Announcement

Collapse
No announcement yet.

Id like to share my AD Transition/Migration Experience.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Id like to share my AD Transition/Migration Experience.

    Hi guys

    I created a mini guide on transitioning/Migrating to 2008 to 2003, i did this first in a test environment then in production, i ran into a few Oh ****! problems, which is why i wanted to share my experience as i did both Offline and Production upgrades.

    So i would like to share my experience.

    I have tried to make it quite newbian friendly so excuse me


    We have a network of 10 Server, 3 of which are Domain Controllers 1 of which is located over a VPN, we use AD sites rather than Sub-domains, we also Run Exchange 2003.

    AD Roles, for those who do not know or are Unclear there are 5 main Roles reffered to as "FSMO" (Flexible Single Master Opertation) these roles are the Backbone of Active Directory Operation and Replication and even Exchange.

    FSMO Structure

    An easy way to remeber the FSMO roles are like this "DRIPS"

    D = Domain Naming Master
    R = Relative ID Master
    I = Infrastructure Master
    P = PDC Emulator
    S = Schema Master

    These roles by default are assigned to the First DC in a Forest, the first DC will contain your first Domain.

    When creating further domains the First DC in that new domain will be assigned "RIP" these Roles are Domain roles and will be present in each domain.

    You can if you feel confident and have the resources available, setup a brand new Windows Server 2008 Server and join it to the domain as a Member server.

    your first task "SHOULD" be to check you have healthy replication between your DC's and as i have a second Site accross a VPN link, Replication works differently in costed links (cross site boundaries) first thing to check (and i cant stress this enough) is the Event log for Replication errors or warning, secondly use "replmon" located in the windows 2003 support tools and "repadmin"

    These tools are very important for trouble shooting AD replication.

    If you are happy with replication then you can move on to my next step.

    Now use the Windows Server 2008 DVD and insert it in to your DC, locate the ADPREP folder and find the tool "adprep.exe"

    from the command prompt specify the path to the tool and run

    "adprep.exe /forestprep" then
    "adprep.exe /domainprep" then
    "adprep.exe /domainprep /gpprep" then
    "adprep.exe /rodcprep" (optional if you later wants to add Read only DC)

    once these tools have successfully completed, again you must check event logs and log files, after running these tools a log file is created in the Windows directory called adprep.log

    At this point depending on weather you are transitioning or Upgrading you can choose what to do.

    Transition is to Move the FSMO roles from 2003 to 2008 after a 2008 DC is added.

    Upgrade is an Upgrade from Server 2003 to 2008 (not always wise) .

    I however did both.

    i transitioned my main DC's in the main office as we had new servers.

    I installed My Server 2008 an added it to the domain as a member server, remember at this point we have 2003 DC's still and just Upgraded our AD schema and Domain to support 2008.

    we can now DCPROMO our 2008 server to be a member of an existing domain, 2008 has a new improved DCPROMO nothing to different, Important during the wizard please select the server to be a Global Catalogue.

    Now our 2008 Server is a DC after a reboot, we now need to wait for replication to finish, unfortunately "replmon" is not available for 2008 Server as of yet, but you can still use "repadmin", one trick is to use "replmon" on one of the 2003 DC's that are still running.

    Now for the juicy part.

    we need to move all of our roles from the 2003 DC's to 2008 DC, to save me wrtting it all out there is a link here for you here on how to transfer/move roles.
    http://support.microsoft.com/default.aspx/kb/324801

    Again after the transfer we need to wait for replication to occur using the same tools to troubleshoot.

    you can use this command on all DC's "netdom query fsmo" this will list the current role holders, run this on all dc and make sure they all agree who holds the roles.

    we can now plan to remove 2003 servers from the domain and reinstall them as 2008 servers if you so wish.

    IMPORTANT if you run exchange, make sure your new server 2008 is a "Global Catalogue server" The Global Catalogue is required heavily by exchange, you can check this by using AD sites and Services, browse to the server and rigth click properties on NTDS settings.

    i advise you to reboot exchange while all DC's are available, in the Exchange system manage after a reboot you can look at the "directory access" tab in the properties of the server.

    if and when the Directory access tab shows the 2008 server listed is it safe to shut down your 2003 DC's and test AD access abnd Exchange, reboot exchange again and make sure it comes up in a normal amount of time.

    after you are happy with the Server 2008 providing domain services then you can start to dcpromo /remove your 2003 DC's

    Remember DNS, DNS is the root cause of most problems, make sure all Servers and Desktops ( DHCP server) have the new 2008 DNS server as there primary DNS.

    Also Replication of DNS and Active Directory can take a little while to fully replicate, make sure you dont decommission any old server untill you have check DNS IP settings and the DNS server its self you can check in DNS that SRV records have been created for the new Server.

    After Decommissioning my 2003 server i then drove to our remote site and did a Direct Upgrade from 2003 to 2008, pretty simple process if you have ever upgraded an OS before, however i advise to run the Microsoft Upgrade Advisor.

    Well hope this may help some folks.
    MCSE 2003; MCTS Vista; Sec+; CCNA
    Attitude Makes The Difference!
    in other words you got to WANT to do it..


  • #2
    Re: Id like to share my AD Transition/Migration Experience.

    Originally posted by ikon View Post
    An easy way to remeber the FSMO roles are like this "DRIPS"

    D = Domain Naming Master
    R = Relative ID Master
    I = Infrastructure Master
    P = PDC Emulator
    S = Schema Master

    These roles by default are assigned to the First DC in a Forest, the first DC will contain your first Domain.

    When creating further domains the First DC in that new domain will be assigned "RIP" these Roles are Domain roles and will be present in each domain.
    Interesting way of remembering it. Thanks for sharing

    Rep++;
    Gareth Howells

    BSc (Hons), MBCS, MCP, MCDST, ICCE

    Any advice is given in good faith and without warranty.

    Please give reputation points if somebody has helped you.

    "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

    "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

    Comment


    • #3
      Re: Id like to share my AD Transition/Migration Experience.

      Thanks, this info is appriciated! I will need it soon

      Another guide in addition to this is also here: http://markswinkels.nl/2009/01/08/ho...-windows-2008/

      Its usefull to have as many articles as this when preping for migration

      Comment


      • #4
        Re: Id like to share my AD Transition/Migration Experience.

        If you are removing the old DCs remember and check the Recipient Update Services in Exchange are pointing to a vaild DC. They may still be pointing to an old one. This happenend to me recently.

        mlum

        Comment


        • #5
          Re: Id like to share my AD Transition/Migration Experience.

          Originally posted by mlum View Post
          If you are removing the old DCs remember and check the Recipient Update Services in Exchange are pointing to a vaild DC. They may still be pointing to an old one. This happenend to me recently.
          Excellent point mlum. This is often overlooked.

          And thanks for sharing. I'm sure at some point we'll be migrating to 2008 from 2003 too! I hope it isn't as bad as my migrating from NT4 to 2003.
          GoogleFu is strong with this one ^

          Comment

          Working...
          X