|
|
We will replace the old windows 2k DC to the new windows 2003 DC , thd old
win 2K running as DNS server, can i migrate the dns and dhcp from the old 2K
DC to the new 2003 DC ?
|
|
Hello DD,
For DHCP:
http://support.microsoft.com/default.aspx?scid=kb;en-us;325473
For DNS make your live easy and use AD integrated zones on the 2000 DC, then
you have just to install the new server as DC and install after reboot DNS
role. Then just wait.
See here for migration plan:
!!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOU DATA/MACHINE!!!
One question first:
Is the old server also Exchange server and will it be taken out of the domain
forever, when the new server is running?
- On the old server open DNS management console and check that you are running
Active directory integrated zone (easier for replication, if you have more
then one DNS server)
- run replmon from the run line or repadmin /showrepl, dcdiag and netdiag
from the command prompt on the old machine to check for errors, if you have
some post the complete output from the command here or solve them first.
For this tools you have to install the support\tools\suptools.msi from the
2000 or 2003 installation disk.
- run adprep /forestprep and adprep /domainprep from the 2003 installation
disk against the 2000 server, with an account that is member of the Schema
admins, to upgrade the schema to the new version
- Install the new machine as a member server in your existing domain
- configure a fixed ip and set the preferred DNS server to the old DNS server
only
- run dcpromo and follow the wizard to add the 2003 server to an existing
domain
- if you are prompted for DNS configuration choose Yes (also possible that
no DNS preparation occur), then install DNS after the reboot
- for DNS give the server time for replication, at least 15 minutes. Because
you use Active directory integrated zones it will automatically replicate
the zones to the new server. Open DNS management console to check that they
appear
- if the new machine is domain controller and DNS server run again replmon,
dcdiag and netdiag on both domain controllers
- if you have no errors, make the new server Global catalog server, open
Active directory Sites and Services and then double-click sitename, double-click
Servers, click your domain controller, right-click NTDS Settings, and then
click Properties, on the General tab, click to select the Global catalog
check box (http://support.microsoft.com/?id=313994)
- Transfer, NOT seize the 5 FSMO roles to the new Domain controller (http://support.microsoft.com/kb/324801)
- you can see in the event viewer (Directory service) that the roles are
transferred, also give it some time
- reconfigure the DNS configuration on your NIC of the 2003 server, preferred
DNS itself, secondary the old one
- if you use DHCP do not forget to reconfigure the scope settings to point
to the new installed DNS server
- export and import of DHCP database (if needed) (http://support.microsoft.com/kb/325473)
Demoting the old DC (if needed)
- reconfigure your clients/servers that they not longer point to the old
DC/DNS server on the NIC
- to be sure that everything runs fine, disconnect the old DC from the network
and check with clients and servers the connectivity, logon and also with
one client a restart to see that everything is ok
- then run dcpromo to demote the old DC, if it works fine the machine will
move from the DC's OU to the computers container, where you can delete it
by hand. Can be that you got an error during demoting at the beginning, then
uncheck the Global catalog on that DC and try again
- check the DNS management console, that all entries from the machine are
disappeared or delete them by hand if the machine is off the network for ever
- also you have to start AD sites and services and delete the old servername
under the site, this will not be done during promotion
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
[Quoted Text] > We will replace the old windows 2k DC to the new windows 2003 DC , thd
> old win 2K running as DNS server, can i migrate the dns and dhcp from
> the old 2K DC to the new 2003 DC ?
>
|
|
Hi,
Very useful info, I have question on Transfer, NOT seize the 5 FSMO roles
to the new Domain controller (http://support.microsoft.com/kb/324801)
I must do this steps ?
refer to this link
http://support.microsoft.com/default.aspx?scid=kb;en-us;325379&sd=tech
it doesn't mentions about this steps.
"Meinolf Weber" wrote:
[Quoted Text] > Hello DD, > > For DHCP: > http://support.microsoft.com/default.aspx?scid=kb;en-us;325473> > For DNS make your live easy and use AD integrated zones on the 2000 DC, then > you have just to install the new server as DC and install after reboot DNS > role. Then just wait. > > See here for migration plan: > !!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOU DATA/MACHINE!!! > > One question first: > Is the old server also Exchange server and will it be taken out of the domain > forever, when the new server is running? > > - On the old server open DNS management console and check that you are running > Active directory integrated zone (easier for replication, if you have more > then one DNS server) > > - run replmon from the run line or repadmin /showrepl, dcdiag and netdiag > from the command prompt on the old machine to check for errors, if you have > some post the complete output from the command here or solve them first. > For this tools you have to install the support\tools\suptools.msi from the > 2000 or 2003 installation disk. > > - run adprep /forestprep and adprep /domainprep from the 2003 installation > disk against the 2000 server, with an account that is member of the Schema > admins, to upgrade the schema to the new version > > - Install the new machine as a member server in your existing domain > > - configure a fixed ip and set the preferred DNS server to the old DNS server > only > > - run dcpromo and follow the wizard to add the 2003 server to an existing > domain > > - if you are prompted for DNS configuration choose Yes (also possible that > no DNS preparation occur), then install DNS after the reboot > > - for DNS give the server time for replication, at least 15 minutes. Because > you use Active directory integrated zones it will automatically replicate > the zones to the new server. Open DNS management console to check that they > appear > > - if the new machine is domain controller and DNS server run again replmon, > dcdiag and netdiag on both domain controllers > > - if you have no errors, make the new server Global catalog server, open > Active directory Sites and Services and then double-click sitename, double-click > Servers, click your domain controller, right-click NTDS Settings, and then > click Properties, on the General tab, click to select the Global catalog > check box ( http://support.microsoft.com/?id=313994)> > - Transfer, NOT seize the 5 FSMO roles to the new Domain controller ( http://support.microsoft.com/kb/324801)> > - you can see in the event viewer (Directory service) that the roles are > transferred, also give it some time > > - reconfigure the DNS configuration on your NIC of the 2003 server, preferred > DNS itself, secondary the old one > > - if you use DHCP do not forget to reconfigure the scope settings to point > to the new installed DNS server > > - export and import of DHCP database (if needed) ( http://support.microsoft.com/kb/325473)> > > Demoting the old DC (if needed) > > - reconfigure your clients/servers that they not longer point to the old > DC/DNS server on the NIC > > - to be sure that everything runs fine, disconnect the old DC from the network > and check with clients and servers the connectivity, logon and also with > one client a restart to see that everything is ok > > - then run dcpromo to demote the old DC, if it works fine the machine will > move from the DC's OU to the computers container, where you can delete it > by hand. Can be that you got an error during demoting at the beginning, then > uncheck the Global catalog on that DC and try again > > - check the DNS management console, that all entries from the machine are > disappeared or delete them by hand if the machine is off the network for ever > > - also you have to start AD sites and services and delete the old servername > under the site, this will not be done during promotion > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > > We will replace the old windows 2k DC to the new windows 2003 DC , thd > > old win 2K running as DNS server, can i migrate the dns and dhcp from > > the old 2K DC to the new 2003 DC ? > > > > > |
|
Currently we have two server running AD, so how to verify which one has the
FSMO,
Sorry , not very goold in this area.
