I have now purchased my new PDC and have server 2012 installed, which was a bit of a nightmare even though we had HP's 'Intelligent Provisioning' which I found wasn't that 'Intelligent' after all! The problem I have is that to save me time I would like it virtually (not in the IT sense) running before I go to switch off my current server that is running Windows Server 2003 32bit and Ranger, AD is installed and is showing our current policies and is seen as a member server, it is asking to be promoted to a domain controller. Will this cause any issues for users logging on? How do I transfer DHCP, DNS etc but not affect users logging on using Ranger, can they be run concurrently and at what stage and what do I need to do to remove the win 2003 server as we are removing Ranger and going it alone with a little help from Impero, would it also make sense to have Impero on the DC or another member server instead, would this impeed logon speed?
Basically you will need to setup DHCP and DNS all over again.
DHCP should be easy just set it all up and then stop the service on the other domain controller.
DNS again should be easy enough to copy the settings from the old server.
Promoting it to a master domain controller would be the next step.
Then make sure everything is still running fine and switch off the old DC. You may get problems but you can always turn it back on again.
Make sure all your clients have the new DNS IP too
Can this not be copied across? As I thought that maybe transferring the FSMO(?) details would then bring the details across or is there the possibility of migrating the details?
When you dcpromo a server to be a DC it will automatically install and copy DNS and AD settings. You should be ok to do this as I do it all the time to create a new DC. You would then need to transfer the roles to the new server and copy DHCP. I use a cmd to backup and export DHCP but I do not have it to hand at the mo.
Would you like more info?
If you don't mind?
Last edited by grahamd22; 16th May 2013 at 03:29 PM. Reason: error message could be ignored
I will put together a step by step when I get to work in the morning.
I have a bizarre update for this and it is already posted on the Server 2003 forum regarding the Administrator password resetting itself to something else but the problem has now been copied to the 2012 Server!
pm sent with migration step by step
Why not share it with the rest of us?
Looks like a new policy has been filtered down that changes the password of Administrator to the local password? but a restart at lunchtime should see whether this is the case.
It appears it was
Last edited by grahamd22; 17th May 2013 at 01:40 PM.
My migration basic list. (Think I got everything)Why not share it with the rest of us?
- Install server OS
-- run dcdiag and netdiag on old server to check for issuesMake sure old server has raised its domain function
Raising the functional level
To raise the domain functional level
● Open Active Directory Domains and Trusts.
● In the console tree, right-click the domain for which you want to raise functionality, and then click Raise Domain Functional Level.
● In Select an available domain functional level, do one of the following:
○ To raise domain functional level to Windows Server 200X, click Windows Server 200X, and then click
To raise the forest functional level
● Open Active Directory Domains and Trusts.
● In the console tree, right-click the Active Directory Domains and Trusts node, and then click Raise Forest Functional Level.
● In Select an available forest functional level, click Windows Server 200X, and then click Raise.
- check old server event logs and fix errors
--Join server to domainadprep /forestprep and /domainprep
If upgrading to newer OS, adprep /forestprep and /domainprep etc on original (OLD) server use new OS CD and copy the adprep folder to old server.
if your old server is 32 bit then adprep32 if its 64 the adprep
Note: You must run adprep.exe from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.
Then I adprep32.exe /forestprep
Then I adprep32.exe /domainprep /gpprep (this does both domainprep and gpprep)
-- check dns get replicatedRun DCPROMO to make it a domain controller - this will install AD & DNS as well IIRC and begin to replicate existing AD & DNS
Do not tick use advanced
Select Existing forest
Select add dc to existing domain.
ignore RODC error
next for default-first-site-name
leave Global catalogleave and DNS ticked (in fact in a single domain forest, your best bet is to make all DCs
Ignore message - ‘a delegation for this dns server cannot be created because the authoritive parent zone connot be found..........)
Do you need to care about it?
Not if you don't have users in other domains (Internet included) that have the need to resolve DNS queries in the local domain.
- check sysvol gets replicated
- install wins role
- at theis point I would leave for a while and then do netdiag / dcdiag and check for any errors
- up to this point your old server is still the main server
- Transfer the roles to the new server Transferring FSMO Roles in Windows Server 2008
- Backup dhcp on old server
-install dhcp role on new server and importTo export netsh dhcp server export c:\dhcp.txt all
-Go through all dhcp settings and make sure things like DNS are pointing to the new servernetsh dhcp server import c:\dhcp.txt all
- you might need to authorize dhcp
- check client computer gets new dhcp settingsRight click on the server name in the GUI and select ‘Authorise’ from the context menu. Press F5 to refresh.
- use network for a while and when you are happy demote the old server.ipconfig /release
Check ipconfig /all
zag (17th May 2013)
At what point will the new server get the same DNS is that when you transfer the FSMO roles and how do I go about checking that DNS is pointing to the new server?
DNS gets created or copied when you run dcpromo.
From server 2003 onwards all domain controllers are the same, you do not have a primary dc etc so when you run dcpromo on you second server and create a DC it copies dns, sysvol, Group policies and active directory over to the new server and it is an exact replica of the first server. You two domain controllers will automatically talk to each other and will make sure they both hold the same info for dns, sysvol, group policies and active directory.
This is a good way of keeping a live backup of your dc.
When you say making sure dns is pointing to your new server are you talking about your clients being aware of the new dns server? if so this is done normally by the DHCP server role which the clients use to find the DNS server, Gateway etc. You could manually type the new server dns settings in to a client computers network cards IP settings and test.
NB. in the network card adapter settings on both the servers, in the preferred DNS server you have the IP for the server you are on and in the Alternate DNS server you have the other servers ip.
grahamd22 (6th June 2013)
There are currently 1 users browsing this thread. (0 members and 1 guests)