Jump to content

DC Migration Action Plan

Guest Sanjay Mehta

By Guest Sanjay Mehta
in Windows 2003 Server

 Share

Recommended Posts

Guest Sanjay Mehta

Guest Sanjay Mehta

Posted
Posted

Hi,

 

I am trying to put a action plan for the migration of our current domain

controller to a new domain controller [as we are running into space issues].

 

This is what I have came up [this is my first time].

 

 

 

Goal: To successful migrate the existing domain controller (pkserv1) to

another server (dc2)

 

Action Plan:

 

1) installation of windows 2003, application of all available service packs

and windows update on dc2

2) network integration of dc2, including domain membership and IP

configuration

3) installation of DNS on dc2 [as a secondary zone].

 

Some background info: the primary zone for DNS is running from the

exchange server and the 2 domain controllers are running secondary zones. We

don’t have AD integrated DNS.

 

Also there are no FSMO roles on pkserv1.

 

4) confirm DNS is working fine on dc2

Need some help here: what tool should I use?

 

4) installation of AD (dcpromo) on dc2

5) transfer of the user data from existing server (pkserv1) to dc2

6) transfer of printer settings from pkserv1 to dc2

7) test that users are able to login and access their data on dc2

8) preparation and shutdown of the old server. Remove AD using dcpromo

9) remove the secondary zone DNS from pkserv.

 

Need some help here: what tool should I use?

 

Is it as simple as right clicking the zone and pressing the delete button?

 

10) Need to check that pkserv1 is no longer exists as a domain controller.

 

Tools to use:

 

Netdiag and Dcdiag, check Active Directory Site and Services, and make sure

it does not exist there.

 

Can someone please help me – if I have missed something.

 

Thanks a bunch!

  • Replies 14
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Meinolf Weber

Guest Meinolf Weber

Posted
Posted

Re: DC Migration Action Plan

 

Hello Sanjay,

 

see inline

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

** Please do NOT email, only reply to Newsgroups

** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

> Hi,

>

> I am trying to put a action plan for the migration of our current

> domain controller to a new domain controller [as we are running into

> space issues].

>

> This is what I have came up [this is my first time].

>

> Goal: To successful migrate the existing domain controller (pkserv1)

> to another server (dc2)

>

> Action Plan:

>

> 1) installation of windows 2003, application of all available service

> packs

> and windows update on dc2

> 2) network integration of dc2, including domain membership and IP

> configuration

 

check that it only points to one running DNS server as preferred nothing

else.

> 3) installation of DNS on dc2 [as a secondary zone].

> Some background info: the primary zone for DNS is running from the

> exchange server and the 2 domain controllers are running secondary

> zones. We don’t have AD integrated DNS.

 

It will be really easier to change to Active directory integrated zone.

> Also there are no FSMO roles on pkserv1.

>

> 4) confirm DNS is working fine on dc2

> Need some help here: what tool should I use?

 

nslookup http://support.microsoft.com/kb/200525 http://technet2.microsoft.com/windowsserver/en/library/d255b403-7fff-4367-a241-725946fbb67e1033.mspx?mfr=true

> 4) installation of AD (dcpromo) on dc2

 

make it also Global catalog server

> 5) transfer of the user data from existing server (pkserv1) to dc2

 

with robocopy or xxcopy you can also include the security permissions from

the folders you are copying.

> 6) transfer of printer settings from pkserv1 to dc2

 

Printmigrator can help you http://www.microsoft.com/WindowsServer2003/techinfo/overview/printmigrator3.1.mspx

> 7) test that users are able to login and access their data on dc2

 

check the DNS settings from the clients they are using

> 8) preparation and shutdown of the old server. Remove AD using dcpromo

 

can be that you get an error, then first uncheck the Global catalog

> 9) remove the secondary zone DNS from pkserv.

> Need some help here: what tool should I use?

>

> Is it as simple as right clicking the zone and pressing the delete

> button?

 

if you change to AD integrated DNS, nothing to do.

> 10) Need to check that pkserv1 is no longer exists as a domain

> controller.

>

> Tools to use:

>

> Netdiag and Dcdiag, check Active Directory Site and Services, and make

> sure it does not exist there.

>

> Can someone please help me – if I have missed something.

 

Check on the Exchange system manager that Exchange is not pointing to the

old DC under Recipients update service.

> Thanks a bunch!

>

Guest Sanjay Mehta

Guest Sanjay Mehta

Posted
Posted

Re: DC Migration Action Plan

 

Hello Meinolf,

 

Thanks for your comments!

 

At the moment - I don't want to AD intergrate the DNS. I guess its easier

to do everything one by one [for me].

 

So, I would like to maintain the current structure [in terms of the DNS

structure]

 

Can you please suggest how I should proceed with 9)

 

 

Also I found your comment on 4) to be quite interesting.

 

Can you clarify why I would want to make it a global catalog server. We

already have

one another catalog server - although I had over looked ... pkserv1 is also

a global

catalog server.