"Meinolf Weber" wrote:
[Quoted Text] > Hello DD, > > If you will take out a DC which has the FSMO roles you have to transfer them > if you like to control it. During demotion the roles are also transferred > but you have no control to which DC, if you have more then one. > > Seizing is only needed, if the FSMO role holder is crashed for example and > you are not able to transfer them from the running machine. > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > > Hi, > > > > Very useful info, I have question on Transfer, NOT seize the 5 FSMO > > roles to the new Domain controller > > ( http://support.microsoft.com/kb/324801)> > > > I must do this steps ? refer to this link > > http://support.microsoft.com/default.aspx?scid=kb;en-us;325379&sd=tech> > > > it doesn't mentions about this steps. > > > > "Meinolf Weber" wrote: > > > >> Hello DD, > >> > >> For DHCP: > >> http://support.microsoft.com/default.aspx?scid=kb;en-us;325473> >> For DNS make your live easy and use AD integrated zones on the 2000 > >> DC, then you have just to install the new server as DC and install > >> after reboot DNS role. Then just wait. > >> > >> See here for migration plan: > >> !!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOU > >> DATA/MACHINE!!! > >> One question first: > >> Is the old server also Exchange server and will it be taken out of > >> the domain > >> forever, when the new server is running? > >> - On the old server open DNS management console and check that you > >> are running Active directory integrated zone (easier for replication, > >> if you have more then one DNS server) > >> > >> - run replmon from the run line or repadmin /showrepl, dcdiag and > >> netdiag from the command prompt on the old machine to check for > >> errors, if you have some post the complete output from the command > >> here or solve them first. For this tools you have to install the > >> support\tools\suptools.msi from the 2000 or 2003 installation disk. > >> > >> - run adprep /forestprep and adprep /domainprep from the 2003 > >> installation disk against the 2000 server, with an account that is > >> member of the Schema admins, to upgrade the schema to the new version > >> > >> - Install the new machine as a member server in your existing domain > >> > >> - configure a fixed ip and set the preferred DNS server to the old > >> DNS server only > >> > >> - run dcpromo and follow the wizard to add the 2003 server to an > >> existing domain > >> > >> - if you are prompted for DNS configuration choose Yes (also possible > >> that no DNS preparation occur), then install DNS after the reboot > >> > >> - for DNS give the server time for replication, at least 15 minutes. > >> Because you use Active directory integrated zones it will > >> automatically replicate the zones to the new server. Open DNS > >> management console to check that they appear > >> > >> - if the new machine is domain controller and DNS server run again > >> replmon, dcdiag and netdiag on both domain controllers > >> > >> - if you have no errors, make the new server Global catalog server, > >> open Active directory Sites and Services and then double-click > >> sitename, double-click Servers, click your domain controller, > >> right-click NTDS Settings, and then click Properties, on the General > >> tab, click to select the Global catalog check box > >> ( http://support.microsoft.com/?id=313994)> >> > >> - Transfer, NOT seize the 5 FSMO roles to the new Domain controller > >> ( http://support.microsoft.com/kb/324801)> >> > >> - you can see in the event viewer (Directory service) that the roles > >> are transferred, also give it some time > >> > >> - reconfigure the DNS configuration on your NIC of the 2003 server, > >> preferred DNS itself, secondary the old one > >> > >> - if you use DHCP do not forget to reconfigure the scope settings to > >> point to the new installed DNS server > >> > >> - export and import of DHCP database (if needed) > >> ( http://support.microsoft.com/kb/325473)> >> > >> Demoting the old DC (if needed) > >> > >> - reconfigure your clients/servers that they not longer point to the > >> old DC/DNS server on the NIC > >> > >> - to be sure that everything runs fine, disconnect the old DC from > >> the network and check with clients and servers the connectivity, > >> logon and also with one client a restart to see that everything is ok > >> > >> - then run dcpromo to demote the old DC, if it works fine the machine > >> will move from the DC's OU to the computers container, where you can > >> delete it by hand. Can be that you got an error during demoting at > >> the beginning, then uncheck the Global catalog on that DC and try > >> again > >> > >> - check the DNS management console, that all entries from the machine > >> are disappeared or delete them by hand if the machine is off the > >> network for ever > >> > >> - also you have to start AD sites and services and delete the old > >> servername under the site, this will not be done during promotion > >> > >> Best regards > >> > >> Meinolf Weber > >> Disclaimer: This posting is provided "AS IS" with no warranties, and > >> confers > >> no rights. > >> ** Please do NOT email, only reply to Newsgroups > >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm> >>> We will replace the old windows 2k DC to the new windows 2003 DC , > >>> thd old win 2K running as DNS server, can i migrate the dns and dhcp > >>> from the old 2K DC to the new 2003 DC ? > >>> > > > |
|
This is the query , which one is FSMO ? USGS0001 OR USGS0002 ?
