Announcement

Collapse
No announcement yet.

Need To Create a 2003 AD Without Taking My 2000 AD Out of Production

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Need To Create a 2003 AD Without Taking My 2000 AD Out of Production

    Need To Create a 2003 AD Without Taking My 2000 AD Out of Production
    At The Moment I Have a Windows 2000 (SP4) Domain Controller At the College i'm working in...
    I just bought a new HP ML350 G5 Server the will take place as my main DC. Well, this the first time that i actually doing this kind of procedure and I will love for some good helping and assistent.
    One other thing that i need to mention is that i don't want to replicate the two DC's because i want to create all the Users & Computers Accounts, all the OUs and GPOs (and all the other stuff needs to be created) starting from scratch.
    Also notice that i want the new 2003 DC will be also a DHCP server

    Cheers and Thank U!

  • #2
    Re: Need To Create a 2003 AD Without Taking My 2000 AD Out of Production

    I would build the new Domain controller on a new subnet. You could build the new DC and have it running in the same subnet as your exisiting DC but DHCP may cause some issues giving out leases to machines which are members of the Windows 2000 domain and the windows 2003 domain.

    Hope this helps

    Michael
    Michael Armstrong
    www.m80arm.co.uk
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: Need To Create a 2003 AD Without Taking My 2000 AD Out of Production

      I don't understand your answer because you didn't mention nothing about how to build the domin and in which mode i should install it. Will it be a Domain in a new forest? child domain in an existing domain tree?
      What about my IP configuration? should I give the static IP a different Subnet mask?

      Comment


      • #4
        Re: Need To Create a 2003 AD Without Taking My 2000 AD Out of Production

        We can't spood feed you all the information you need.

        If you want the domain completelt seperate then install it in a new forest. Also, since I know nothing about the current IP addressing of your set-up I cannot advise on how what IP's to assign.

        Michael
        Michael Armstrong
        www.m80arm.co.uk
        MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        Comment


        • #5
          Re: Need To Create a 2003 AD Without Taking My 2000 AD Out of Production

          If the current Win2K DHCP server is 192.168.0.1 with subnet 255.255.252.0 will it will be a problem to configure the new Win2K3 DHCP server with 192.168.0.200 with subnet 255.255.255.0 ?

          Comment


          • #6
            Re: Need To Create a 2003 AD Without Taking My 2000 AD Out of Production

            Yes it will be a problem if you have two DHCP servers server IPs from different subnets on the same network.

            Why do you need DHCP enabled on the 2003 server for now?
            VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

            Comment


            • #7
              Re: Need To Create a 2003 AD Without Taking My 2000 AD Out of Production

              Well i don't...
              I will build my DHCP structure after the server will be up in the air.
              I think my solution will be to build my new DC, put a sleep my old Win2K DC and change the IP of my new DC.
              Afterwards i'm guessing that i will have to run some DNS commands.
              Last edited by LiorSAN; 7th June 2008, 08:44.

              Comment


              • #8
                Re: Need To Create a 2003 AD Without Taking My 2000 AD Out of Production

                You want to rebuild your AD structure, correct? Is this because the 2000 AD is a mess? How many users do you have?
                You do realize that if you build a new forest you will need to set permissions on all shares again, join all the computers to the new domain, and all users will need their data copied to their new profiles (or their old profiles copied to their new users).

                I just want to make sure you know what you're getting into. If you can clean up your existing AD structure then there would be a lot less work involved.
                All you would need to do is add the Win2k3 machine as a DC (additional DC in an existing domain), transfer the FSMO roles to the 2k3 machine, turn off the 2k machine for a couple days to make sure everything is running good then turn it back on and decommission it.
                Regards,
                Jeremy

                Network Consultant/Engineer
                Baltimore - Washington area and beyond
                www.gma-cpa.com

                Comment


                • #9
                  Re: Need To Create a 2003 AD Without Taking My 2000 AD Out of Production

                  Originally posted by JeremyW View Post
                  You want to rebuild your AD structure, correct? Is this because the 2000 AD is a mess? How many users do you have?
                  You do realize that if you build a new forest you will need to set permissions on all shares again, join all the computers to the new domain, and all users will need their data copied to their new profiles (or their old profiles copied to their new users).
                  Not entirely true, ADMT could do that for him - everything.

