Windows 2003 DC Migration Action Plan

  • Thread starter Thread starter Sanjay Mehta
  • Start date Start date
S

Sanjay Mehta

Hi,

I am trying to put a action plan for the migration of our current domain
controller to a new domain controller [as we are running into space issues].

This is what I have came up [this is my first time].



Goal: To successful migrate the existing domain controller (pkserv1) to
another server (dc2)

Action Plan:

1) installation of windows 2003, application of all available service packs
and windows update on dc2
2) network integration of dc2, including domain membership and IP
configuration
3) installation of DNS on dc2 [as a secondary zone].

Some background info: the primary zone for DNS is running from the
exchange server and the 2 domain controllers are running secondary zones. We
don’t have AD integrated DNS.

Also there are no FSMO roles on pkserv1.

4) confirm DNS is working fine on dc2
Need some help here: what tool should I use?

4) installation of AD (dcpromo) on dc2
5) transfer of the user data from existing server (pkserv1) to dc2
6) transfer of printer settings from pkserv1 to dc2
7) test that users are able to login and access their data on dc2
8) preparation and shutdown of the old server. Remove AD using dcpromo
9) remove the secondary zone DNS from pkserv.

Need some help here: what tool should I use?

Is it as simple as right clicking the zone and pressing the delete button?

10) Need to check that pkserv1 is no longer exists as a domain controller.

Tools to use:

Netdiag and Dcdiag, check Active Directory Site and Services, and make sure
it does not exist there.

Can someone please help me – if I have missed something.

Thanks a bunch!
 
Hello Sanjay,

see inline

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

> Hi,
>
> I am trying to put a action plan for the migration of our current
> domain controller to a new domain controller [as we are running into
> space issues].
>
> This is what I have came up [this is my first time].
>
> Goal: To successful migrate the existing domain controller (pkserv1)
> to another server (dc2)
>
> Action Plan:
>
> 1) installation of windows 2003, application of all available service
> packs
> and windows update on dc2
> 2) network integration of dc2, including domain membership and IP
> configuration

check that it only points to one running DNS server as preferred nothing
else.

> 3) installation of DNS on dc2 [as a secondary zone].
> Some background info: the primary zone for DNS is running from the
> exchange server and the 2 domain controllers are running secondary
> zones. We don’t have AD integrated DNS.

It will be really easier to change to Active directory integrated zone.

> Also there are no FSMO roles on pkserv1.
>
> 4) confirm DNS is working fine on dc2
> Need some help here: what tool should I use?

nslookup http://support.microsoft.com/kb/200525 http://technet2.microsoft.com/windo...7fff-4367-a241-725946fbb67e1033.mspx?mfr=true

> 4) installation of AD (dcpromo) on dc2

make it also Global catalog server

> 5) transfer of the user data from existing server (pkserv1) to dc2

with robocopy or xxcopy you can also include the security permissions from
the folders you are copying.

> 6) transfer of printer settings from pkserv1 to dc2

Printmigrator can help you http://www.microsoft.com/WindowsServer2003/techinfo/overview/printmigrator3.1.mspx

> 7) test that users are able to login and access their data on dc2

check the DNS settings from the clients they are using

> 8) preparation and shutdown of the old server. Remove AD using dcpromo

can be that you get an error, then first uncheck the Global catalog

> 9) remove the secondary zone DNS from pkserv.
> Need some help here: what tool should I use?
>
> Is it as simple as right clicking the zone and pressing the delete
> button?

if you change to AD integrated DNS, nothing to do.

> 10) Need to check that pkserv1 is no longer exists as a domain
> controller.
>
> Tools to use:
>
> Netdiag and Dcdiag, check Active Directory Site and Services, and make
> sure it does not exist there.
>
> Can someone please help me – if I have missed something.

Check on the Exchange system manager that Exchange is not pointing to the
old DC under Recipients update service.

> Thanks a bunch!
>
 
Hello Meinolf,

Thanks for your comments!

