Go Back   TechArena Community > Technical Support > Computer Help > Windows Server > Windows Server Help
Become a Member!
Forgot your username/password?
Register Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



Updating/replacing Primary Domain Controller

Windows Server Help


Reply
 
Thread Tools Search this Thread
  #1  
Old 07-03-2009
Member
 
Join Date: Mar 2009
Location: Kent, England
Posts: 8
Updating/replacing Primary Domain Controller

OK, first and foremost I'm not a networking/hardware specialist, so please be patient :-) Here's my current worry...

For the past four years I've been running a small network with one Windows 2003 Server (with Active Directory, DNS and DHCP services - I'm guessing this is the Primary Domain Controller...) and between three and four attached workstations (Windows XP and Windows Vista) and a couple of network printers. I guess you could call the installation basic, but it does what we want it to do - we're a small web development company so the server provides general data storage and also IIS so we can give our customers extarnal access to 'work in progress' web sites through the development. The server also runs SQL 2000 and SQL 2005.

The time has come to upgrade the physical server (it's 5 years old and realtively low spec. hardware wise) and whilst we're at it would like to update the OS to Windows Server 2008 64-bit edition - seems to make sense, but correct me if you disagree.

My initial thoughts were to build the new server, turn the old server off, attach the new server and then attach the workstations to the new server/domain. Whilst I guess this would work, I do know enough to know it's a bit messy and there's probably a better way to do it.

From searching around (particularly in this forum) I believe you can add a second server to the network, and somehow get it to mirror the services on the original server (the Primary Domain Controller), but I have only a vague idea of how to do this and the one thing I want to avoid is killing the existing functional network - we need to be able to work!

Can anyone point me in the right direction - a step by step guide would be a help as, as I say, I'm no network specialist (as you probably have gathered!).

Thanks - sorry for the tome!

Reply With Quote
  #2  
Old 07-03-2009
Isaac Oben -MCSE, MCITP
 
Posts: n/a
Re: Updating/replacing Primary Domain Controller

Hello Neilski,

Here are my suggestions:

1- Build your new Windows Server 2008, configure the RAID, hard drive etc,
to your needs (Donot add to domain yet) and give it a fix IP address.
2- Make sure you have a current and valid backup for your data, just in case
something goes wrong.
3 -Make sure your current Active Directory Environment is healthy and
functioning right by running a dcdiag /q at the command prompt, look for any
errors.
3- Prepare your current environment for W2K8. On you current Windows Server
2003 Domain controller, logon with an account that is a member of the schema
Admin, insert the W2K8 disk and run adprep /forestprep and adprep
/domainprep. This will upgrade your schema to w2k8 verion 44.
4- Add the new w2k8 machine as a member server to your domain
5- Make the W2K8 a domain controller in your exiting domain by running
dcpromo and follow the prompts, Also recommended to install DNS at this
stage if prmpted to d so, if not then install DNS immediately after DC promo
is complete. After w2k8 have been promoted as a domain controller, wait for
replication to complete, do a dcdiag /q and look for any errors. At this
time, make W2K8 DC to point to itself for DNS
6- Transfer FSMO Roles to W2K8. If no errors, then move all the FSMO roles
from the W2K3 domain controller to the new W2K8 domain controller.
Instructions to do this can be found here:
http://support.microsoft.com/kb/324801
7- Migrate your DHCP from W2K3 to W2K8.
8-Migrate IIS from W2K3 to W2K8 and move web data.
9- personnally, if your old w2k3 server is still functional, I will leave
the SQL 2000 and 2005 on it.IF not then migrate to new w2k8
10- At this time, proceed to demote old w2k3 as a domain controller. ( I
will prefer you do this after about 2 weeks, just to make sure that
everything is working as planned.)
Reply With Quote
  #3  
Old 07-03-2009
Member
 
Join Date: Mar 2009
Location: Kent, England
Posts: 8
Isaac, thank you for taking the time to post such a helpful guide - much appreciated.

I'll post back to let you know how I get on.

