Clicky

We have a 2008 R2 that the hardware is failing on and want to migrate everything, Domain Control & Share data to a new hardware.
The second server is up with OS & Share volumes formatted & 2008 R2 installed and updated.
I've seen many EE articles on migrating from 2003 to 2008 but none that had a direct 2008 R2-2008 R2 migration.

The outline I've seen through various articles include steps that if done out of order will have to be redone....

Add the server to the existing domain
promote server as an additional domain controller
migrate active directory info
move share data
copy FMSO roles
demote existing server

Please assist with the order and any step by step articles for each progression of this migration.

asked 12/06/2011 11:57

sgt_best's gravatar image

sgt_best ♦♦


31 Answers:
You have the steps right, no schema update needed for you.

You don't need to migrate AD info, when you promote the box that will replicate over as part of normal replication.  Make the new box a GC and DNS server.  

You would transfer the FSMO roles.

How many DCs do you have now?

Thanks

Mike
link

answered

mkline71's gravatar image

mkline71

Just one domain controller and want to replace it.

link

answered 2011-12-07 at 08:10:57

sgt_best's gravatar image

sgt_best

Yeah. You've got the process right. As Mike said, the AD info gets replicated automatically when you build up a new DC, but you'll want to wait a while after creating the new DC before you move everything over to make sure replication completes properly.
link

answered 2011-12-07 at 08:17:15

acbrown2010's gravatar image

acbrown2010

These are my instructions which are before enabling as a domain controller:
Insert the Windows Server 2008 media into your current server . Open a command prompt and browse to sources\adprep folder within the Windows Server 2008 DVD media. Execute the command adprep /forestprep.

Next, execute adprep /domainprep . You must be logged on as a Domain Admin user for these steps to work correctly. Once these commands have run your Active Directory schema will have been extended to support Windows Server 2008 as a Domain Controller.

I ran D:\support\adprep\adprep /forestprep
get the error:  Adprep cannot run on this platform because it is not an Active Directory Domain Controller.
Adprep stopped without making any changes.
Run Adprep on a Active Directory Domain Controller.

similar error for D:\support\adprep\adprep /domainprep

When trying to select a domain for this additional domain controller I get the error:
To install a domain controller into this Active Directory forest, you must first prepare the forest using "adprep /forestprep".  The Adprep utility is available on the Windows Server 2008 R2 installation media in the \support\adprep folder.

Is there something that needs enabled first?  I seem to be in a loop.
link

answered 2011-12-07 at 08:41:32

sgt_best's gravatar image

sgt_best

I logged in as the domain admin & tried the adprep/forestprep with the same result.
link

answered 2011-12-07 at 10:47:00

sgt_best's gravatar image

sgt_best

I was running this on the new DC...guess I'm supposed to run it on the old DC?
link

answered 2011-12-07 at 11:03:16

sgt_best's gravatar image

sgt_best

it sounds like your forest/domain is not at the correct functional level. Can you verify the functional levels?
link

answered 2011-12-07 at 11:20:26

brwwiggins's gravatar image

brwwiggins

what command do I use?
link

answered 2011-12-07 at 11:30:01

sgt_best's gravatar image

sgt_best

And which server will we run it on?
link

answered 2011-12-07 at 12:10:38

sgt_best's gravatar image

sgt_best

it's part of DSQuery

Dsquery * CN=Partitions,CN=Configuration,DC=Mydomain,DC=com -scope base -attr msDS-Behavior-Version


from this article-->http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/ef369cc4-cc14-46c5-b53b-81b306c6393a

Your output number should be 4
link

answered 2011-12-07 at 12:13:43

brwwiggins's gravatar image

brwwiggins

run it on a DC in the current domain you are trying to join
link

answered 2011-12-07 at 12:16:30

brwwiggins's gravatar image

brwwiggins

I'm getting a dsquery failed: A referral was returend form the server.
type dsquery /? for help.

I entered into the existing DC.
dsquery * CN=Partitions,CN=Configuration,DC=LHS08,DC=com -scope base -attr msDS-Behavior-Version
link

answered 2011-12-07 at 12:16:52

sgt_best's gravatar image

sgt_best

are you running the command directly from the server or via a workstation joined to the domain? It sounds like the dsquery got a referral looking for credentials from a different domain.
link

answered 2011-12-07 at 12:36:12

brwwiggins's gravatar image

brwwiggins

I'm running it via remote desktop on the old DC.  I'm logged in as administrator.
link

answered 2011-12-07 at 12:58:36

sgt_best's gravatar image

sgt_best

I went to the Active Directory Domain and Trusts
The Current domain functional level is Windows Server 2003
Do I simply right click on the domain and raise the functional level & choose Windows Server 2008?
link

answered 2011-12-07 at 13:00:59

sgt_best's gravatar image

sgt_best

Raised it.  ran the dsquery * CN=Partitions,CN=Configuration,DC=LHS08,DC=com  -scope base -attr msDS-Behavior-Version  on the old DC but get the same reply.
Maybe it takes a while?
link

answered 2011-12-07 at 13:29:55

sgt_best's gravatar image

sgt_best

On the new server when I right click on the domain in Active Directory Domains and Trusts and choose properties it shows the Domain Functional level as Windows Server 2008 but the Forest functional level is Windows Server 2003.
Maybe it takes a while to propagate this....?
link

answered 2011-12-07 at 13:35:46

sgt_best's gravatar image

sgt_best

There is a domain functional level and a forest functional level. Two different things.