C:\Documents and Settings\idadmin1>netdom query fsmo
Schema owner usgs0002.kep.co.id
Domain role owner usgs0002.kep.co.id
PDC role usgs0001.kep.co.id
RID pool manager usgs0001.kep.co.id
Infrastructure owner usgs0001.kep.co.id
I will be migrating the server tomorrow, hope got your reply bytoday.
Thanks
"Meinolf Weber" wrote:
[Quoted Text] > Hello DD, > > Run in a command prompt: > > netdom query fsmo > > For this tools you have to install the support\tools\suptools.msi from the > 2000 or 2003 installation disk. > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > > Currently we have two server running AD, so how to verify which one > > has the FSMO, > > > > Sorry , not very goold in this area. > > > > "Meinolf Weber" wrote: > > > >> Hello DD, > >> > >> If you will take out a DC which has the FSMO roles you have to > >> transfer them if you like to control it. During demotion the roles > >> are also transferred but you have no control to which DC, if you have > >> more then one. > >> > >> Seizing is only needed, if the FSMO role holder is crashed for > >> example and you are not able to transfer them from the running > >> machine. > >> > >> Best regards > >> > >> Meinolf Weber > >> Disclaimer: This posting is provided "AS IS" with no warranties, and > >> confers > >> no rights. > >> ** Please do NOT email, only reply to Newsgroups > >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm> >>> Hi, > >>> > >>> Very useful info, I have question on Transfer, NOT seize the 5 FSMO > >>> roles to the new Domain controller > >>> ( http://support.microsoft.com/kb/324801)> >>> > >>> I must do this steps ? refer to this link > >>> http://support.microsoft.com/default.aspx?scid=kb;en-us;325379&sd=te> >>> ch > >>> it doesn't mentions about this steps. > >>> > >>> "Meinolf Weber" wrote: > >>> > >>>> Hello DD, > >>>> > >>>> For DHCP: > >>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;325473> >>>> For DNS make your live easy and use AD integrated zones on the 2000 > >>>> DC, then you have just to install the new server as DC and install > >>>> after reboot DNS role. Then just wait. > >>>> See here for migration plan: > >>>> !!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOU > >>>> DATA/MACHINE!!! > >>>> One question first: > >>>> Is the old server also Exchange server and will it be taken out of > >>>> the domain > >>>> forever, when the new server is running? > >>>> - On the old server open DNS management console and check that you > >>>> are running Active directory integrated zone (easier for > >>>> replication, > >>>> if you have more then one DNS server) > >>>> - run replmon from the run line or repadmin /showrepl, dcdiag and > >>>> netdiag from the command prompt on the old machine to check for > >>>> errors, if you have some post the complete output from the command > >>>> here or solve them first. For this tools you have to install the > >>>> support\tools\suptools.msi from the 2000 or 2003 installation disk. > >>>> > >>>> - run adprep /forestprep and adprep /domainprep from the 2003 > >>>> installation disk against the 2000 server, with an account that is > >>>> member of the Schema admins, to upgrade the schema to the new > >>>> version > >>>> > >>>> - Install the new machine as a member server in your existing > >>>> domain > >>>> > >>>> - configure a fixed ip and set the preferred DNS server to the old > >>>> DNS server only > >>>> > >>>> - run dcpromo and follow the wizard to add the 2003 server to an > >>>> existing domain > >>>> > >>>> - if you are prompted for DNS configuration choose Yes (also > >>>> possible that no DNS preparation occur), then install DNS after the > >>>> reboot > >>>> > >>>> - for DNS give the server time for replication, at least 15 > >>>> minutes. Because you use Active directory integrated zones it will > >>>> automatically replicate the zones to the new server. Open DNS > >>>> management console to check that they appear > >>>> > >>>> - if the new machine is domain controller and DNS server run again > >>>> replmon, dcdiag and netdiag on both domain controllers > >>>> > >>>> - if you have no errors, make the new server Global catalog server, > >>>> open Active directory Sites and Services and then double-click > >>>> sitename, double-click Servers, click your domain controller, > >>>> right-click NTDS Settings, and then click Properties, on the > >>>> General tab, click to select the Global catalog check box > >>>> ( http://support.microsoft.com/?id=313994)> >>>> > >>>> - Transfer, NOT seize the 5 FSMO roles to the new Domain controller > >>>> ( http://support.microsoft.com/kb/324801)> >>>> > >>>> - you can see in the event viewer (Directory service) that the > >>>> roles are transferred, also give it some time > >>>> > >>>> - reconfigure the DNS configuration on your NIC of the 2003 server, > >>>> preferred DNS itself, secondary the old one > >>>> > >>>> - if you use DHCP do not forget to reconfigure the scope settings > >>>> to point to the new installed DNS server > >>>> > >>>> - export and import of DHCP database (if needed) > >>>> ( http://support.microsoft.com/kb/325473)> >>>> Demoting the old DC (if needed) > >>>> > >>>> - reconfigure your clients/servers that they not longer point to > >>>> the old DC/DNS server on the NIC > >>>> > >>>> - to be sure that everything runs fine, disconnect the old DC from > >>>> the network and check with clients and servers the connectivity, > >>>> logon and also with one client a restart to see that everything is > >>>> ok > >>>> > >>>> - then run dcpromo to demote the old DC, if it works fine the > >>>> machine will move from the DC's OU to the computers container, > >>>> where you can delete it by hand. Can be that you got an error > >>>> during demoting at the beginning, then uncheck the Global catalog > >>>> on that DC and try again > >>>> > >>>> - check the DNS management console, that all entries from the > >>>> machine are disappeared or delete them by hand if the machine is > >>>> off the network for ever > >>>> > >>>> - also you have to start AD sites and services and delete the old > >>>> servername under the site, this will not be done during promotion > >>>> > >>>> Best regards > >>>> > >>>> Meinolf Weber > >>>> Disclaimer: This posting is provided "AS IS" with no warranties, > >>>> and > >>>> confers > >>>> no rights. > >>>> ** Please do NOT email, only reply to Newsgroups > >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>> We will replace the old windows 2k DC to the new windows 2003 DC , > >>>>> thd old win 2K running as DNS server, can i migrate the dns and > >>>>> dhcp from the old 2K DC to the new 2003 DC ? > >>>>> > > > |
|
Can I transfer all the role to 001 before I replace the server 2,if can how
to do the transfer
If I can transfer the all the role to 001, do I still need to run the
trasfer process ?