Thank you for this. I have installed the Support Tools as suggested and run the diagnostic utilities as suggested with the results being clear.

I have one question, you say "...check that you are running Active Directory Integrated Zone...". I'm afraid I'm not quite sure how to do this. I've opened the DNS Management Console, but that's about as far I got - sorry. I gess the next likely question is if I'm not, how do I configure it?

Thanks again.
Reply With Quote
  #4  
Old 08-03-2009
Meinolf Weber [MVP-DS]
 
Posts: n/a
Re: Updating/replacing Primary Domain Controller

Hello Neilski,

!!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOUR DATA/MACHINE!!!


- On the old server open DNS management console and check that you are running
Active directory integrated zone (easier for replication, if you have more
then one DNS server)

- run replmon from the run line or repadmin /showrepl, dcdiag and netdiag
from the command prompt on the old machine to check for errors, if you have
some post the complete output from the command here or solve them first.
For this tools you have to install the support\tools\suptools.msi from the
2003 installation disk.

- run adprep /forestprep and adprep /domainprep and adprep /rodcprep from
the 2008 installation disk against the 2003 schema master, with an account
that is member of the Schema admins, to upgrade the schema to the new version
(44), you can check the version with "schupgr" in a command prompt.

- Install the new machine as a member server in your existing domain

- configure a fixed ip and set the preferred DNS server to the old DNS server
only

- run dcpromo and follow the wizard to add the 2008 server to an existing
domain, make it also Global catalog.

- if you are prompted for DNS configuration choose Yes. If not, install DNS
role after promotion.

- for DNS give the server time for replication, at least 15 minutes. Because
you use Active directory integrated zones it will automatically replicate
the zones to the new server. Open DNS management console to check that they
appear

- if the new machine is domain controller and DNS server run again replmon,
dcdiag and netdiag (copy the netdiag from the 2003 to 2008, will work) on
both domain controllers

- Transfer, NOT seize the 5 FSMO roles to the new Domain controller (http://support.microsoft.com/kb/324801
applies also for 2008)

- you can see in the event viewer (Directory service) that the roles are
transferred, also give it some time

- reconfigure the DNS configuration on your NIC of the 2008 server, preferred
DNS itself, secondary the old one

- if you use DHCP do not forget to reconfigure the scope settings to point
to the new installed DNS server

- export and import of DHCP database for 2008 choose "netshell dhcp backup"
and "netshell dhcp restore" command (http://technet.microsoft.com/en-us/l.../cc772372.aspx)

- for printer migration see here: http://support.microsoft.com/default...N-US;938923and
http://technet.microsoft.com/en-us/l.../cc722360.aspx

- for moving IIS see here: http://technet.microsoft.com/en-us/l.../cc754138.aspx
and http://technet.microsoft.com/en-us/m.../cc424869.aspx

- for the SQL part, maybe post to SQL newsgroups, also see here: http://msdn.microsoft.com/en-us/library/bb677619.aspx
and http://www.microsoft.com/Sqlserver/2...migration.aspx
Reply With Quote
  #5  
Old 10-03-2009
Member
 
Join Date: Mar 2009
Location: Kent, England
Posts: 8
Re: Updating/replacing Primary Domain Controller

And it was all going so well! Windows Server 2008 - 64 bit running nicely, but I have run into a couple problems.

To be fair, I've been a complete idiot, I should have checked compatability much more closely. I still need to be able to run Windows SQL 2000 and ASP.net 1.1 on this server, and of course, it won't at least not easily, if at all. The stupid thing is that it never ocurred to me to check, I just thought that it would, well, work.

I think I now have three options:

1) Install Windows Server 2003 32-bit on the new hardware (same as the old server).

2) Buy a second, lower-spec server and run Windows Server 2003 32-bit on that.

3) Install VMWare ESXi and run two guest servers - this sounds good (but what do I know), but am concerned how possible/practical this is with my networking experience.

I could do with some pointers if possible.