 

So, to summarise, right now ... we have 2 global catalog servers. pkserv1

(the server

to be retired), plus another server called pkcore.

 

According to my basic knowledge doesnt Microsoft recommend having one global

catalog

server?

 

We just have one small domain - that's it. No regional office etc

 

Thanks

Guest Meinolf Weber

Guest Meinolf Weber

Posted
Posted

Re: DC Migration Action Plan

 

Hello Sanjay,

 

Global catalog server is needed for user and computer logon, so if one dc

with GC is down, teh users cannot logon to the domain even if all other

servers are running and they get trouble to access resources on the network.

So it is a part of redundancy like you should have more then one DNS/DHCP

server. If you have only a single forest/domain like you, every server can

be GC without any problem. If that will change you have to look for some

changes.

 

Planning Global Catalog Server Placement

http://technet2.microsoft.com/windowsserver/en/library/0e4d2466-68e8-40d8-8c72-099f8bc259ff1033.mspx?mfr=true

 

Here are some infos about the Global catalog:

http://support.microsoft.com/kb/216970

 

http://technet2.microsoft.com/windowsserver/en/library/24311c41-d2a1-4e72-a54f-150483fa885a1033.mspx?mfr=true

 

http://technet2.microsoft.com/windowsserver/en/library/440e44ab-ea05-4bd8-a68c-12cf8fb1af501033.mspx?mfr=true

 

9. Because it is only a copy of the primary zone, you can do it like you

wrote. If you have deleted it, make sure that also the entry in the primary

zone for the retired server will disappear, if not automatically you have

to delete the not existing DNS server record by hand.

 

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

** Please do NOT email, only reply to Newsgroups

** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

> Hello Meinolf,

>

> Thanks for your comments!

>

> At the moment - I don't want to AD intergrate the DNS. I guess its

> easier to do everything one by one [for me].

>

> So, I would like to maintain the current structure [in terms of the

> DNS structure]

>

> Can you please suggest how I should proceed with 9)

>

> Also I found your comment on 4) to be quite interesting.

>

> Can you clarify why I would want to make it a global catalog server.

> We

> already have

> one another catalog server - although I had over looked ... pkserv1 is

> also

> a global

> catalog server.

> So, to summarise, right now ... we have 2 global catalog servers.

> pkserv1

> (the server

> to be retired), plus another server called pkcore.

> According to my basic knowledge doesnt Microsoft recommend having one

> global

> catalog

> server?

> We just have one small domain - that's it. No regional office etc

>

> Thanks

>

Guest Sanjay Mehta

Guest Sanjay Mehta

Posted
Posted

Re: DC Migration Action Plan

 

Hi Meinolf,

 

for 7) the clients are getting the DNS setting from the exchange server and

from the other DC controller called (pkcore).

 

So, we have 1 primary DNS (exchange box), 2 DC's which are secondary.

 

Is their anything else instead that we could use to check for 7).

 

Thanks

Guest Meinolf Weber

Guest Meinolf Weber

Posted
Posted

Re: DC Migration Action Plan

 

Hello Sanjay,

 

Think not, clients need an ip address, a DNS server and GC to authenticate,

thats all. Make sure they get it and it will work.

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

** Please do NOT email, only reply to Newsgroups

** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

> Hi Meinolf,

>

> for 7) the clients are getting the DNS setting from the exchange

> server and from the other DC controller called (pkcore).

>

> So, we have 1 primary DNS (exchange box), 2 DC's which are secondary.

>

> Is their anything else instead that we could use to check for 7).

>

> Thanks

>

Guest Sanjay Mehta

Guest Sanjay Mehta

Posted
Posted

Re: DC Migration Action Plan

 

Hi Meinolf,

 

okay ....

 

In response to 1) what's the logically reasoning as to why dc2 should point

to one running DNS server?

 

I see also that pkserv1 is pointing to one DNS server but strangely its

pointing not to the primary DNS server (exchange server) but pkcore which is

the 2nd Domain controller we have.

 

Thanks

Guest Meinolf Weber

Guest Meinolf Weber

Posted
Posted

Re: DC Migration Action Plan

 

Hello Sanjay,

 

If possible it should allways point to the most actual DNS server, in your

case the primary. If you use AD integrated zones all DNS servers have the

same info every time AD replicates, by default 5 minutes latest. So it doesn't

matter if one goes down. Also if you change some zone properties they will

be automatically replicated.

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

** Please do NOT email, only reply to Newsgroups

** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

> Hi Meinolf,

>

> okay ....

>

> In response to 1) what's the logically reasoning as to why dc2 should

> point to one running DNS server?

>

> I see also that pkserv1 is pointing to one DNS server but strangely

> its pointing not to the primary DNS server (exchange server) but

> pkcore which is the 2nd Domain controller we have.

>

> Thanks

>

Guest Sanjay Mehta

Guest Sanjay Mehta

Posted
Posted

Re: DC Migration Action Plan

 

Hi Meinolf,

 

Exactly - what I thought.

