Id like to share my AD Transition/Migration Experience.

Home Forums Microsoft Networking and Management Services Active Directory Id like to share my AD Transition/Migration Experience.

This topic contains 4 replies, has 5 voices, and was last updated by Avatar mlum 10 years, 6 months ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • Avatar
    ikon
    Member
    #144321

    Hi guys

    I created a mini guide on transitioning/Migrating to 2008 to 2003, i did this first in a test environment then in production, i ran into a few Oh ****! problems, which is why i wanted to share my experience as i did both Offline and Production upgrades.

    So i would like to share my experience.

    I have tried to make it quite newbian friendly so excuse me :)

    We have a network of 10 Server, 3 of which are Domain Controllers 1 of which is located over a VPN, we use AD sites rather than Sub-domains, we also Run Exchange 2003.

    AD Roles, for those who do not know or are Unclear there are 5 main Roles reffered to as “FSMO” (Flexible Single Master Opertation) these roles are the Backbone of Active Directory Operation and Replication and even Exchange.

    FSMO Structure

    An easy way to remeber the FSMO roles are like this “DRIPS”

    D = Domain Naming Master
    R = Relative ID Master
    I = Infrastructure Master
    P = PDC Emulator
    S = Schema Master

    These roles by default are assigned to the First DC in a Forest, the first DC will contain your first Domain.

    When creating further domains the First DC in that new domain will be assigned “RIP” these Roles are Domain roles and will be present in each domain.

    You can if you feel confident and have the resources available, setup a brand new Windows Server 2008 Server and join it to the domain as a Member server.

    your first task “SHOULD” be to check you have healthy replication between your DC’s and as i have a second Site accross a VPN link, Replication works differently in costed links (cross site boundaries) first thing to check (and i cant stress this enough) is the Event log for Replication errors or warning, secondly use “replmon” located in the windows 2003 support tools and “repadmin”

    These tools are very important for trouble shooting AD replication.

    If you are happy with replication then you can move on to my next step.

    Now use the Windows Server 2008 DVD and insert it in to your DC, locate the ADPREP folder and find the tool “adprep.exe”

    from the command prompt specify the path to the tool and run

    “adprep.exe /forestprep” then
    “adprep.exe /domainprep” then
    “adprep.exe /domainprep /gpprep” then
    “adprep.exe /rodcprep” (optional if you later wants to add Read only DC)

    once these tools have successfully completed, again you must check event logs and log files, after running these tools a log file is created in the Windows directory called adprep.log

    At this point depending on weather you are transitioning or Upgrading you can choose what to do.

    Transition is to Move the FSMO roles from 2003 to 2008 after a 2008 DC is added.

    Upgrade is an Upgrade from Server 2003 to 2008 (not always wise) .

    I however did both.

    i transitioned my main DC’s in the main office as we had new servers.

    I installed My Server 2008 an added it to the domain as a member server, remember at this point we have 2003 DC’s still and just Upgraded our AD schema and Domain to support 2008.

    we can now DCPROMO our 2008 server to be a member of an existing domain, 2008 has a new improved DCPROMO nothing to different, Important during the wizard please select the server to be a Global Catalogue.

    Now our 2008 Server is a DC after a reboot, we now need to wait for replication to finish, unfortunately “replmon” is not available for 2008 Server as of yet, but you can still use “repadmin”, one trick is to use “replmon” on one of the 2003 DC’s that are still running.

    Now for the juicy part.

    we need to move all of our roles from the 2003 DC’s to 2008 DC, to save me wrtting it all out there is a link here for you here on how to transfer/move roles.
    http://support.microsoft.com/default.aspx/kb/324801

    Again after the transfer we need to wait for replication to occur using the same tools to troubleshoot.

    you can use this command on all DC’s “netdom query fsmo” this will list the current role holders, run this on all dc and make sure they all agree who holds the roles.

    we can now plan to remove 2003 servers from the domain and reinstall them as 2008 servers if you so wish.

    IMPORTANT if you run exchange, make sure your new server 2008 is a “Global Catalogue server” The Global Catalogue is required heavily by exchange, you can check this by using AD sites and Services, browse to the server and rigth click properties on NTDS settings.

    i advise you to reboot exchange while all DC’s are available, in the Exchange system manage after a reboot you can look at the “directory access” tab in the properties of the server.

    if and when the Directory access tab shows the 2008 server listed is it safe to shut down your 2003 DC’s and test AD access abnd Exchange, reboot exchange again and make sure it comes up in a normal amount of time.

    after you are happy with the Server 2008 providing domain services then you can start to dcpromo /remove your 2003 DC’s

    Remember DNS, DNS is the root cause of most problems, make sure all Servers and Desktops ( DHCP server) have the new 2008 DNS server as there primary DNS.

    Also Replication of DNS and Active Directory can take a little while to fully replicate, make sure you dont decommission any old server untill you have check DNS IP settings and the DNS server its self you can check in DNS that SRV records have been created for the new Server.

    After Decommissioning my 2003 server i then drove to our remote site and did a Direct Upgrade from 2003 to 2008, pretty simple process if you have ever upgraded an OS before, however i advise to run the Microsoft Upgrade Advisor.

    Well hope this may help some folks. :oops:

    #343857

    Re: Id like to share my AD Transition/Migration Experience.

    ikon;179841 wrote:
    An easy way to remeber the FSMO roles are like this “DRIPS”

    D = Domain Naming Master
    R = Relative ID Master
    I = Infrastructure Master
    P = PDC Emulator
    S = Schema Master

    These roles by default are assigned to the First DC in a Forest, the first DC will contain your first Domain.

    When creating further domains the First DC in that new domain will be assigned “RIP” these Roles are Domain roles and will be present in each domain.

    Interesting way of remembering it. Thanks for sharing :)

    Rep++;
    :beer:

    Avatar
    gregaSLO
    Member
    #292882

    Re: Id like to share my AD Transition/Migration Experience.

    Thanks, this info is appriciated! I will need it soon :)

    Another guide in addition to this is also here: http://markswinkels.nl/2009/01/08/how-to-migrate-a-domain-controller-from-windows-2003-to-windows-2008/

    Its usefull to have as many articles as this when preping for migration :)

    Avatar
    mlum
    Member
    #366841

    Re: Id like to share my AD Transition/Migration Experience.

    If you are removing the old DCs remember and check the Recipient Update Services in Exchange are pointing to a vaild DC. They may still be pointing to an old one. This happenend to me recently.

    mlum

    Avatar
    stamandster
    Member
    #280316

    Re: Id like to share my AD Transition/Migration Experience.

    mlum;180452 wrote:
    If you are removing the old DCs remember and check the Recipient Update Services in Exchange are pointing to a vaild DC. They may still be pointing to an old one. This happenend to me recently.

    Excellent point mlum. This is often overlooked.

    And thanks for sharing. I’m sure at some point we’ll be migrating to 2008 from 2003 too! I hope it isn’t as bad as my migrating from NT4 to 2003.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.