                  Comment


                  • #10
                    Re: Need To Create a 2003 AD Without Taking My 2000 AD Out of Production

                    Well the current Win2K AD structure is a MESS!
                    Most of the users (Something like 200 users totally...) use a default user name and password common to every one. I have something like 75 users that have a unique account.
                    The share permissions is also irrelevant because i'm also building a new linux File Server.
                    The profiles of the 75 users will be monitored by my staff and users will get instructions on how to backup what's important.
                    Last edited by LiorSAN; 8th June 2008, 06:16.

                    Comment


                    • #11
                      Re: Need To Create a 2003 AD Without Taking My 2000 AD Out of Production

                      Hi

                      Option I

                      Build New Forest use ADMT to transfer everything.(User,computer,email etc.)

                      Option II

                      Build win2k3 Dc in existing Forest and transfer rest of the roles..(FSMO, DHCP, DNS, etc)


                      I prefer Option II, minimal downtime and revert back option at any movement.

                      Rgds

                      Comment


                      • #12
                        Re: Need To Create a 2003 AD Without Taking My 2000 AD Out of Production

                        What about my suggestion to build a new DC in a new forest and afterwards change the ip according to my needs and run DNS commands?

                        Comment


                        • #13
                          Re: Need To Create a 2003 AD Without Taking My 2000 AD Out of Production

                          Originally posted by LiorSAN
                          Well the current Win2K AD structure is a MESS!
                          Most of the users (Something like 200 users totally...) use a default user name and password common to every one. I have something like 75 users that have a unique account.
                          The share permissions is also irrelevant because i'm also building a new linux File Server.
                          The profiles of the 75 users will be monitored by my staff and users will get instructions on how to backup what's important.
                          Originally posted by LiorSAN View Post
                          What about my suggestion to build a new DC in a new forest and afterwards change the ip according to my needs and run DNS commands?
                          if you got a mess there then don't even bother trying fixing it, now is the time for a change.
                          Don't drag your mess to your new house.
                          Build I new forest, use ADMT to migrate whatever you want , then throw the old 2000 AD to the dogs.
                          there a lot of features you lose by doing an upgrade rather a fresh 2003 AD Installation, it's not only by Upgrading a DC you lose some features (or at least they are not enabled by default), there are some features that are not enabled even by an Upgrade of the AD/Forest from 2000 to 2003, fresh installation is the best, but is not possible for every one (down time,a lot of work,many users/WS,etc), if you got the chance to do it , then I would say,go for it.
                          not everyday you get the chance to move a messy house and start fresh and clean.

                          you might want to take in consideration building a fresh 2008 forest and migrating to 2008, ADMT v3.1 which supports 2008 migration is just around the corner - would be released at the 28th of June.
                          I don't have enough knowledge on the 2008 Forest/AD to suggest such thing but you may want to consider it as an option.
                          2000 is no longer supported ,2003 would probably stopped being supported in few years to come, this is the time to go forward.
                          Last edited by Akila; 9th June 2008, 10:16.

                          Comment


                          • #14
                            Re: Need To Create a 2003 AD Without Taking My 2000 AD Out of Production

                            Originally posted by Akila View Post
                            Not entirely true, ADMT could do that for him - everything.
                            Yes, as long as you migrate the SID history.
                            Regards,
                            Jeremy

                            Network Consultant/Engineer
                            Baltimore - Washington area and beyond
                            www.gma-cpa.com

                            Comment


                            • #15
                              Re: Need To Create a 2003 AD Without Taking My 2000 AD Out of Production

                              Originally posted by JeremyW View Post
                              Yes, as long as you migrate the SID history.
                              Still ADMT would do the job, I never claimed otherwise as far as SIDHistory goes.

                              BTW SIDHistory is not needed if you migrate everything, since ADMT does ReACL on all of the File Systems/Shares etc.
                              the reason SID History is needed is if you leave resources on the old domain which the migrated users on the new domain need access to (e.g. migration in stages - long time period migration).
                              and if so, the SID Filtering must be disabled on the outgoing trust on each Side/Domains, or it would not pass through.
                              BTW - SID Filtering applies to External trust & Windows 2003 FL, Forest trust do not switch on SID Filtering by default as it does in External Trust, or as with windows 2000 Domain SID Filtering is not enabled by default on External Trusts (Forest Trust is not available in Win2000 Domain/Forest).
                              Last edited by Akila; 9th June 2008, 15:39.

                              Comment

                              Working...
                              X