Replace Windows 2003 DC

[netadmin]

I have a Windows 2003 Standard domain controller that I need to replace soon. The current DC runs the following services:
-Active Directory
-DNS
-DHCP
-VPN

What is the easiest way to migrate to the new server with little network downtime?

I was thinking about adding the new server to active directory as a member server. From what I have read, this should migrate user and computer accounts. After that point, I am lost.

Thank you for any advice!

[FN-GM]

Hi mate

You will need to add the new server as a second DC and run your two servers together for a while. When you add your server as a DC sort out VPN, DNS etc. And when everything like that has been moved over transfer your FMSO roles to your new server. It is important you do that, if you don’t your network will collapse.

http://www.petri.co.il/transferring_fsmo_roles.htm

To Transfer the Domain-Specific RID Master, PDC Emulator, and Infrastructure Master FSMO Roles:

1. Open the Active Directory Users and Computers snap-in from the Administrative Tools folder.
2. If you are NOT logged onto the target domain controller, in the snap-in, right-click the icon next to Active Directory Users and Computers and press Connect to Domain Controller.
3. Select the domain controller that will be the new role holder, the target, and press OK.
4. Right-click the Active Directory Users and Computers icon again and press Operation Masters.
5. Select the appropriate tab for the role you wish to transfer and press the Change button.
6. Press OK to confirm the change.
7. Press OK all the way out.

Make sure you change all the roles.

When you have done that you are good to go

Z

[zag]

Dont forget to change your clients to use the new server for their primary DNS otherwise they may not be able to log on.

[ICT_GUY]

I wil be doing this soon so thanks from me.

[FN-GM]

You know how to contact us if you need a hand...

[netadmin]

Thank you, FN-Greatermanchester.

That was very helpful! I'll start working on this next week. I'll post back if I run into problems.

Thanks again!

[eean]

You will need to add the new server as a second DC and run your two servers together for a while.

How long? Isn't there a command that forces the sync of the servers (last time I did this was about 7 years ago but I have to do it next week too!)

Oh, and:
I want to copy all the files (along with the permissions) from the old server to the new one, 'as is'. All the locations etc.. will be the same. I could use something like xcopy that is run from the local system account, because it'll have full access to all the files. (The Domain Admin doesn't, by default) BUT: Presumably, local\system won't have access to the new server, so won't be able to place the files there?? Is there any way around this? Or will I have to add a domain admin to all the files and run it from there. (I dont' want to f up the permissions!)

Also:
Moving the shares: Is there an easy way of taking all the old shares from the old server to the new one. Shares are held in the registry, so presumably I can just export that key and reimport it on the new server? Will that work?

[FN-GM]

Hi mate

You don’t need to do any command prompts. Just do what it says above.

As for moving files i use this. It will copy your shares and permissions. http://www.microsoft.com/downloads/d...DisplayLang=en

[netadmin]

FN-Greatermanchester, thanks you again for all of your help and advice.

I finally completed this server replacement today, and it worked fine--no major issues. I did forget to demote the old DC, so that caused a few minor issues with DNS and DHCP.

If anyone else forgets to demote their old DC in the future, I recommend looking at the "removing a dead dc from ad" pdf document on the following webpage: Remove Dead DC from AD

Thanks again for all the help!

[FN-GM]

Did you move all the roles over to the new server? Take a look at this this wiki page.

Understanding FSMO Roles in Active Directory - EduGeek.net Wiki

[netadmin]

Yes, I did get all the roles moved over. The event log now has no critical errors.

Thanks for the link. I'm printing it out as I speak for future reference. Very handy!