Thanks.
Reply With Quote
  #6  
Old 11-03-2009
Isaac Oben [MCITP,MCSE]
 
Posts: n/a
Re: Updating/replacing Primary Domain Controller

Hello Neilski,
We all sometime get caught in the compartibility issues, so don't blame
yourself too bad on that. Before you start thinking of addittional hardware,
here are some other options.

I know you can run ASP 1.1 on w2k8 but SQL2000 is a no no. So how about you
still run your web using asp 1.1 on w2k8 and leave the sql2000 on your
existing hardware(I am not sure about the condition of the old w2k3, but if
you migrate everything but the sql2000 that mayreduce the workload on that
server for it to be able to handle just sql200 stuff) .

Option 2: If you have enough hard disk space and memory on your new w2k8,
you can use virtualization with Hyper- V (new feature in w2k8) and install
w2k3 and sql2000 on it. That way you don't have to buy any new hardware. You
can read more on Virtualization here:
Reply With Quote
  #7  
Old 11-03-2009
kj [SBS MVP]
 
Posts: n/a
Re: Updating/replacing Primary Domain Controller

4) Install the already included Hyper-V role on your (hopefully)
Hyper-Vcapable server and install a Virtual Machine running Server 2003 with
the SQL and ASP.net

You didn't mention, but if you had bought the Enterprise version of Server
2008, you get up to four full licensed versions of Sever 2008 to run in
virtualization.
Reply With Quote
  #8  
Old 11-03-2009
Member
 
Join Date: Mar 2009
Location: Kent, England
Posts: 8
Re: Updating/replacing Primary Domain Controller

Thanks Guys,

I had not heard of Hyper-V so will investigate - presumebaly it's another package I need to buy. I had been looking at VMWare ESXi, but I like the idea of keeping the same family of products. I only have the Standard Edition Windows Server 2008.

I don't think keeping the old machine in service is practical. I think it has a 'mechanical' problem on the Motherboard, as it can be fine for weeks and then suffers a complete hard disk read/write failure (as a result I have become quite good at restore and rebuild!).

The new machine is an HP ML350 G5 (quad-core Xeon with 10GB of RAM) and 4 x 250GB SATA drives running as a logical pair in RAID 1+0 configuration.

Thanks again.

Neil.
Reply With Quote
  #9  
Old 11-03-2009
kj [SBS MVP]
 
Posts: n/a
It's Included, you just need the hardware capable of running it and aquire
the knowledge and skills to use it.

I run several hyper-v VM instances in my dev & demo server with a lot less
horsepower than yours.

Fast disks, lots-o-ram, and an extra NICs should easily accomodate an extra
server or two for your ML350


I think your new machine have enough RAM and disk space to handle
virtualization. I think your current license of w2k8 cames with hyper-v
included, not sure but you can verify with microsoft. If that is the case
you may not have to buy anything else
Reply With Quote
  #10  
Old 11-03-2009
kj [SBS MVP]
 
Posts: n/a
Re: Updating/replacing Primary Domain Controller

Server 2008 *Standard* Edition does come with 1+1 licensing. But the first
"one" must be for virtualization services and manageing the virtual machines
only. The second "one" is a license for installing a full function instance
of Sevrer 2008 in a Virtual Machine.

With the first instance already running AD and other roles *not* just
limited for Hyper-V services and VM management, he'd still need another
license for his 2003 SQL and IIS VM instance. If the original licensing
allows, he could move it from physcial to virtual though.
Reply With Quote
  #11  
Old 24-03-2009
oz.Casey Dedeal
 
Posts: n/a
Re: Updating/replacing Primary Domain Controller

I a nutshell use steps below as guidelines

Step 1
Purchase new HW and OS license windows 2008
configure RAID per your requirements
Install the OS on the new HW and name the server as you wish , Assign static
IP to the new server
Add server to existing domain ( now you have member server)
reboot log into domain ( not to local Server) with correct privileges
click run, type DCpromo and start promoting this server to be the second
domain controller, finish the DCPromo process and reboot
make sure this is DC/GC/DNS ( use AD integrated DNS) and configure the
server TCP/IP correctly. DG/DNS servers to be the
Start transferring all roles from DC one to new 08DC, this includes, DHCP,
WINS, and other services running on top of the fist DC
I don't like the idea installing anything on the DC such as SQL to be honest
if budged is allowing you use member server for SQL and leave DC alone by
itself, if not
go for it )-:

Step 2
After moving all the services from old DC to newDC you will be ready to run
DCpromo on the old server to "un-install" active directory.
Make sure you change the DHCP scope options, reflecting with new DC IP
address and DNS WINS etc.


