I transfer its roles (it has all 5) that it will replicate and remove everything from DNS on the other DNS servers?

 

[pagy]

It will only remove records relevant to that DC.

You should transfer the roles before removing dns or demoting the DC.
Personally I would just run dcpromo to demote the DC and not worry about removing DNS first, that's what MS say anyway and that's what I have always done;

http://technet2.microsoft.com/windo...552f-4b94-9ece-f550388976571033.mspx?mfr=true

Pat, I'd be interested to know why you recommend removing DNS from the server first.

Paul
MCSE


"Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe."
Albert Einstein

 

[ouzojd]

Thanks to everyone, I spent about 4 hours googling stuff this morning and never really found a definitive answer.

I thought maybe it came off first because you can only run AD Integrated DNS on a DC, but wasn't sure what would happen to DNS if it was still running on a server that was no longer a dc.

Anyway as long as I dont lose all my zones by removing DNS thats the main thing.

Also for each DC I demote I was planning to point them at the 2 DCs that would be left standing at the end of the demotion for the DNS settings, that should be OK?

And again thanks to all, it's one of those things I don't get to do to often and next time it will probably be a different OS again.

 

[58sniper]

I thought maybe it came off first because you can only run AD Integrated DNS on a DC, but wasn't sure what would happen to DNS if it was still running on a server that was no longer a dc.

DNS has a strange way of stopping on a DC when it's demoted. Funny how that is.

Anyway as long as I dont lose all my zones by removing DNS thats the main thing.

Well, something you're going to want to look at is what DNS servers your DHCP pool is configured for. If it's a server that's going to be decommissioned, you need to change that, and give the machines time to pick up the new configuration before you remove DNS from those servers.

Also for each DC I demote I was planning to point them at the 2 DCs that would be left standing at the end of the demotion for the DNS settings, that should be OK?

I don't see an issue with that.

Pat Richard
Microsoft Exchange MVP

 

[ouzojd]

Thanks guys, all went well. Just 1 little bug with remote synching of devices to OMA stopped working, dont know why but ticked Integrated Authentication in the exchange virtual dir on the exchange box and reset iis and away it went. Not sure if it was ticked or unticked before the upgrade but it definelty stopped working during the upgrade. I would of thought it should of been ticked all the time anyway.

Thanks again

 

[58sniper]

Devices don't sync to OMA. Do you mean EAS?

Pat Richard
Microsoft Exchange MVP

 

[ouzojd]

Sorry yes, that is whst I mean, and I think from what what I read the activesync virtual dir needs to then go through / authenticate through the exchange virtual dir which needed the box ticked. Long night.

Thanks