Guest Sanjay Mehta Posted November 22, 2007 Posted November 22, 2007 Hi, I am trying to put a action plan for the migration of our current domain controller to a new domain controller [as we are running into space issues]. This is what I have came up [this is my first time]. Goal: To successful migrate the existing domain controller (pkserv1) to another server (dc2) Action Plan: 1) installation of windows 2003, application of all available service packs and windows update on dc2 2) network integration of dc2, including domain membership and IP configuration 3) installation of DNS on dc2 [as a secondary zone]. Some background info: the primary zone for DNS is running from the exchange server and the 2 domain controllers are running secondary zones. We don’t have AD integrated DNS. Also there are no FSMO roles on pkserv1. 4) confirm DNS is working fine on dc2 Need some help here: what tool should I use? 4) installation of AD (dcpromo) on dc2 5) transfer of the user data from existing server (pkserv1) to dc2 6) transfer of printer settings from pkserv1 to dc2 7) test that users are able to login and access their data on dc2 8) preparation and shutdown of the old server. Remove AD using dcpromo 9) remove the secondary zone DNS from pkserv. Need some help here: what tool should I use? Is it as simple as right clicking the zone and pressing the delete button? 10) Need to check that pkserv1 is no longer exists as a domain controller. Tools to use: Netdiag and Dcdiag, check Active Directory Site and Services, and make sure it does not exist there. Can someone please help me – if I have missed something. Thanks a bunch!
Guest Meinolf Weber Posted November 22, 2007 Posted November 22, 2007 Re: DC Migration Action Plan Hello Sanjay, see inline Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm > Hi, > > I am trying to put a action plan for the migration of our current > domain controller to a new domain controller [as we are running into > space issues]. > > This is what I have came up [this is my first time]. > > Goal: To successful migrate the existing domain controller (pkserv1) > to another server (dc2) > > Action Plan: > > 1) installation of windows 2003, application of all available service > packs > and windows update on dc2 > 2) network integration of dc2, including domain membership and IP > configuration check that it only points to one running DNS server as preferred nothing else. > 3) installation of DNS on dc2 [as a secondary zone]. > Some background info: the primary zone for DNS is running from the > exchange server and the 2 domain controllers are running secondary > zones. We don’t have AD integrated DNS. It will be really easier to change to Active directory integrated zone. > Also there are no FSMO roles on pkserv1. > > 4) confirm DNS is working fine on dc2 > Need some help here: what tool should I use? nslookup http://support.microsoft.com/kb/200525 http://technet2.microsoft.com/windowsserver/en/library/d255b403-7fff-4367-a241-725946fbb67e1033.mspx?mfr=true > 4) installation of AD (dcpromo) on dc2 make it also Global catalog server > 5) transfer of the user data from existing server (pkserv1) to dc2 with robocopy or xxcopy you can also include the security permissions from the folders you are copying. > 6) transfer of printer settings from pkserv1 to dc2 Printmigrator can help you http://www.microsoft.com/WindowsServer2003/techinfo/overview/printmigrator3.1.mspx > 7) test that users are able to login and access their data on dc2 check the DNS settings from the clients they are using > 8) preparation and shutdown of the old server. Remove AD using dcpromo can be that you get an error, then first uncheck the Global catalog > 9) remove the secondary zone DNS from pkserv. > Need some help here: what tool should I use? > > Is it as simple as right clicking the zone and pressing the delete > button? if you change to AD integrated DNS, nothing to do. > 10) Need to check that pkserv1 is no longer exists as a domain > controller. > > Tools to use: > > Netdiag and Dcdiag, check Active Directory Site and Services, and make > sure it does not exist there. > > Can someone please help me – if I have missed something. Check on the Exchange system manager that Exchange is not pointing to the old DC under Recipients update service. > Thanks a bunch! >