Move al the FSMO roles , it is very easy and being done from GUI
when you are done first thing you need to do is shut down old DC to make
sure nothing is complaining, broke etc.
Turn the DC back and allow the replication to catch up
Run DCPromo uninstall the AD from old server, delete the server object for
the old server from site and services.
reboot the old DC , now it is member server disjoin from domain and do
whatever you want with it.
Reply With Quote
  #12  
Old 29-03-2009
Member
 
Join Date: Mar 2009
Location: Kent, England
Posts: 8
Re: Updating/replacing Primary Domain Controller

At last I have my Windows Server 2008 64 bit operating system running as a Domain Controller on my network. It is actually installed as a virtual machine on my server running VMWare ESXi.

By following all of your helpful advice and suggestions, the process was fairly painless. This morning I ran DCPROMO on the new 2008 server and all seemed to go well, but it I did notice a message that said something about not having an 'authoratative DNS'. The process completed and I assumed that since I only had one previous DNS server (running on the old 2003 server it must be ok - wrongly I suspect!).

After the DCPROMO completed, I opened the DNS manager and noted that the domains appear to have replcated from the w2k3 server. I than ran DCDIAG and DCDIAG /q as suggested in your comments, and I appear to have some problems. I am hoping that someone might steer me in the right direction. The logs are listed below.

Thank you.

DCDIAG /q
Warning: DsGetDcName returned information for \\primus.abl.local, when

we were trying to reach ZEUS.

SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

......................... ZEUS failed test Advertising

Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

Replicating Directory Changes In Filtered Set
access rights for the naming context:

DC=ForestDnsZones,DC=abl,DC=local
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

Replicating Directory Changes In Filtered Set
access rights for the naming context:

DC=DomainDnsZones,DC=abl,DC=local
......................... ZEUS failed test NCSecDesc

Unable to connect to the NETLOGON share! (\\ZEUS\netlogon)

[ZEUS] An net use or LsaPolicy operation failed with error 67,

Win32 Error 67.

......................... ZEUS failed test NetLogons



DCDIAG

Directory Server Diagnosis


Performing initial setup:

Trying to find home server...

Home Server = Zeus

* Identified AD Forest.
Done gathering initial info.


Doing initial required tests


Testing server: Default-First-Site\ZEUS

Starting test: Connectivity

......................... ZEUS passed test Connectivity



Doing primary tests


Testing server: Default-First-Site\ZEUS

Starting test: Advertising

Warning: DsGetDcName returned information for \\primus.abl.local, when

we were trying to reach ZEUS.

SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

......................... ZEUS failed test Advertising

Starting test: FrsEvent

There are warning or error events within the last 24 hours after the

SYSVOL has been shared. Failing SYSVOL replication problems may cause

Group Policy problems.
......................... ZEUS passed test FrsEvent

Starting test: DFSREvent

......................... ZEUS passed test DFSREvent

Starting test: SysVolCheck

......................... ZEUS passed test SysVolCheck

Starting test: KccEvent

......................... ZEUS passed test KccEvent

Starting test: KnowsOfRoleHolders

......................... ZEUS passed test KnowsOfRoleHolders

Starting test: MachineAccount

......................... ZEUS passed test MachineAccount

Starting test: NCSecDesc

Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

Replicating Directory Changes In Filtered Set
access rights for the naming context:

DC=ForestDnsZones,DC=abl,DC=local
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

Replicating Directory Changes In Filtered Set
access rights for the naming context:

DC=DomainDnsZones,DC=abl,DC=local
......................... ZEUS failed test NCSecDesc

Starting test: NetLogons

Unable to connect to the NETLOGON share! (\\ZEUS\netlogon)

[ZEUS] An net use or LsaPolicy operation failed with error 67,

Win32 Error 67.

