No announcement yet.

2000 to 2003 AD best practices

  • Filter
  • Time
  • Show
Clear All
new posts

  • 2000 to 2003 AD best practices

    Upgrading our 2000 sp4 AD environment to 2003 R2. Questions:

    1) I'm thinking building new machines from scratch to be the new DC's is cleaner than upgrading the in place DC's. Agreed? Any glaring drawbacks to this?

    2) Can I upgrade directly to R2? Microsofts "Common mistakes" document here: says no, is this info outdated? :

    If you like to migrate to Windows 2003 R2 Domain, please consider the migration in two stages:
    a. Migration from NT/2000 Domain to Windows 2003 Domain
    b. Migration from Windows 2003 Domain to Windows 2003 R2 Domain.

    3) More microsoft advice, this time from;en-us;325379 :

    Early Microsoft documentation recommends that you isolate the schema operations master on a private network before you run adprep /forestprep. Real-world experience suggests that this step is not necessary and may cause a schema operations master to reject schema changes when it is restarted on a private network.

    Should I disregard this confusing step and just leave all connections active?

    Thanks in advance,

  • #2
    Re: 2000 to 2003 AD best practices

    here are my answers to you.
    1) sure thing build a new windows 2003.
    you have to run ForestPrep and Domainprep on the current Windows 2000 DC for the domain 2000 to be able to accept a Win2003 DC.
    once that has been done promote the new 2003 as a DC.
    that is the best thing to do not only b/c you get a clean machine , but b/c you also get a lot of Win 2003 domain controllers features that you would not get if you do an in place upgrade (e.g intra site replication remains 300/30 rather then 15/5, tombstone life time remains as win2000,limited incremental replication and many more).
    there are some stuff that you loose when you upgrade from Domain 2000 to domain 2003 rather then fresh Installation of Domain 2003 and then Migrating the users to the new domain, but that is to much already.
    Beside that you could always change the settings to meet the 2003 defaults, you just need to know what.

    2) I think you got mixed up with the R2.
    the 1st CD is the operating system of win2003 + SP1/SP2 , that is a normal upgrade no problem with that.
    the 2nd CD it the R2 Application/features that need to extend the schema to get like DFRS / and more.
    after you install the Win 2003 R2 (cd1) do what I told you in section 1.
    once you got your Directory into 2003 Native and stable then extend the schema using CD2 and installing the R2 Addon.
    for Schema extension it is recommended to Isolate the Schema master from outbound replication using repadmin command (repadmin /options +DISABLE_OUTBOUND_REPL), once you see everything is fine then you may enable the replication, To re-enable outbound replication, type the following text, and then press ENTER:
    repadmin /options -DISABLE_OUTBOUND_REPL.

    P.S. to know rather replication is Disabled/Enabled after you run the command, you can find an Event on the DC you ran the command from in the Directory NTDS Eventlog (not system).

    that is if you got more then one DC.
    Last edited by Akila; 16th May 2008, 15:09.


    • #3
      Re: 2000 to 2003 AD best practices

      Thanks, good info.

      For #2, our standard ghost we use for servers is already on R2. What are the drawbacks if I decide to just go directly to R2 instead of first to 2003 Standard like you explained?


      • #4
        Re: 2000 to 2003 AD best practices

        Originally posted by Strago View Post
        Thanks, good info.

        For #2, our standard ghost we use for servers is already on R2. What are the drawbacks if I decide to just go directly to R2 instead of first to 2003 Standard like you explained?
        even though your server was installed with R2 it can't be used since your DS (Directory services, aka Active Directory) was not upgraded to be using the R2 features therefor it has no impact what so ever if you install all your Servers OS's to R2 or regular Win 2003 (BTW - the R2 Installation is an add on application/installation that you install after you have a Win2003 SP1 or above even tho the CD said R2 on it it is still a regular win2003 +SP1/SP2 - depends on the CD Release -) .
        If you want to Install the DC new OS using the R2 Installation CD (CD#01) then feel free doing so , it is a regular Installation with no R2 on it, Only CD#2 is the Actual R2 Add on.
        once you upgraded your AD/DS to 2003 Native and have on all your DC's Win2003 SP1 or above , then you can extend the Schema for R2.
        Last edited by Akila; 16th May 2008, 15:06.


        • #5
          Re: 2000 to 2003 AD best practices

          1) I am all for a clean DC build. You do not drag any leftovers this way and get a server that is much easier to troubleshoot.

          2) There is no requirement to through 2003 to get to R2. Note that this is a community submitted KB and not official MS KB. I think that the author of KB suggested to go through 2003 as interim stage, but this is not a technical requirement and actually there are no known caveats that would make you go this route.
          I have done enough W2K=> W2K3 R2 upgrades and never had any issues with it.

          3) Make sure you have a rollback strategy, but extending W2K schema to R2 is generally considered safe and the latest advice from MS is less stringent. Take into account that if you have Exchange 2000, there are some additional steps you need to take before extending the schema:
          Guy Teverovsky
          "Smith & Wesson - the original point and click interface"