the new server will be replacing the 002 server.
"Meinolf Weber" wrote:
[Quoted Text] > Hello DD, > > You have 5 FSMO roles, so you can see that 002 is schema owner and Domain > owner and the other roles are at 001. See here about them: > http://support.microsoft.com/kb/223346/en-us> > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > > This is the query , which one is FSMO ? USGS0001 OR USGS0002 ? > > C:\Documents and Settings\idadmin1>netdom query fsmo > > Schema owner usgs0002.kep.co.id > > Domain role owner usgs0002.kep.co.id > > PDC role usgs0001.kep.co.id > > RID pool manager usgs0001.kep.co.id > > Infrastructure owner usgs0001.kep.co.id > > I will be migrating the server tomorrow, hope got your reply bytoday. > > > > Thanks > > > > "Meinolf Weber" wrote: > > > >> Hello DD, > >> > >> Run in a command prompt: > >> > >> netdom query fsmo > >> > >> For this tools you have to install the support\tools\suptools.msi > >> from the 2000 or 2003 installation disk. > >> > >> Best regards > >> > >> Meinolf Weber > >> Disclaimer: This posting is provided "AS IS" with no warranties, and > >> confers > >> no rights. > >> ** Please do NOT email, only reply to Newsgroups > >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm> >>> Currently we have two server running AD, so how to verify which one > >>> has the FSMO, > >>> > >>> Sorry , not very goold in this area. > >>> > >>> "Meinolf Weber" wrote: > >>> > >>>> Hello DD, > >>>> > >>>> If you will take out a DC which has the FSMO roles you have to > >>>> transfer them if you like to control it. During demotion the roles > >>>> are also transferred but you have no control to which DC, if you > >>>> have more then one. > >>>> > >>>> Seizing is only needed, if the FSMO role holder is crashed for > >>>> example and you are not able to transfer them from the running > >>>> machine. > >>>> > >>>> Best regards > >>>> > >>>> Meinolf Weber > >>>> Disclaimer: This posting is provided "AS IS" with no warranties, > >>>> and > >>>> confers > >>>> no rights. > >>>> ** Please do NOT email, only reply to Newsgroups > >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>> Hi, > >>>>> > >>>>> Very useful info, I have question on Transfer, NOT seize the 5 > >>>>> FSMO roles to the new Domain controller > >>>>> ( http://support.microsoft.com/kb/324801)> >>>>> > >>>>> I must do this steps ? refer to this link > >>>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;325379&sd=> >>>>> te > >>>>> ch > >>>>> it doesn't mentions about this steps. > >>>>> "Meinolf Weber" wrote: > >>>>> > >>>>>> Hello DD, > >>>>>> > >>>>>> For DHCP: > >>>>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;325473> >>>>>> For DNS make your live easy and use AD integrated zones on the > >>>>>> 2000 > >>>>>> DC, then you have just to install the new server as DC and > >>>>>> install > >>>>>> after reboot DNS role. Then just wait. > >>>>>> See here for migration plan: > >>>>>> !!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOU > >>>>>> DATA/MACHINE!!! > >>>>>> One question first: > >>>>>> Is the old server also Exchange server and will it be taken out > >>>>>> of > >>>>>> the domain > >>>>>> forever, when the new server is running? > >>>>>> - On the old server open DNS management console and check that > >>>>>> you > >>>>>> are running Active directory integrated zone (easier for > >>>>>> replication, > >>>>>> if you have more then one DNS server) > >>>>>> - run replmon from the run line or repadmin /showrepl, dcdiag and > >>>>>> netdiag from the command prompt on the old machine to check for > >>>>>> errors, if you have some post the complete output from the > >>>>>> command > >>>>>> here or solve them first. For this tools you have to install the > >>>>>> support\tools\suptools.msi from the 2000 or 2003 installation > >>>>>> disk. > >>>>>> - run adprep /forestprep and adprep /domainprep from the 2003 > >>>>>> installation disk against the 2000 server, with an account that > >>>>>> is member of the Schema admins, to upgrade the schema to the new > >>>>>> version > >>>>>> > >>>>>> - Install the new machine as a member server in your existing > >>>>>> domain > >>>>>> > >>>>>> - configure a fixed ip and set the preferred DNS server to the > >>>>>> old DNS server only > >>>>>> > >>>>>> - run dcpromo and follow the wizard to add the 2003 server to an > >>>>>> existing domain > >>>>>> > >>>>>> - if you are prompted for DNS configuration choose Yes (also > >>>>>> possible that no DNS preparation occur), then install DNS after > >>>>>> the reboot > >>>>>> > >>>>>> - for DNS give the server time for replication, at least 15 > >>>>>> minutes. Because you use Active directory integrated zones it > >>>>>> will automatically replicate the zones to the new server. Open > >>>>>> DNS management console to check that they appear > >>>>>> > >>>>>> - if the new machine is domain controller and DNS server run > >>>>>> again replmon, dcdiag and netdiag on both domain controllers > >>>>>> > >>>>>> - if you have no errors, make the new server Global catalog > >>>>>> server, open Active directory Sites and Services and then > >>>>>> double-click sitename, double-click Servers, click your domain > >>>>>> controller, right-click NTDS Settings, and then click Properties, > >>>>>> on the General tab, click to select the Global catalog check box > >>>>>> ( http://support.microsoft.com/?id=313994)> >>>>>> > >>>>>> - Transfer, NOT seize the 5 FSMO roles to the new Domain > >>>>>> controller ( http://support.microsoft.com/kb/324801)> >>>>>> > >>>>>> - you can see in the event viewer (Directory service) that the > >>>>>> roles are transferred, also give it some time > >>>>>> > >>>>>> - reconfigure the DNS