At the moment - I don't want to AD intergrate the DNS. I guess its easier
to do everything one by one [for me].

So, I would like to maintain the current structure [in terms of the DNS
structure]

Can you please suggest how I should proceed with 9)


Also I found your comment on 4) to be quite interesting.

Can you clarify why I would want to make it a global catalog server. We
already have
one another catalog server - although I had over looked ... pkserv1 is also
a global
catalog server.

So, to summarise, right now ... we have 2 global catalog servers. pkserv1
(the server
to be retired), plus another server called pkcore.

According to my basic knowledge doesnt Microsoft recommend having one global
catalog
server?

We just have one small domain - that's it. No regional office etc

Thanks
 
Hello Sanjay,

Global catalog server is needed for user and computer logon, so if one dc
with GC is down, teh users cannot logon to the domain even if all other
servers are running and they get trouble to access resources on the network.
So it is a part of redundancy like you should have more then one DNS/DHCP
server. If you have only a single forest/domain like you, every server can
be GC without any problem. If that will change you have to look for some
changes.

Planning Global Catalog Server Placement
http://technet2.microsoft.com/windo...68e8-40d8-8c72-099f8bc259ff1033.mspx?mfr=true

Here are some infos about the Global catalog:
http://support.microsoft.com/kb/216970

http://technet2.microsoft.com/windo...d2a1-4e72-a54f-150483fa885a1033.mspx?mfr=true

http://technet2.microsoft.com/windo...ea05-4bd8-a68c-12cf8fb1af501033.mspx?mfr=true

9. Because it is only a copy of the primary zone, you can do it like you
wrote. If you have deleted it, make sure that also the entry in the primary
zone for the retired server will disappear, if not automatically you have
to delete the not existing DNS server record by hand.


Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

> Hello Meinolf,
>
> Thanks for your comments!
>
> At the moment - I don't want to AD intergrate the DNS. I guess its
> easier to do everything one by one [for me].
>
> So, I would like to maintain the current structure [in terms of the
> DNS structure]
>
> Can you please suggest how I should proceed with 9)
>
> Also I found your comment on 4) to be quite interesting.
>
> Can you clarify why I would want to make it a global catalog server.
> We
> already have
> one another catalog server - although I had over looked ... pkserv1 is
> also
> a global
> catalog server.
> So, to summarise, right now ... we have 2 global catalog servers.
> pkserv1
> (the server
> to be retired), plus another server called pkcore.
> According to my basic knowledge doesnt Microsoft recommend having one
> global
> catalog
> server?
> We just have one small domain - that's it. No regional office etc
>
> Thanks
>
 
Hi Meinolf,

for 7) the clients are getting the DNS setting from the exchange server and
from the other DC controller called (pkcore).

So, we have 1 primary DNS (exchange box), 2 DC's which are secondary.

Is their anything else instead that we could use to check for 7).

Thanks
 
Hello Sanjay,

Think not, clients need an ip address, a DNS server and GC to authenticate,
thats all. Make sure they get it and it will work.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

> Hi Meinolf,
>
> for 7) the clients are getting the DNS setting from the exchange
> server and from the other DC controller called (pkcore).
>
> So, we have 1 primary DNS (exchange box), 2 DC's which are secondary.
>
> Is their anything else instead that we could use to check for 7).
>
> Thanks
>
 
Hi Meinolf,

okay ....

In response to 1) what's the logically reasoning as to why dc2 should point
to one running DNS server?

I see also that pkserv1 is pointing to one DNS server but strangely its
pointing not to the primary DNS server (exchange server) but pkcore which is
the 2nd Domain controller we have.

Thanks
 
Hello Sanjay,

If possible it should allways point to the most actual DNS server, in your
case the primary. If you use AD integrated zones all DNS servers have the
same info every time AD replicates, by default 5 minutes latest. So it doesn't
matter if one goes down. Also if you change some zone properties they will
be automatically replicated.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

> Hi Meinolf,
>
> okay ....
>
> In response to 1) what's the logically reasoning as to why dc2 should
> point to one running DNS server?
>
> I see also that pkserv1 is pointing to one DNS server but strangely
> its pointing not to the primary DNS server (exchange server) but
> pkcore which is the 2nd Domain controller we have.
>
> Thanks
>
 
Hi Meinolf,

Exactly - what I thought.

pkserv1 should be pointing to the exchange server instead of the DC (pkcore).

