No announcement yet.

AD Migration from 2000 to 2003

  • Filter
  • Time
  • Show
Clear All
new posts

  • AD Migration from 2000 to 2003

    Ok finally I was able to upgrade the AD from 2000 platform to 2003, and thought I will say thank you to all those who help me and write how I proceeded so that this can be useful to other people like me who are looking to for step by step guide,

    What I had,

    1, two old DCs with windows 2000 Active directory,
    2, one HP Proliant machine with Exchange 2000 on windows 2000 server,

    Here is how I proceeded step by step,

    1, Download and install all the latest windows updates on the AD servers and exchange server,
    2, make sure I had good backup of system partition and system state,
    2, Fix the exchange mangled attributes problem by running Ldifde with inetOrgPersonFix.ldf,
    3, Join new win2k3 based machine to AD and run DCPROMO on it so that it will act as a second dc, install DNS on it and make the zone AD integrated, make it Global Catalog server, and after couple of days transfer the FSMO roles to new server,
    4, Removed the primary DC based on w2k from AD by running DCPROMO,
    5, format and install win2k3 on that same machine and join the AD, install dns,
    6, remove the other old win2k based DC,

    The next upgrade I have to do is upgrade exchange server,

    Since I just turn to AD 2003, can you people suggest me how I can take full benefit from it,

    Like with the security, permission, etc..
    Can I configure DNS to only accept secure updates?
    Can I change the mode to native mode from mixed mode eventhough I have exchange 2000 on my network?
    What are the other thing I should be doing which can help configure my network better?

  • #2
    Re: AD Migration from 2000 to 2003

    Thanks for the feedback.

    I would hang fire on raising the domain and forest levels until you have upgraded Exchange. It's not worth the risk seeing that all is working well as it stands.

    You can set DNS to 'secure only' updates. By default, when the DNS is made AD integrated, it is set to Secure Dynamic updates.

    This link will help with regards to some of the extras you get with raising the mode.

    Some of the key advantages is the bulk editing of objects in AD, Universal Groups, Group nesting, Universal Group caching and GC replication. If an attribute is changed, only those changes are replicated, not the whole GC.


    • #3
      Re: AD Migration from 2000 to 2003

      Thank you very much, any other thing that can help me?


      • #4
        Re: AD Migration from 2000 to 2003

        You can look at using some of the Best Practices Analyser tools provided free by Microsoft. Also, look at this guide with regards to making a domain more secure. It is important that you fully test this policy before making it part of a domain policy. Some settings may need to be removed to ensure compatibility with your environment.

        Also, there are links to the related XP and w2k3 Security guides.

        Also, use the MBSA tool to examine security.