......................... ZEUS failed test NetLogons

Starting test: ObjectsReplicated

......................... ZEUS passed test ObjectsReplicated

Starting test: Replications

......................... ZEUS passed test Replications

Starting test: RidManager

......................... ZEUS passed test RidManager

Starting test: Services

......................... ZEUS passed test Services

Starting test: SystemLog

......................... ZEUS passed test SystemLog

Starting test: VerifyReferences

......................... ZEUS passed test VerifyReferences



Running partition tests on : ForestDnsZones

Starting test: CheckSDRefDom

......................... ForestDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... ForestDnsZones passed test

CrossRefValidation


Running partition tests on : DomainDnsZones

Starting test: CheckSDRefDom

......................... DomainDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... DomainDnsZones passed test

CrossRefValidation


Running partition tests on : Schema

Starting test: CheckSDRefDom

......................... Schema passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Schema passed test CrossRefValidation


Running partition tests on : Configuration

Starting test: CheckSDRefDom

......................... Configuration passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Configuration passed test CrossRefValidation


Running partition tests on : abl

Starting test: CheckSDRefDom

......................... abl passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... abl passed test CrossRefValidation


Running enterprise tests on : abl.local

Starting test: LocatorCheck

......................... abl.local passed test LocatorCheck

Starting test: Intersite

......................... abl.local passed test Intersite

*** End ***
Reply With Quote
  #13  
Old 29-03-2009
Meinolf Weber [MVP-DS]
 
Posts: n/a
Re: Updating/replacing Primary Domain Controller

Hello Neilski,

The complete error message would be fine. Additional post an unedited ipconfig
/all from the new DC and the old one. And please post an unedited dcdiag,
netdiag and repadmin /showrepl from both DC's.

Best regards
Reply With Quote
  #14  
Old 29-03-2009
Member
 
Join Date: Mar 2009
Location: Kent, England
Posts: 8
Re: Updating/replacing Primary Domain Controller

I've attached to zip files with the requested log files from each machine:

W2k3.zip - contains the log files from the original Windows 2003 Server (32-bit)

W2k8.zip - contains log files from the new, virtual Windows 2008 Server (64-bit)
Reply With Quote
  #15  
Old 30-03-2009
Meinolf Weber [MVP-DS]
 
Posts: n/a
Re: Updating/replacing Primary Domain Controller

Hello Neilski,

As you can see in the error from netrdiag and dcdiag your new DC is not working
properly in the domain. It has connectivity problems with "primus".

Can you ping the existing DC/DNS with ip address, computer name and FQDN?

Before promoting it, did you add the 2008 as member to the domain?

Did you only use the existing DC/DNS as the preferred DNS on the NIC during
promotion?

Is the server listed correct in the DNS zones? When running ipconfig /registerdns
does it succeed, or do you get any kind of error message?

Are the sysvol and netlogon shares existing and can you access them, content
should be the same as on the existing DC?

Best regards
Reply With Quote
Reply

  TechArena Community > Technical Support > Computer Help > Windows Server > Windows Server Help
Tags: , , , , , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Updating/replacing Primary Domain Controller"
Thread Thread Starter Forum Replies Last Post
How i can backup windows 2008 domain controller (primary and secondary) jeddah_1981 Networking & Security 1 04-01-2010 08:54 PM
"The time at the Primary Domain Controller is different than the time at the Backup Domain Controller or member server by too large an amount." NavinS Active Directory 2 08-12-2008 06:03 PM
Replacing Domain Controller shakhz Operating Systems 4 21-10-2008 06:53 PM
Replacing Windows 2000 domain controller with new 2003 server nf Windows Server Help 18 03-09-2008 11:44 AM
How to know the Primary Domain Controller. sayeed Active Directory 3 18-02-2008 10:44 PM


All times are GMT +5.5. The time now is 11:15 AM.