 

pkserv1 should be pointing to the exchange server instead of the DC (pkcore).

 

In response to 1) what's the logically reasoning as to why dc2 should point

to one running DNS server?

 

And not point to 2 servers?

 

thanks

Guest Meinolf Weber

Guest Meinolf Weber

Posted
Posted

Re: DC Migration Action Plan

 

Hello Sanjay,

 

Maybe check this one:

http://support.microsoft.com/kb/825036

 

Every computer in the network has to point at least to one DNS server, if

you have redundancy DNS then they should also point to them as secondary

servers.

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

** Please do NOT email, only reply to Newsgroups

** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

> Hi Meinolf,

>

> Exactly - what I thought.

>

> pkserv1 should be pointing to the exchange server instead of the DC

> (pkcore).

>

> In response to 1) what's the logically reasoning as to why dc2 should

> point to one running DNS server?

>

> And not point to 2 servers?

>

> thanks

>

Guest Sanjay Mehta

Guest Sanjay Mehta

Posted
Posted

Re: DC Migration Action Plan

 

Hello Meinolf,

 

I have read

 

http://support.microsoft.com/kb/825036

 

 

I agree with your comments that:

 

"Every computer in the network has to point at least to one DNS server, if

you have redundancy DNS then they should also point to them as secondary

servers. "

 

 

My question is with regards to DC2. See your inline comments for 2).

 

Why should DC2 point to one DNS server and not two DNS servers?

 

 

Thanks

Guest Meinolf Weber

Guest Meinolf Weber

Posted
Posted

Re: DC Migration Action Plan

 

Hello Sanjay,

 

That is only for the phase of installing DNS on the machine, so that it can

replicate Active Directory informations from a running machine with DNS.

Sorry , forgot to mention that it is only for the installation phase.

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

** Please do NOT email, only reply to Newsgroups

** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

> Hello Meinolf,

>

> I have read

>

> http://support.microsoft.com/kb/825036

>

> I agree with your comments that:

>

> "Every computer in the network has to point at least to one DNS

> server, if you have redundancy DNS then they should also point to them

> as secondary servers. "

>

> My question is with regards to DC2. See your inline comments for 2).

>

> Why should DC2 point to one DNS server and not two DNS servers?

>

> Thanks

>

Guest Sanjay Mehta

Guest Sanjay Mehta

Posted
Posted

Re: DC Migration Action Plan

 

 

Hi Meinolf,

 

That's cool.

 

For step 5) i.e. Prior to installing AD - need to run some perquisites checks:

 

 

I am referring to:

 

http://technet2.microsoft.com/windowsserver/en/library/b96e3f0a-bf98-4a80-8718-dd80dc1071fd1033.mspx?mfr=true

 

in point 8) Verify the availability of the operations masters

 

 

In it, Microsoft recommend running:

 

 

dcdiag /s: pkcore /test:knowsofroleholders /v

dcdiag /s: pkcore /test:fsmocheck /v

 

where pkcore is my main domain controller.

 

 

 

Also, in kb 265706, they recommend running:

 

dcdiag /test:dcpromo /dnsdomain:mydomain.com /replicadc

 

this basically is to test so that the DNS configuration is sufficient to

allow this computer to be promoted as a replica domain controller in the

mydomain.com domain.

 

 

So my question are this tests the right ones?

 

Thanks

Guest Meinolf Weber

Guest Meinolf Weber

Posted
Posted

Re: DC Migration Action Plan

 

Hello Sanjay,

 

Sorry, for the late response, was on leave until now.

You can do it this way, that's ok, but also an easy way is to run dcpromo

at the machine and see what's happen. If DNS is configured correctly it should

work. So just give it a try.

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

** Please do NOT email, only reply to Newsgroups

** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

> Hi Meinolf,

>

> That's cool.

>

> For step 5) i.e. Prior to installing AD - need to run some perquisites

> checks:

>

> I am referring to:

>

> http://technet2.microsoft.com/windowsserver/en/library/b96e3f0a-bf98-4

> a80-8718-dd80dc1071fd1033.mspx?mfr=true

>

> in point 8) Verify the availability of the operations masters

>

> In it, Microsoft recommend running:

>

> dcdiag /s: pkcore /test:knowsofroleholders /v dcdiag /s: pkcore

> /test:fsmocheck /v

>

> where pkcore is my main domain controller.

>

> Also, in kb 265706, they recommend running:

>

> dcdiag /test:dcpromo /dnsdomain:mydomain.com /replicadc

>

> this basically is to test so that the DNS configuration is sufficient

> to allow this computer to be promoted as a replica domain controller

> in the mydomain.com domain.

>

> So my question are this tests the right ones?

>

> Thanks

>

Guest Sanjay Mehta

Guest Sanjay Mehta

Posted
Posted

Re: DC Migration Action Plan

 

 

Hi Meinolf,

 

Thank you for your help.

 

Kind Regards.

 Share
Go to topic listing
×
×
  • Create New...