In response to 1) what's the logically reasoning as to why dc2 should point
to one running DNS server?

And not point to 2 servers?

thanks
 
Hello Sanjay,

Maybe check this one:
http://support.microsoft.com/kb/825036

Every computer in the network has to point at least to one DNS server, if
you have redundancy DNS then they should also point to them as secondary
servers.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

> Hi Meinolf,
>
> Exactly - what I thought.
>
> pkserv1 should be pointing to the exchange server instead of the DC
> (pkcore).
>
> In response to 1) what's the logically reasoning as to why dc2 should
> point to one running DNS server?
>
> And not point to 2 servers?
>
> thanks
>
 
Hello Meinolf,

I have read

http://support.microsoft.com/kb/825036


I agree with your comments that:

"Every computer in the network has to point at least to one DNS server, if
you have redundancy DNS then they should also point to them as secondary
servers. "


My question is with regards to DC2. See your inline comments for 2).

Why should DC2 point to one DNS server and not two DNS servers?


Thanks
 
Hello Sanjay,

That is only for the phase of installing DNS on the machine, so that it can
replicate Active Directory informations from a running machine with DNS.
Sorry , forgot to mention that it is only for the installation phase.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

> Hello Meinolf,
>
> I have read
>
> http://support.microsoft.com/kb/825036
>
> I agree with your comments that:
>
> "Every computer in the network has to point at least to one DNS
> server, if you have redundancy DNS then they should also point to them
> as secondary servers. "
>
> My question is with regards to DC2. See your inline comments for 2).
>
> Why should DC2 point to one DNS server and not two DNS servers?
>
> Thanks
>
 
Hi Meinolf,

That's cool.

For step 5) i.e. Prior to installing AD - need to run some perquisites checks:


I am referring to:

http://technet2.microsoft.com/windo...bf98-4a80-8718-dd80dc1071fd1033.mspx?mfr=true

in point 8) Verify the availability of the operations masters


In it, Microsoft recommend running:


dcdiag /s: pkcore /test:knowsofroleholders /v
dcdiag /s: pkcore /test:fsmocheck /v

where pkcore is my main domain controller.



Also, in kb 265706, they recommend running:

dcdiag /test:dcpromo /dnsdomain:mydomain.com /replicadc

this basically is to test so that the DNS configuration is sufficient to
allow this computer to be promoted as a replica domain controller in the
mydomain.com domain.


So my question are this tests the right ones?

Thanks
 
Hello Sanjay,

Sorry, for the late response, was on leave until now.
You can do it this way, that's ok, but also an easy way is to run dcpromo
at the machine and see what's happen. If DNS is configured correctly it should
work. So just give it a try.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

> Hi Meinolf,
>
> That's cool.
>
> For step 5) i.e. Prior to installing AD - need to run some perquisites
> checks:
>
> I am referring to:
>
> http://technet2.microsoft.com/windowsserver/en/library/b96e3f0a-bf98-4
> a80-8718-dd80dc1071fd1033.mspx?mfr=true
>
> in point 8) Verify the availability of the operations masters
>
> In it, Microsoft recommend running:
>
> dcdiag /s: pkcore /test:knowsofroleholders /v dcdiag /s: pkcore
> /test:fsmocheck /v
>
> where pkcore is my main domain controller.
>
> Also, in kb 265706, they recommend running:
>
> dcdiag /test:dcpromo /dnsdomain:mydomain.com /replicadc
>
> this basically is to test so that the DNS configuration is sufficient
> to allow this computer to be promoted as a replica domain controller
> in the mydomain.com domain.
>
> So my question are this tests the right ones?
>
> Thanks
>
 
Back
Top