configuration on your NIC of the 2003 > >>>>>> server, preferred DNS itself, secondary the old one > >>>>>> > >>>>>> - if you use DHCP do not forget to reconfigure the scope settings > >>>>>> to point to the new installed DNS server > >>>>>> > >>>>>> - export and import of DHCP database (if needed) > >>>>>> ( http://support.microsoft.com/kb/325473)> >>>>>> Demoting the old DC (if needed) > >>>>>> - reconfigure your clients/servers that they not longer point to > >>>>>> the old DC/DNS server on the NIC > >>>>>> > >>>>>> - to be sure that everything runs fine, disconnect the old DC > >>>>>> from the network and check with clients and servers the > >>>>>> connectivity, logon and also with one client a restart to see > >>>>>> that everything is ok > >>>>>> > >>>>>> - then run dcpromo to demote the old DC, if it works fine the > >>>>>> machine will move from the DC's OU to the computers container, > >>>>>> where you can delete it by hand. Can be that you got an error > >>>>>> during demoting at the beginning, then uncheck the Global catalog > >>>>>> on that DC and try again > >>>>>> > >>>>>> - check the DNS management console, that all entries from the > >>>>>> machine are disappeared or delete them by hand if the machine is > >>>>>> off the network for ever > >>>>>> > >>>>>> - also you have to start AD sites and services and delete the old > >>>>>> servername under the site, this will not be done during promotion > >>>>>> > >>>>>> Best regards > >>>>>> > >>>>>> Meinolf Weber > >>>>>> Disclaimer: This posting is provided "AS IS" with no warranties, > >>>>>> and > >>>>>> confers > >>>>>> no rights. > >>>>>> ** Please do NOT email, only reply to Newsgroups > >>>>>> ** HELP us help YOU!!! > >>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>>>> We will replace the old windows 2k DC to the new windows 2003 DC > >>>>>>> , thd old win 2K running as DNS server, can i migrate the dns > >>>>>>> and dhcp from the old 2K DC to the new 2003 DC ? > >>>>>>> > > > |
|
I try to run adprep /forest it said THE scema master replication not
complete.
i try to replicate from the site and service, error message, error occur
during attemp synchorize the domain controler, access is denied.
The two AD can not replicate to each other.
I also getting the event 1586
http://support.microsoft.com/kb/269417
"Meinolf Weber" wrote:
[Quoted Text] > Hello DD, > > Yes, you can transfer them to server 1. After changing i would transfer them > to the 2003 DC. > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > > Can I transfer all the role to 001 before I replace the server 2,if > > can how to do the transfer If I can transfer the all the role to 001, > > do I still need to run the trasfer process ? > > > > the new server will be replacing the 002 server. > > > > "Meinolf Weber" wrote: > > > >> Hello DD, > >> > >> You have 5 FSMO roles, so you can see that 002 is schema owner and > >> Domain owner and the other roles are at 001. See here about them: > >> http://support.microsoft.com/kb/223346/en-us> >> > >> Best regards > >> > >> Meinolf Weber > >> Disclaimer: This posting is provided "AS IS" with no warranties, and > >> confers > >> no rights. > >> ** Please do NOT email, only reply to Newsgroups > >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm> >>> This is the query , which one is FSMO ? USGS0001 OR USGS0002 ? > >>> C:\Documents and Settings\idadmin1>netdom query fsmo > >>> Schema owner usgs0002.kep.co.id > >>> Domain role owner usgs0002.kep.co.id > >>> PDC role usgs0001.kep.co.id > >>> RID pool manager usgs0001.kep.co.id > >>> Infrastructure owner usgs0001.kep.co.id > >>> I will be migrating the server tomorrow, hope got your reply > >>> bytoday. > >>> Thanks > >>> > >>> "Meinolf Weber" wrote: > >>> > >>>> Hello DD, > >>>> > >>>> Run in a command prompt: > >>>> > >>>> netdom query fsmo > >>>> > >>>> For this tools you have to install the support\tools\suptools.msi > >>>> from the 2000 or 2003 installation disk. > >>>> > >>>> Best regards > >>>> > >>>> Meinolf Weber > >>>> Disclaimer: This posting is provided "AS IS" with no warranties, > >>>> and > >>>> confers > >>>> no rights. > >>>> ** Please do NOT email, only reply to Newsgroups > >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>> Currently we have two server running AD, so how to verify which > >>>>> one has the FSMO, > >>>>> > >>>>> Sorry , not very goold in this area. > >>>>> > >>>>> "Meinolf Weber" wrote: > >>>>> > >>>>>> Hello DD, > >>>>>> > >>>>>> If you will take out a DC which has the FSMO roles you have to > >>>>>> transfer them if you like to control it. During demotion the > >>>>>> roles are also transferred but you have no control to which DC, > >>>>>> if you have more then one. > >>>>>> > >>>>>> Seizing is only needed, if the FSMO role holder is crashed for > >>>>>> example and you are not able to transfer them from the running > >>>>>> machine. > >>>>>> > >>>>>> Best regards > >>>>>> > >>>>>> Meinolf Weber > >>>>>> Disclaimer: This posting is provided "AS IS" with no warranties, > >>>>>> and > >>>>>> confers > >>>>>> no rights. > >>>>>> ** Please do NOT email, only reply to Newsgroups > >>>>>> ** HELP us help YOU!!! > >>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>>>> Hi, > >>>>>>> > >>>>>>> Very useful info, I have question on Transfer, NOT seize the 5 > >>>>>>> FSMO roles to the new Domain controller > >>>>>>> ( http://support.microsoft.com/kb/324801)> >>>>>>> > >>>>>>> I must do this steps ? refer to this link > >>>>>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;325379&s> >>>>>>> d= > >>>>>>> te > >>>>>>> ch > >>>>>>> it doesn't mentions about this steps. > >>>>>>> "Meinolf Weber" wrote: > >>>>>>>> Hello DD, > >>>>>>>> > >>>>>>>> For DHCP: > >>>>>>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;325473> >>>>>>>> For DNS make your live easy and use AD integrated zones on the > >>>>>>>> 2000 > >>>>>>>> DC, then you have just to install the new server as DC and > >>>>>>>> install > >>>>>>>> after reboot DNS role. Then just wait. > >>>>>>>> See here for migration plan: > >>>>>>>> !!