Transitioning to Windows 2008 DCs "Bad Beagle" <maxwelli[ at ]nospam.postalias> 12/1/2008 3:54:17 PM I have two windows 2003 domain controllers that are dns, dhcp, wins, and print servers. I would like to put 2 new domain controllers in with new hardware and make them windows 2008 domain controllers. I would to put dns, dhcp, and wins on the new domain controllers and leave the old domain controllers as print servers only. My questions are: 1. is there any reason why I should not demote the two old domain controllers after I have 2008 domain controllers (backup purposes etc) 2. If i use the current DC ip addresses for the new DC's will my clients notice anything? 3. if i backup and restore the DHCP datbase to the new 2008 DC's are client leases restored. Will users notice anything the next time they log in?

Re: Transitioning to Windows 2008 DCs Meinolf Weber <meiweb(nospam)[ at ]gmx.de> 12/1/2008 4:33:41 PM Hello Bad, 1. No, if you have more then one DC, you will be fine, that's the minimum you should have. Also if you take out the old OS DC's you can raise the Forest/domain functional levels and use the new options that come with 2008 like fine grained password policies for example. 2. Even if you chang ethe ip addresses the clients will not notify if you reconfigure the scope options of the DHCP server and the other fixed settings in your domain. 3. For DHCP also the clients shouldn't notice anything, especially if the machines are shutdown. If they are running they will obtain a new lease after the half lease time you configured in your DHCP server, so latest then they will get the new/updated configuration. See here for upgrading: !!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOUR DATA/MACHINE!!! - On the old server open DNS management console and check that you are running Active directory integrated zone (easier for replication, if you have more then one DNS server) - run replmon from the run line or repadmin /showrepl, dcdiag and netdiag from the command prompt on the old machine to check for errors, if you have some post the complete output from the command here or solve them first. For this tools you have to install the support\tools\suptools.msi from the 2003 installation disk. - run adprep /forestprep and adprep /domainprep and adprep /rodcprep from the 2008 installation disk against the 2003 schema master, with an account that is member of the Schema admins, to upgrade the schema to the new version (44), you can check the version with "schupgr" in a command prompt. - Install the new machine as a member server in your existing domain - configure a fixed ip and set the preferred DNS server to the old DNS server only - run dcpromo and follow the wizard to add the 2008 server to an existing domain, make it also Global catalog. - if you are prompted for DNS configuration choose Yes. If not, install DNS role after promotion. - for DNS give the server time for replication, at least 15 minutes. Because you use Active directory integrated zones it will automatically replicate the zones to the new server. Open DNS management console to check that they appear - if the new machine is domain controller and DNS server run again replmon, dcdiag and netdiag (copy the netdiag from the 2003 to 2008, will work) on both domain controllers - Transfer, NOT seize the 5 FSMO roles to the new Domain controller (http://support.microsoft.com/kb/324801 applies also for 2008) - you can see in the event viewer (Directory service) that the roles are transferred, also give it some time - reconfigure the DNS configuration on your NIC of the 2008 server, preferred DNS itself, secondary the old one - if you use DHCP do not forget to reconfigure the scope settings to point to the new installed DNS server - export and import of DHCP database for 2008 choose "netshell dhcp backup" and "netshell dhcp restore" command (http://technet.microsoft.com/en-us/library/cc772372.aspx) Demoting the old DC - reconfigure your clients/servers that they not longer point to the old DC/DNS server on the NIC - to be sure that everything runs fine, disconnect the old DC from the network and check with clients and servers the connectivity, logon and also with one client a restart to see that everything is ok - then run dcpromo to demote the old DC, if it works fine the machine will move from the DC's OU to the computers container, where you can delete it by hand. Can be that you got an error during demoting at the beginning, then uncheck the Global catalog on that DC and try again - check the DNS management console, that all entries from the machine are disappeared or delete them by hand if the machine is off the network for ever - also you have to start AD sites and services and delete the old servername under the site, this will not be done during promotion Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm [Quoted Text] > I have two windows 2003 domain controllers that are dns, dhcp, wins, > and print servers. I would like to put 2 new domain controllers in > with new hardware and make them windows 2008 domain controllers. I > would to put dns, dhcp, and wins on the new domain controllers and > leave the old domain controllers as print servers only. My questions > are: > > 1. is there any reason why I should not demote the two old domain > controllers after I have 2008 domain controllers (backup purposes etc) > 2. If i use the current DC ip addresses for the new DC's will my > clients > notice anything? > 3. if i backup and restore the DHCP datbase to the new 2008 DC's are > client > leases restored. Will users notice anything the next time they log > in?

