Announcement

Collapse
No announcement yet.

2000 SERVER Need to export user / computer accounts SIDS

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • 2000 SERVER Need to export user / computer accounts SIDS

    Hello all. I have a Windows 2000 Server in use as a DC. I need to do a clean install (including formatting the drives) of 2003 Server on this same machine. What is the best way to back up the current Server 2000 user and computer accounts and SIDs, then import them back on to the same machine after Server 2003 is installed? I would like to use the same server name and domain name it has now once Server 2003 is installed. I have downloaded the AD Migration Tool but that needs to be installed on a running 2003 Server which I won't have until this one has been rebuilt. I have less than 25 computers and users that log on to this domain so it wouldn't be too bad if I have to rejoin the domain and create new user profiles but it would be a lot better if I could just somehow copy and restore the existing accounts.

    In simpler terms, I need to go from 2000 server to 2003 server on the same machine with a complete new install, not upgrade.

    Thanks in advance.....

  • #2
    Re: 2000 SERVER Need to export user / computer accounts SIDS

    I would look at something like a swing migration and create a new server in a virtual enviornment and add it as a DC to your existing domain. Once everything has been transferred and roles etc moved then you'll be good to remove the old server and install server 2003 while running the other server in a VM.

    Comment


    • #3
      Re: 2000 SERVER Need to export user / computer accounts SIDS

      Why not using a tempDC?
      So setup a tempDC in the same domain, wait for replication, move fsmo roles etc... and of course wait...
      shutdown the other, check if everything is ok... If ok, boot it up, demote it, wait for replication, format it and install it with Windows 2003.

      -edit- ok next time I should first refresh the page before answering
      Marcel
      Technical Consultant
      Netherlands
      http://www.phetios.com
      http://blog.nessus.nl

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"

      Comment


      • #4
        Re: 2000 SERVER Need to export user / computer accounts SIDS

        Thanks for both suggestions guys. I was kind of hoping that I could just do an export of some kind then import back in once the new OS is running, I don't have a lot of fresh experience with these kinds of things. I could probably come up with an old server for a tempDC but I think Ill experiment with a 2K virtual server first to see how 2K server behaves with virtual box. Ill let you know what happens. !

        Comment


        • #5
          Re: 2000 SERVER Need to export user / computer accounts SIDS

          You don't need a 2K box to migrate to. As your going to 2k3 anyway i'd start by prepping your domain for 2k3 by running ADPREP on your 2k box from the 2k3 disc.

          Once thats done you've prepped your domain for your 2k3 install.

          Create a new 2k3 virtual server.
          Setup DNS and WINS.
          Promote to a DC by running DCPROMO.
          Allow replication to occur, can be checked by watching the Event Logs, replmon, etc, etc.
          Move all your FSMO roles to the new 2k3 box.
          Make the new 2k3 box a Global Catalog (needed for client logons).
          Turn off the 2k box and run for a couple of days to make sure all is working as it should be.
          Once its running fine run a full backup of your 2k DC.
          Remove the 2k box from DC duties by running DCPROMO.
          Remove from the domain.
          Install 2k3 and use DCPROMO to add as a DC.

          PLEASE NOTE THAT THESE STEPS ARE NOT COMPLETE INSTRUCTIONS BUT IT SHOULD GIVE YOU A STARTING POINT.

          Comment


          • #6
            Re: 2000 SERVER Need to export user / computer accounts SIDS

            Just to add to Wullie's excellent list:
            Install DNS (AD integrated) on tempDC and let it replicate from 2K old DC
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: 2000 SERVER Need to export user / computer accounts SIDS

              Consider adding a 2nd Domain Controller. You always have a copy of Active Directory up and running even if the 1st goes down. It will help you recover quicker.

              Comment


              • #8
                Re: 2000 SERVER Need to export user / computer accounts SIDS

                Thanks to all of you for all of the excellent suggestions. I started setting up a virtual DC today, but decided to set up a second W2KDC on a retired PC. My original plan was to come in on a Saturday morning and make the move to W2003, but after thinking about how the best laid plans sometimes just don't go like you wanted it to, I think it would be better for me to setup a real DC incase I wind up needing it for more than just one day. BTW - I wasn't sure what licensing mode to choose so I used the same licensing setting that the old server has, hopefully that won't cause me any problems since this is just a temp server.