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOU > >>>>>>>> DATA/MACHINE!!! > >>>>>>>> One question first: > >>>>>>>> Is the old server also Exchange server and will it be taken out > >>>>>>>> of > >>>>>>>> the domain > >>>>>>>> forever, when the new server is running? > >>>>>>>> - On the old server open DNS management console and check that > >>>>>>>> you > >>>>>>>> are running Active directory integrated zone (easier for > >>>>>>>> replication, > >>>>>>>> if you have more then one DNS server) > >>>>>>>> - run replmon from the run line or repadmin /showrepl, dcdiag > >>>>>>>> and > >>>>>>>> netdiag from the command prompt on the old machine to check for > >>>>>>>> errors, if you have some post the complete output from the > >>>>>>>> command > >>>>>>>> here or solve them first. For this tools you have to install > >>>>>>>> the > >>>>>>>> support\tools\suptools.msi from the 2000 or 2003 installation > >>>>>>>> disk. > >>>>>>>> - run adprep /forestprep and adprep /domainprep from the 2003 > >>>>>>>> installation disk against the 2000 server, with an account that > >>>>>>>> is member of the Schema admins, to upgrade the schema to the > >>>>>>>> new > >>>>>>>> version > >>>>>>>> - Install the new machine as a member server in your existing > >>>>>>>> domain > >>>>>>>> > >>>>>>>> - configure a fixed ip and set the preferred DNS server to the > >>>>>>>> old DNS server only > >>>>>>>> > >>>>>>>> - run dcpromo and follow the wizard to add the 2003 server to > >>>>>>>> an existing domain > >>>>>>>> > >>>>>>>> - if you are prompted for DNS configuration choose Yes (also > >>>>>>>> possible that no DNS preparation occur), then install DNS after > >>>>>>>> the reboot > >>>>>>>> > >>>>>>>> - for DNS give the server time for replication, at least 15 > >>>>>>>> minutes. Because you use Active directory integrated zones it > >>>>>>>> will automatically replicate the zones to the new server. Open > >>>>>>>> DNS management console to check that they appear > >>>>>>>> > >>>>>>>> - if the new machine is domain controller and DNS server run > >>>>>>>> again replmon, dcdiag and netdiag on both domain controllers > >>>>>>>> > >>>>>>>> - if you have no errors, make the new server Global catalog > >>>>>>>> server, open Active directory Sites and Services and then > >>>>>>>> double-click sitename, double-click Servers, click your domain > >>>>>>>> controller, right-click NTDS Settings, and then click > >>>>>>>> Properties, on the General tab, click to select the Global > >>>>>>>> catalog check box ( http://support.microsoft.com/?id=313994)> >>>>>>>> > >>>>>>>> - Transfer, NOT seize the 5 FSMO roles to the new Domain > >>>>>>>> controller ( http://support.microsoft.com/kb/324801)> >>>>>>>> > >>>>>>>> - you can see in the event viewer (Directory service) that the > >>>>>>>> roles are transferred, also give it some time > >>>>>>>> > >>>>>>>> - reconfigure the DNS configuration on your NIC of the 2003 > >>>>>>>> server, preferred DNS itself, secondary the old one > >>>>>>>> > >>>>>>>> - if you use DHCP do not forget to reconfigure the scope > >>>>>>>> settings to point to the new installed DNS server > >>>>>>>> > >>>>>>>> - export and import of DHCP database (if needed) > >>>>>>>> ( http://support.microsoft.com/kb/325473)> >>>>>>>> Demoting the old DC (if needed) > >>>>>>>> - reconfigure your clients/servers that they not longer point > >>>>>>>> to > >>>>>>>> the old DC/DNS server on the NIC > >>>>>>>> - to be sure that everything runs fine, disconnect the old DC > >>>>>>>> from the network and check with clients and servers the > >>>>>>>> connectivity, logon and also with one client a restart to see > >>>>>>>> that everything is ok > >>>>>>>> > >>>>>>>> - then run dcpromo to demote the old DC, if it works fine the > >>>>>>>> machine will move from the DC's OU to the computers container, > >>>>>>>> where you can delete it by hand. Can be that you got an error > >>>>>>>> during demoting at the beginning, then uncheck the Global > >>>>>>>> catalog on that DC and try again > >>>>>>>> > >>>>>>>> - check the DNS management console, that all entries from the > >>>>>>>> machine are disappeared or delete them by hand if the machine > >>>>>>>> is off the network for ever > >>>>>>>> > >>>>>>>> - also you have to start AD sites and services and delete the > >>>>>>>> old servername under the site, this will not be done during > >>>>>>>> promotion > >>>>>>>> > >>>>>>>> Best regards > >>>>>>>> > >>>>>>>> Meinolf Weber > >>>>>>>> Disclaimer: This posting is provided "AS IS" with no > >>>>>>>> warranties, > >>>>>>>> and > >>>>>>>> confers > >>>>>>>> no rights. > >>>>>>>> ** Please do NOT email, only reply to Newsgroups > >>>>>>>> ** HELP us help YOU!!! > >>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>>>>>> We will replace the old windows 2k DC to the new windows 2003 > >>>>>>>>> DC , thd old win 2K running as DNS server, can i migrate the > >>>>>>>>> dns and dhcp from the old 2K DC to the new 2003 DC ? > >>>>>>>>> > > > |
|
I try to transfer the
Schema owner usgs0002.kep.co.id
Domain role owner usgs0002.kep.co.id from server 2 to server 1
using MMC snap in ,
when i click on active directy schema, it said you only have permission to
view , the id i use to login is administrator id which is under domain admin,
schema , enterprise admin group.
