Announcement

Collapse
No announcement yet.

Fall back for Domain & Forest level raise

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Fall back for Domain & Forest level raise

    Hi,

    our Current scenario is as follows

    We have parent and child domain enviroment & few windows NT server on which Exchange 5.5 is configured, & we do have trust with other forest DC.

    currently windows 2003 domain conreoller & forest level is windows 2000 native & we are planning to raise the domain & forest level to windows 2003, since there is no reverse or we can not revert it back once we raise domain & forest level to 2003.

    I am looking for disater recovery plan for the same (We have 6 DC in our parrent domain & 30 DC in child domain) if for any reason we want to go back to our old AD envirorment what should be the best way to go back.

    We have splited our role in 3 DC(For Parent & Child)

    we have around 223 policies deployed on child domain enviroment.

    I am looking for the best plan for going ahead for this scenario and how we can go back or fall back plan for the same.

    Thanks in advance...

    Regards
    Muneer

  • #2
    Re: Fall back for Domain & Forest level raise

    Hi,

    I think my query is very complicated or my explaination is too bad, what I am looking for is fallback plan for forest & domain.

    We are planning to raise domain & forest level to 2003.
    we need fallback or recovery plan by which we can revert back to the old AD enviroment.

    Regards
    Muneer

    Comment


    • #3
      Re: Fall back for Domain & Forest level raise

      Make System State Backups of all DCs and Exchange Server
      Do Full backups of everything just in case

      Take one DC in parent and one in child domain off line before the upgrade, so you can use them for an "authoritative restore" if needed

      Do a lot of checking about NT4 and Exchange 5.5 beforehand -- both are old and unsupported now.

      In fact, take some servers "offline" as a test environment, throw the switch for them, and see the effects
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd
      Scotland

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: Fall back for Domain & Forest level raise

        Hi,

        Will there be a implication for group policy after raising the forest & domain level.

        My Plan

        1) Raise Domain level to 2003 in Parent domain (Wait for at leeast 2 Days)
        2) Raise Domain Level to 2003 in Child Domain (Wait for at least 2 days)
        3) Raise Forest level to 2003

        Yes before all the activity we need to take backup of all DC's & Exchange server.

        Hey I forgot to tell you many thanks for your reply.

        Regards
        Muneer

        Comment


        • #5
          Re: Fall back for Domain & Forest level raise

          I would test first to see the impact on NT4 / Exchange 5.5 If it was Win2K / Win2K3 / Exchange 2K3 I would have no problem just "throwing the switch". Its the legacy stuff you need to worry about
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            Re: Fall back for Domain & Forest level raise

            HI Ossain,

            So I need to create test enviroment in VM ware, install wink3 with exchange and of course windows nt with 5.5 and raise the forest & domain level.

            what if we upgrade our exchange 5.5 wnd windows nt to 2003.

            Kindly sugest.

            Thanks & Regards
            Muneer

            Comment


            • #7
              Re: Fall back for Domain & Forest level raise

              It should have no effect on the NT and Exchange member servers, operational modes are for backwards compatability with domain controllers only.

              As someone else suggested, keep one DC from each domain offline and unplug the network cable. Turn it back on after a few days have gone by with no issues. As a secondary backup, take system state backups of at least two DCs in each domain.

              Comment


              • #8
                Re: Fall back for Domain & Forest level raise

                HI All,
                WE have removd all windows nt PDC +BDC & Exchannge 5.5 from ad, now the scenario is we have Parent & child domain enviroment.

                Basically for security & recommendation by MS we have design & created AD parent & Child domain,

                in Parent we have around 4 DC & in Child we have major chunk around 30 DC, now we have planning to RAISE Domain & Forest level to Windows 2003, I got the task to prepare the project plan e.i

                Checklist for Domain & forest raise (Pre & Post checks)
                Recovery Plan

                For checklis have a idea like

                1) Take All DC (Root + Child) System State backup
                2) Shutdown 1 DC in Parent & 2 DC in Child.
                3) Raise the functional Level
                4) Check all DC replication & latest event + communication
                5) Started the remain DC after 2 or 3 DC


                hoping that application which is running on windows NT & windows 2000 will work after Forest/Domain level raised.

                Kindly suggest for cheklist & recovery plan

                Regards
                Muneer

                Comment


                • #9
                  Re: Fall back for Domain & Forest level raise

                  Checklist For Domain & Forest Level RAISE

                  1Check existing Functional Level
                  2List down benefit of Native Mode
                  3Check Windows NT PDC or BDC if exist
                  4Check for Exchange 5.5. Exist if yes upgrade/migrate to E2k3(actually not require as there will be not impact on Exchange 5.5 unless that server configure as PDC or BDC)
                  5List Down Exiting Trust(Just for sake, there is no implication/impact on trust)
                  6Check orphaned DC in Metadat if exist remove it
                  7System state backup of all DC Before raising to native mode(Domain + Forest)
                  8Shutdown atleast one DC in Parent Domain & 2 DC in Child Domain Before Functional (for my enviroment)
                  9Save & Clear all Existing DC Eventlogs(Just to check new error & info)
                  10Raise Domain Functional Level & check on All DC (parent + Child)
                  11Ensure / Check Domain Functional Level after Raise
                  12if all the things work fine bring Up DC which was temporarily removed/shutdown
                  13If all DC working fine again perform backup before forest level RAISE and shutdown Dc for temp / before forest level raise (1 in Parent Domain & 2 in Child Domain)
                  14Raise Forest Level
                  15Ensure / Check Forest Functional Level after Raise
                  16if all work fine bring up 3 dc and replicate with other DC

                  Rcovery plan

                  1Dicommision All DC
                  2Bring UP / Start DC which was shut off
                  3seize role on DC which started
                  4Clean Metadata
                  5start recobery of rest of the DC from system state(NON Authorite & Authorative restore)


                  is anything missing...

                  Comment


                  • #10
                    Re: Fall back for Domain & Forest level raise

                    An alternative for recovery would be to reboot all DCs in restore mode at the same time, restore a system state backup on all of them, and once they're all restored, restart them.
                    VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

                    Comment

                    Working...
                    X