Re: Transitioning to Windows 2008 DCs "Bad Beagle" <maxwelli[ at ]nospam.postalias> 12/1/2008 7:01:26 PM Thank you for the detailed steps. I have to retain the IP addresses of the old DCs because they are hard coded on remote sites. At what point should I change the IP addresses of the new DC to the IP address of the old DC? Also, is there any benefit of me adding another windows 2003 dc to my network? Is there any benefit to keeping on DC turned off when I update the schema? I know I will have a backup but just want to make sure I can recover if I have to. Thanks. "Meinolf Weber" <meiweb(nospam)[ at ]gmx.de> wrote in message news:ff16fb66f5b08cb21f216180f8f[ at ]msnews.microsoft.com... [Quoted Text] > Hello Bad, > > 1. No, if you have more then one DC, you will be fine, that's the minimum > you should have. Also if you take out the old OS DC's you can raise the > Forest/domain functional levels and use the new options that come with > 2008 like fine grained password policies for example. > > 2. Even if you chang ethe ip addresses the clients will not notify if you > reconfigure the scope options of the DHCP server and the other fixed > settings in your domain. > > 3. For DHCP also the clients shouldn't notice anything, especially if the > machines are shutdown. If they are running they will obtain a new lease > after the half lease time you configured in your DHCP server, so latest > then they will get the new/updated configuration. > > See here for upgrading: > !!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOUR > DATA/MACHINE!!! > > > - On the old server open DNS management console and check that you are > running Active directory integrated zone (easier for replication, if you > have more then one DNS server) > > - run replmon from the run line or repadmin /showrepl, dcdiag and netdiag > from the command prompt on the old machine to check for errors, if you > have some post the complete output from the command here or solve them > first. For this tools you have to install the support\tools\suptools.msi > from the 2003 installation disk. > > - run adprep /forestprep and adprep /domainprep and adprep /rodcprep from > the 2008 installation disk against the 2003 schema master, with an account > that is member of the Schema admins, to upgrade the schema to the new > version (44), you can check the version with "schupgr" in a command > prompt. > > - Install the new machine as a member server in your existing domain > > - configure a fixed ip and set the preferred DNS server to the old DNS > server only > > - run dcpromo and follow the wizard to add the 2008 server to an existing > domain, make it also Global catalog. > > - if you are prompted for DNS configuration choose Yes. If not, install > DNS role after promotion. > > - for DNS give the server time for replication, at least 15 minutes. > Because you use Active directory integrated zones it will automatically > replicate the zones to the new server. Open DNS management console to > check that they appear > > - if the new machine is domain controller and DNS server run again > replmon, dcdiag and netdiag (copy the netdiag from the 2003 to 2008, will > work) on both domain controllers > > - Transfer, NOT seize the 5 FSMO roles to the new Domain controller > (http://support.microsoft.com/kb/324801 applies also for 2008) > > - you can see in the event viewer (Directory service) that the roles are > transferred, also give it some time > > - reconfigure the DNS configuration on your NIC of the 2008 server, > preferred DNS itself, secondary the old one > > - if you use DHCP do not forget to reconfigure the scope settings to point > to the new installed DNS server > > - export and import of DHCP database for 2008 choose "netshell dhcp > backup" and "netshell dhcp restore" command > (http://technet.microsoft.com/en-us/library/cc772372.aspx) > > > Demoting the old DC > > - reconfigure your clients/servers that they not longer point to the old > DC/DNS server on the NIC > > - to be sure that everything runs fine, disconnect the old DC from the > network and check with clients and servers the connectivity, logon and > also with one client a restart to see that everything is ok > > - then run dcpromo to demote the old DC, if it works fine the machine will > move from the DC's OU to the computers container, where you can delete it > by hand. Can be that you got an error during demoting at the beginning, > then uncheck the Global catalog on that DC and try again > > - check the DNS management console, that all entries from the machine are > disappeared or delete them by hand if the machine is off the network for > ever > > - also you have to start AD sites and services and delete the old > servername under the site, this will not be done during promotion > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and > confers no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > >> I have two windows 2003 domain controllers that are dns, dhcp, wins, >> and print servers. I would like to put 2 new domain controllers in >> with new hardware and make them windows 2008 domain controllers. I >> would to put dns, dhcp, and wins on the new domain controllers and >> leave the old domain controllers as print servers only. My questions >> are: >> >> 1. is there any reason why I should not demote the two old domain >> controllers after I have 2008 domain controllers (backup purposes etc) >> 2. If i use the current DC ip addresses for the new DC's will my >> clients >> notice anything? >> 3. if i backup and restore the DHCP datbase to the new 2008 DC's are >> client >> leases restored. Will users notice anything the next time they log >> in? > >