                Comment


                • #9
                  A little problem has surfaced...

                  I got my backup DC running but I'm having a little issue with it. All of the user / computer accounts came across and I can create a new user on the backup DC and it shows up right away on the main DC. Problem is, if a new user tries to log on for the first time while the main DC is offline, they get the message that they can't log on because the domain isn't available. I'm wondering if this might be a DNS issue. I added the IP address of the new DC as the secondary DNS server to the clients computers. We are using all static IP addressing on the clients.

                  I did not have any issues or errors running dcpromo.

                  I used this guide to setup the backup DC:
                  http://www.petri.com/how_to_install_active_directory_replica_on_w2k.htm
                  which was really handy. In Step 1-Configuring the computers TCP/IP settings the first sentence is "You must configure the would -be Domain Controller to use the IP address of the DNS server so it will point to it when registering SRV records..." I thought this meant to use the IP address of the original DC as the primary DNS server which I did, but I don't have a DNS console on the new DC. The old DC only has an external (internet) address as the primary DNS and no secondary. I'm thinking that since new user-accounts can't log in but existing ones can when the old DC is offline that there must be a DNS problem on the new DC and the existing users are logging in with cached accounts. I tried to re-run dcpromo which wants to remove AD first, then run it again to re-install AD, but during the first step of uninstalling AD, I get an error saying:

                  "Operation Failed because the directory service failed to replicate off changes made locally. The DSA operation is unable to proceed because of a DNS lookup failure". and I have to cancel there.

                  I sure hope somebody can tell me how to fix this and tell me what I did wrong.....

                  Thanks again in advance...
                  Last edited by starrouter; 4th March 2010, 22:10. Reason: fixed an omission

                  Comment


                  • #10
                    Solved !

                    There was no DNS Server service in the services list, so I did a remove and re-install of DNS and it started working right away. The DNS console is there now and both DC's now show up in both of the DNS consoles. Thanks again for the help. Now all I need to do is install w2k3 on the original box and do it all again. !

                    Comment


                    • #11
                      Re: Solved !

                      Good work.

                      I just got back to this today and missed the drama.

                      Anyway just remember to prep your domain for the 2003 upgrade. I'm sure there is a doc on the main site that will help.

                      Comment


                      • #12
                        AD Prep

                        Thanks Wullieb. yes I have the doc for preping the w2k domain. Since I'm going to install w2k3r2 on the old dc, it looks like I need to transfer the operations master roles of PID / PDC and Infrastructure to the new temp dc then run the AD prep on it (the new temp dc). Probably do that today. and if all runs well over the weekend, upgrade next week. Having never setup a w2k3r2 server before, is there anything new in the dcpromo ?

                        Comment


                        • #13
                          Re: AD Prep

                          Dc Promo is almost exactly the same regardless of Windows version
                          Tom Jones
                          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                          PhD, MSc, FIAP, MIITT
                          IT Trainer / Consultant
                          Ossian Ltd
                          Scotland

                          ** Remember to give credit where credit is due and leave reputation points where appropriate **

                          Comment


                          • #14
                            DHCP on the temp DC

                            The old DC is running DHCP for a few devices. DHCP didn't replicate onto the new temp DC. I was planning on leaving the old DC offline for a while until I have time to rebuild it. Do I need to manually add a DHCP scope and reservations to the new temp DC or can I move DHCP from the old dc to the new one ? There is only a few reservations so could I just stop the DHCP service on the current DC and manually enter the same info into the new dc ? I'd like to get all these little questions resolved before I run the AD Prep for w2k3....
                            Last edited by starrouter; 5th March 2010, 18:54.

                            Comment


                            • #15
                              Re: DHCP on the temp DC

                              DHCP won't replicate. You have to create new scopes or migrate them to the Temp DC using netsh.
                              Marcel
                              Technical Consultant
                              Netherlands
                              http://www.phetios.com
                              http://blog.nessus.nl

                              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                              "No matter how secure, there is always the human factor."

                              "Enjoy life today, tomorrow may never come."
                              "If you're going through hell, keep going. ~Winston Churchill"

                              Comment

                              Working...
                              X