Open the AD domain & trusts mmc, right click on Active Directory Domains and Trusts (not the domain name) and you can raise the forest level from there.
link

answered 2011-12-07 at 13:40:31

brwwiggins's gravatar image

brwwiggins

That worked.  Now has both domain & forest functional level according to the AD domain & trusts on both servers.

The the dsquery * CN=Partitions,CN=Configuration,DC=LHS08,DC=com  -scope base -attr msDS-Behavior-Version
gave the same reply on the old DC.

On to the next step....do I redo the  D:\support\adprep\adprep /forestprep on the old DC?
after that do I do the  D:\support\adprep\adprep /domainprep on the new DC?
link

answered 2011-12-07 at 13:45:59

sgt_best's gravatar image

sgt_best

If you've raised the functional levels, you shouldn't need to do any of the preps
link

answered 2011-12-08 at 07:56:06

brwwiggins's gravatar image

brwwiggins

Started the Additional Domain Controller install and is at the part where it checks the DNS then says select additional options for this domain controller.
Default checked options are DNS server and Global catalog server.
It gave a warning that one of my NICS was set to DHCP so I changed it to static even though it wasn't connected.  It wouldn't pass this warning until I plugged it in...
Next it gave another announcement:
A delegation for this DNS server cannot be created because the authoritve parent zone cannot be found or it does not run Windows DNS server.  If you are integrating with an existing NS infrastructure, you should manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain "LHS08.LOCAL". Otherwise no action is required.
Do you want to continue?  Yes or No.

I don't have the outside DNS in the static IP settings because another article said to have only the old DC in there.....

What should I do?
link

answered 2011-12-08 at 08:02:47

sgt_best's gravatar image

sgt_best

I hate the message....you can ignore it   http://www.adshotgyan.com/2011/01/dns-delegation-message-in-dcpromo-in.html

Thanks

Mike
link

answered 2011-12-08 at 08:39:15

mkline71's gravatar image

mkline71

OK, passed that.  AD replicated.  Server rebooted.
Is this the correct order for the rest?


copy share data
copy FSMO roles
demote existing server

Are there any other steps?

Will I have to demote the existing server after business hours?
link

answered 2011-12-08 at 08:42:28

sgt_best's gravatar image

sgt_best

Can I copy the FSMO rules before copying the share data?
link

answered 2011-12-08 at 09:22:37

sgt_best's gravatar image

sgt_best

Yes you can transfer the FSMO roles at any time.
link

answered 2011-12-08 at 11:13:14

mkline71's gravatar image

mkline71

Transfered the roles with the ntdsutil.exe command.
Ran into this.
Do not put the Infrastructure master role on the same domain controller as the global catalog server. If the Infrastructure master runs on a global catalog server it stops updating object information because it does not contain any references to objects that it does not hold. This is because a global catalog server holds a partial replica of every object in the forest.
(above from http://support.microsoft.com/kb/255504)

I transferred all of the roles.  Is this an issue?  when I'm done this will be the only DC in here.

What is the best way to transfer the share data?  Will the share permissions move too?
link

answered 2011-12-08 at 11:14:32

sgt_best's gravatar image

sgt_best

Running the Microsoft File Server Migration Kit despite the entry on the download page

# The Distributed File System (DFS) root server that hosts DFS consolidation roots must meet the following requirements:

    * The DFS root server cannot be a domain controller.

There were errors in the Validation for some long file names but after reviewing the log it was nothing that needed to worry about.

Will see in the morning after it is done.

What do I need to do first thing in the morning before my users start to log on?
link

answered 2011-12-08 at 12:43:41

sgt_best's gravatar image

sgt_best

Well, it took all night for the transfer to copy.
Waiting on the "Finalizing source & target file servers....seems like it is taking just as long to finalize as it did to copy and 800 users are all locked out of the folders.  
When this is done, I have to change the logon script so that the network drives are mapped.
Where do I begin with that?
link

answered 2011-12-08 at 17:33:47

sgt_best's gravatar image

sgt_best

The Data Migration Tool completed but I don't see the data.  I do see that the volume has the correct amount of space left if the data was there so I know it is there.  I'm going to start another question for this issue as responses on this one have dwindled.
link

answered 2011-12-09 at 10:00:38

sgt_best's gravatar image

sgt_best

Thank you for your assistance!
link

answered 2011-12-09 at 14:03:25

sgt_best's gravatar image

sgt_best

link

answered 2011-12-09 at 14:04:03

sgt_best's gravatar image

sgt_best

Your answer
[hide preview]

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Tags:

×3
×3
×9

Asked: 12/06/2011 11:57

Seen: 448 times

Last updated: 12/09/2011 06:03