Guest Sanjay Mehta Posted November 22, 2007 Posted November 22, 2007 Re: DC Migration Action Plan Hello Meinolf, Thanks for your comments! At the moment - I don't want to AD intergrate the DNS. I guess its easier to do everything one by one [for me]. So, I would like to maintain the current structure [in terms of the DNS structure] Can you please suggest how I should proceed with 9) Also I found your comment on 4) to be quite interesting. Can you clarify why I would want to make it a global catalog server. We already have one another catalog server - although I had over looked ... pkserv1 is also a global catalog server. So, to summarise, right now ... we have 2 global catalog servers. pkserv1 (the server to be retired), plus another server called pkcore. According to my basic knowledge doesnt Microsoft recommend having one global catalog server? We just have one small domain - that's it. No regional office etc Thanks
Guest Meinolf Weber Posted November 22, 2007 Posted November 22, 2007 Re: DC Migration Action Plan Hello Sanjay, Global catalog server is needed for user and computer logon, so if one dc with GC is down, teh users cannot logon to the domain even if all other servers are running and they get trouble to access resources on the network. So it is a part of redundancy like you should have more then one DNS/DHCP server. If you have only a single forest/domain like you, every server can be GC without any problem. If that will change you have to look for some changes. Planning Global Catalog Server Placement http://technet2.microsoft.com/windowsserver/en/library/0e4d2466-68e8-40d8-8c72-099f8bc259ff1033.mspx?mfr=true Here are some infos about the Global catalog: http://support.microsoft.com/kb/216970 http://technet2.microsoft.com/windowsserver/en/library/24311c41-d2a1-4e72-a54f-150483fa885a1033.mspx?mfr=true http://technet2.microsoft.com/windowsserver/en/library/440e44ab-ea05-4bd8-a68c-12cf8fb1af501033.mspx?mfr=true 9. Because it is only a copy of the primary zone, you can do it like you wrote. If you have deleted it, make sure that also the entry in the primary zone for the retired server will disappear, if not automatically you have to delete the not existing DNS server record by hand. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm > Hello Meinolf, > > Thanks for your comments! > > At the moment - I don't want to AD intergrate the DNS. I guess its > easier to do everything one by one [for me]. > > So, I would like to maintain the current structure [in terms of the > DNS structure] > > Can you please suggest how I should proceed with 9) > > Also I found your comment on 4) to be quite interesting. > > Can you clarify why I would want to make it a global catalog server. > We > already have > one another catalog server - although I had over looked ... pkserv1 is > also > a global > catalog server. > So, to summarise, right now ... we have 2 global catalog servers. > pkserv1 > (the server > to be retired), plus another server called pkcore. > According to my basic knowledge doesnt Microsoft recommend having one > global > catalog > server? > We just have one small domain - that's it. No regional office etc > > Thanks >
Guest Sanjay Mehta Posted November 22, 2007 Posted November 22, 2007 Re: DC Migration Action Plan Hi Meinolf, for 7) the clients are getting the DNS setting from the exchange server and from the other DC controller called (pkcore). So, we have 1 primary DNS (exchange box), 2 DC's which are secondary. Is their anything else instead that we could use to check for 7). Thanks
Guest Meinolf Weber Posted November 22, 2007 Posted November 22, 2007 Re: DC Migration Action Plan Hello Sanjay, Think not, clients need an ip address, a DNS server and GC to authenticate, thats all. Make sure they get it and it will work. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm > Hi Meinolf, > > for 7) the clients are getting the DNS setting from the exchange > server and from the other DC controller called (pkcore). > > So, we have 1 primary DNS (exchange box), 2 DC's which are secondary. > > Is their anything else instead that we could use to check for 7). > > Thanks >
Guest Sanjay Mehta Posted November 23, 2007 Posted November 23, 2007 Re: DC Migration Action Plan Hi Meinolf, okay .... In response to 1) what's the logically reasoning as to why dc2 should point to one running DNS server? I see also that pkserv1 is pointing to one DNS server but strangely its pointing not to the primary DNS server (exchange server) but pkcore which is the 2nd Domain controller we have. Thanks
Guest Meinolf Weber Posted November 23, 2007 Posted November 23, 2007 Re: DC Migration Action Plan Hello Sanjay, If possible it should allways point to the most actual DNS server, in your case the primary. If you use AD integrated zones all DNS servers have the same info every time AD replicates, by default 5 minutes latest. So it doesn't matter if one goes down. Also if you change some zone properties they will be automatically replicated. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm > Hi Meinolf, > > okay .... > > In response to 1) what's the logically reasoning as to why dc2 should > point to one running DNS server? > > I see also that pkserv1 is pointing to one DNS server but strangely > its pointing not to the primary DNS server (exchange server) but > pkcore which is the 2nd Domain controller we have. > > Thanks >
