Windows AD migration from 2000 to 2003 64 bit procedure

Case: The AD is composed of two Windows 2000 Server (OLDDC1 and OLDDC2).  We would like to migrate to Windows 2003 by joining the new server into the AD.  OLDDC1 and OLDDC2 have DNS server and DHCP server running as well.  We need to migrate the service to new DC as well.

Please find below the proposed steps to add 2003 DC servers to existing domain,

1. Make Full Backup of the OLDDC1 and OLDDC2

2. In OLDDC1 server (Schema and Domain Naming Master), run
    adprep /forestPrep
    adprep /domainPrep
   to upgrade the existing AD schema from 2000 to 2003 compliant.

3. In the 2003 server (new DC), run "dcpromo" to promote the standalone server to DC server in the existing domain.

4. After the new DC joined the existing domain, transfer FSMO from OLDDC1 to new DC server.

5. Enable the Global Catalog server in the new DC server.

6. Since DNS service will be created in the new DC server,
  configure a testing pc to point to new DNS and test user could login to new AD.

7. If steps (6) succeeds,
- configure existing DHCP to point to new DNS.
- configure existing servers to point to new DNS.

8. Demote the existing 2000 DC servers (optional)

------- Contingency Plan ---------
Contingency Plan
In case there is problem in AD migration and needs to restore the old AD database, use the following procedures to perform a non-authoritative restore of a domain controller.

1.    Restart the domain controller in Directory Services Restore Mode.
2.    Restore system states from backup media.
3.    Verify Active Directory restore

To locally restart in Directory Services Restore Mode
Restart the domain controller.
When the screen for selecting an operating system appears, press F8.
Select Directory Services Restore Mode from the Windows Advanced Options menu.
When prompted, log on as the local Administrator.

To restore from backup media
In Directory Services Restore Mode, start the Windows 2000 Server Backup utility. Click Start, point to Programs, then point to Accessories, then point to System Tools, and then click Backup.
Click the Restore Wizard button, and then click Next.
Select the appropriate backup location and ensure that at least the System disk and SystemState containers are selected.
Click the Advanced button. If you do not go through the advanced menu, the restore process will not be successful.
Select Original Location in the Restore Files to list, and then click Next.
In the Advanced Restore Options window, check the boxes for:
Restore security.
Restore junction points, and restore file and folder data under junction points to the original location.
Preserve existing volume mount points.
For a primary restore of SYSVOL, also check the following box. A primary restore is only required if the domain controller you are restoring is the only domain controller in the domain.
When restoring replicated data sets, mark the restored data as the primary data for all replicas.
Click Finish.
When the restore is complete, click Close, and then click Yes to restart the computer.

To perform basic Active Directory verification
After the restore operation completes, restart the computer in normal operational mode. Active Directory and the Certificate Server automatically detect that they have been recovered from a backup. They perform an integrity check and re-index the database.
After you are able to log on to the system, browse the directory. Verify that all of the user and group objects that were present in the directory prior to backup are restored. Similarly, verify that files that were members of a FRS replica set and certificates that were issued by the Certificate Server are present.


Popular Posts