Guest Sanjay Mehta Posted November 23, 2007 Posted November 23, 2007 Re: DC Migration Action Plan Hi Meinolf, Exactly - what I thought. pkserv1 should be pointing to the exchange server instead of the DC (pkcore). In response to 1) what's the logically reasoning as to why dc2 should point to one running DNS server? And not point to 2 servers? thanks
Guest Meinolf Weber Posted November 23, 2007 Posted November 23, 2007 Re: DC Migration Action Plan Hello Sanjay, Maybe check this one: http://support.microsoft.com/kb/825036 Every computer in the network has to point at least to one DNS server, if you have redundancy DNS then they should also point to them as secondary servers. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm > Hi Meinolf, > > Exactly - what I thought. > > pkserv1 should be pointing to the exchange server instead of the DC > (pkcore). > > In response to 1) what's the logically reasoning as to why dc2 should > point to one running DNS server? > > And not point to 2 servers? > > thanks >
Guest Sanjay Mehta Posted November 23, 2007 Posted November 23, 2007 Re: DC Migration Action Plan Hello Meinolf, I have read http://support.microsoft.com/kb/825036 I agree with your comments that: "Every computer in the network has to point at least to one DNS server, if you have redundancy DNS then they should also point to them as secondary servers. " My question is with regards to DC2. See your inline comments for 2). Why should DC2 point to one DNS server and not two DNS servers? Thanks
Guest Meinolf Weber Posted November 23, 2007 Posted November 23, 2007 Re: DC Migration Action Plan Hello Sanjay, That is only for the phase of installing DNS on the machine, so that it can replicate Active Directory informations from a running machine with DNS. Sorry , forgot to mention that it is only for the installation phase. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm > Hello Meinolf, > > I have read > > http://support.microsoft.com/kb/825036 > > I agree with your comments that: > > "Every computer in the network has to point at least to one DNS > server, if you have redundancy DNS then they should also point to them > as secondary servers. " > > My question is with regards to DC2. See your inline comments for 2). > > Why should DC2 point to one DNS server and not two DNS servers? > > Thanks >
Guest Sanjay Mehta Posted November 23, 2007 Posted November 23, 2007 Re: DC Migration Action Plan Hi Meinolf, That's cool. For step 5) i.e. Prior to installing AD - need to run some perquisites checks: I am referring to: http://technet2.microsoft.com/windowsserver/en/library/b96e3f0a-bf98-4a80-8718-dd80dc1071fd1033.mspx?mfr=true in point 8) Verify the availability of the operations masters In it, Microsoft recommend running: dcdiag /s: pkcore /test:knowsofroleholders /v dcdiag /s: pkcore /test:fsmocheck /v where pkcore is my main domain controller. Also, in kb 265706, they recommend running: dcdiag /test:dcpromo /dnsdomain:mydomain.com /replicadc this basically is to test so that the DNS configuration is sufficient to allow this computer to be promoted as a replica domain controller in the mydomain.com domain. So my question are this tests the right ones? Thanks
Guest Meinolf Weber Posted November 25, 2007 Posted November 25, 2007 Re: DC Migration Action Plan Hello Sanjay, Sorry, for the late response, was on leave until now. You can do it this way, that's ok, but also an easy way is to run dcpromo at the machine and see what's happen. If DNS is configured correctly it should work. So just give it a try. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm > Hi Meinolf, > > That's cool. > > For step 5) i.e. Prior to installing AD - need to run some perquisites > checks: > > I am referring to: > > http://technet2.microsoft.com/windowsserver/en/library/b96e3f0a-bf98-4 > a80-8718-dd80dc1071fd1033.mspx?mfr=true > > in point 8) Verify the availability of the operations masters > > In it, Microsoft recommend running: > > dcdiag /s: pkcore /test:knowsofroleholders /v dcdiag /s: pkcore > /test:fsmocheck /v > > where pkcore is my main domain controller. > > Also, in kb 265706, they recommend running: > > dcdiag /test:dcpromo /dnsdomain:mydomain.com /replicadc > > this basically is to test so that the DNS configuration is sufficient > to allow this computer to be promoted as a replica domain controller > in the mydomain.com domain. > > So my question are this tests the right ones? > > Thanks >
Guest Sanjay Mehta Posted November 26, 2007 Posted November 26, 2007 Re: DC Migration Action Plan Hi Meinolf, Thank you for your help. Kind Regards.
Recommended Posts