I can's run the adprep /forestprep.
"Meinolf Weber" wrote:
[Quoted Text] > Hello DD, > > Yes, you can transfer them to server 1. After changing i would transfer them > to the 2003 DC. > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > > Can I transfer all the role to 001 before I replace the server 2,if > > can how to do the transfer If I can transfer the all the role to 001, > > do I still need to run the trasfer process ? > > > > the new server will be replacing the 002 server. > > > > "Meinolf Weber" wrote: > > > >> Hello DD, > >> > >> You have 5 FSMO roles, so you can see that 002 is schema owner and > >> Domain owner and the other roles are at 001. See here about them: > >> http://support.microsoft.com/kb/223346/en-us> >> > >> Best regards > >> > >> Meinolf Weber > >> Disclaimer: This posting is provided "AS IS" with no warranties, and > >> confers > >> no rights. > >> ** Please do NOT email, only reply to Newsgroups > >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm> >>> This is the query , which one is FSMO ? USGS0001 OR USGS0002 ? > >>> C:\Documents and Settings\idadmin1>netdom query fsmo > >>> Schema owner usgs0002.kep.co.id > >>> Domain role owner usgs0002.kep.co.id > >>> PDC role usgs0001.kep.co.id > >>> RID pool manager usgs0001.kep.co.id > >>> Infrastructure owner usgs0001.kep.co.id > >>> I will be migrating the server tomorrow, hope got your reply > >>> bytoday. > >>> Thanks > >>> > >>> "Meinolf Weber" wrote: > >>> > >>>> Hello DD, > >>>> > >>>> Run in a command prompt: > >>>> > >>>> netdom query fsmo > >>>> > >>>> For this tools you have to install the support\tools\suptools.msi > >>>> from the 2000 or 2003 installation disk. > >>>> > >>>> Best regards > >>>> > >>>> Meinolf Weber > >>>> Disclaimer: This posting is provided "AS IS" with no warranties, > >>>> and > >>>> confers > >>>> no rights. > >>>> ** Please do NOT email, only reply to Newsgroups > >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>> Currently we have two server running AD, so how to verify which > >>>>> one has the FSMO, > >>>>> > >>>>> Sorry , not very goold in this area. > >>>>> > >>>>> "Meinolf Weber" wrote: > >>>>> > >>>>>> Hello DD, > >>>>>> > >>>>>> If you will take out a DC which has the FSMO roles you have to > >>>>>> transfer them if you like to control it. During demotion the > >>>>>> roles are also transferred but you have no control to which DC, > >>>>>> if you have more then one. > >>>>>> > >>>>>> Seizing is only needed, if the FSMO role holder is crashed for > >>>>>> example and you are not able to transfer them from the running > >>>>>> machine. > >>>>>> > >>>>>> Best regards > >>>>>> > >>>>>> Meinolf Weber > >>>>>> Disclaimer: This posting is provided "AS IS" with no warranties, > >>>>>> and > >>>>>> confers > >>>>>> no rights. > >>>>>> ** Please do NOT email, only reply to Newsgroups > >>>>>> ** HELP us help YOU!!! > >>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>>>> Hi, > >>>>>>> > >>>>>>> Very useful info, I have question on Transfer, NOT seize the 5 > >>>>>>> FSMO roles to the new Domain controller > >>>>>>> ( http://support.microsoft.com/kb/324801)> >>>>>>> > >>>>>>> I must do this steps ? refer to this link > >>>>>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;325379&s> >>>>>>> d= > >>>>>>> te > >>>>>>> ch > >>>>>>> it doesn't mentions about this steps. > >>>>>>> "Meinolf Weber" wrote: > >>>>>>>> Hello DD, > >>>>>>>> > >>>>>>>> For DHCP: > >>>>>>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;325473> >>>>>>>> For DNS make your live easy and use AD integrated zones on the > >>>>>>>> 2000 > >>>>>>>> DC, then you have just to install the new server as DC and > >>>>>>>> install > >>>>>>>> after reboot DNS role. Then just wait. > >>>>>>>> See here for migration plan: > >>>>>>>> !!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOU > >>>>>>>> DATA/MACHINE!!! > >>>>>>>> One question first: > >>>>>>>> Is the old server also Exchange server and will it be taken out > >>>>>>>> of > >>>>>>>> the domain > >>>>>>>> forever, when the new server is running? > >>>>>>>> - On the old server open DNS management console and check that > >>>>>>>> you > >>>>>>>> are running Active directory integrated zone (easier for > >>>>>>>> replication, > >>>>>>>> if you have more then one DNS server) > >>>>>>>> - run replmon from the run line or repadmin /showrepl, dcdiag > >>>>>>>> and > >>>>>>>> netdiag from the command prompt on the old machine to check for > >>>>>>>> errors, if you have some post the complete output from the > >>>>>>>> command > >>>>>>>> here or solve them first. For this tools you have to install > >>>>>>>> the > >>>>>>>> support\tools\suptools.msi from the 2000 or 2003 installation > >>>>>>>> disk. > >>>>>>>> - run adprep /forestprep and adprep /domainprep from the 2003 > >>>>>>>> installation disk against the 2000 server, with an account that > >>>>>>>> is member of the Schema admins, to upgrade the schema to the > >>>>>>>> new > >>>>>>>> version > >>>>>>>> - Install the new machine as a member server in your existing > >>>>>>>> domain > >>>>>>>> > >>>>>>>> - configure a fixed ip and set the preferred DNS server to the > >>>>>>>> old DNS server only > >>>>>>>> > >>>>>>>> - run dcpromo and follow the wizard to add the 2003 server to > >>>>>>>> an existing domain > >>>>>>>> > >>>>>>>> - if you are prompted for DNS configuration choose Yes (also > >>>>>>>> possible that no DNS preparation occur), then install DNS after > >>>>>>>> the reboot > >>>>>>>> > >>>>>>>> - for DNS give the server time for replication, at least 15 > >>>>>>>> minutes. Because you use Active directory integrated zones it > >>>>>>>> will automatically replicate the zones to the new server. Open > >>>>>>>> DNS management console to check that they appear > >>>>>>>> > >>>>>>>> - if the new machine is domain controller and DNS server run > >>>>>>>> again replmon, dcdiag and netdiag on both domain controllers > >>>>>>>> > >>>>>>>> - if you have no errors, make the new server Global catalog > >>>>>>>> server, open Active directory Sites and Services and then > >>>>>>>> double-click sitename, double-click Servers, click your domain > >>>>>>>> controller, right-click NTDS Settings, and then click > >>>>>>>> Properties, on the General tab, click to select the Global > >>>>>>>> catalog check box ( http://support.microsoft.com/?id=313994)> >>>>>>>> > >>>>>>>> - Transfer, NOT seize the 5 FSMO roles to the new Domain > >>>>>>>> controller ( http://support.microsoft.com/kb/324801)> >>>>>>>> > >>>>>>>> - you can see in the event viewer (Directory service) that the > >>>>>>>> roles are transferred, also give it some time > >>>>>>>> > >>>>>>>> - reconfigure the DNS configuration on your NIC of the 2003 > >>>>>>>> server, preferred DNS itself, secondary the old one > >>>>>>>> > >>>>>>>> - if you use DHCP do not forget to reconfigure the scope > >>>>>>>> settings to point to the new installed DNS server > >>>>>>>> > >>>>>>>> - export and import of DHCP database (if needed) > >>>>>>>> ( http://support.microsoft.com/kb/325473)> >>>>>>>> Demoting the old DC (if needed) > >>>>>>>> - reconfigure your clients/servers that they not longer point > >>>>>>>> to > >>>>>>>> the old DC/DNS server on the NIC > >>>>>>>> - to be sure that everything runs fine, disconnect the old DC > >>>>>>>> from the network and check with clients and servers the > >>>>>>>> connectivity, logon and also with one client a restart to see > >>>>>>>> that everything is ok > >>>>>>>> > >>>>>>>> - then run dcpromo to demote the old DC, if it works fine the > >>>>>>>> machine will move from the DC's OU to the computers container, > >>>>>>>> where you can delete it by hand. Can be that you got an error > >>>>>>>> during demoting at the beginning, then uncheck the Global > >>>>>>>> catalog on that DC and try again > >>>>>>>> > >>>>>>>> - check the DNS management console, that all entries from the > >>>>>>>> machine are disappeared or delete them by hand if the machine > >>>>>>>> is off the network for ever > >>>>>>>> > >>>>>>>> - also you have to start AD sites and services and delete the > >>>>>>>> old servername under the site, this will not be done during > >>>>>>>> promotion > >>>>>>>> > >>>>>>>> Best regards > >>>>>>>> > >>>>>>>> Meinolf Weber > >>>>>>>> Disclaimer: This posting is provided "AS IS" with no > >>>>>>>> warranties, > >>>>>>>> and > >>>>>>>> confers > >>>>>>>> no rights. > >>>>>>>> ** Please do NOT email, only reply to Newsgroups > >>>>>>>> ** HELP us help YOU!!! > >>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>>>>>> We will replace the old windows 2k DC to the new windows 2003 > >>>>>>>>> DC , thd old win 2K running as DNS server, can i migrate the > >>>>>>>>> dns and dhcp from the old 2K DC to the new 2003 DC ? > >>>>>>>>> > > > |
|
I only have two DC, server 1 and server 2,i try to move from server 1 to
server 2, no othere domain can move.
the server2 crash last month, suspect the server one still hardcode the old
server 2 GUID. how to remove this entry by using the ntdutil?
when I try to use the replicate now from server 1 to server 2, it said
access denied, i delete the default server 2 automatically generated site and
service and recreate , still can replicate said dns lookup error, but i can
resolve server 2 computer name
cause of the replication incomplete, i could run the adprep /forest in
server 2.
"Meinolf Weber" wrote:
[Quoted Text] > Hello DD, > > To move the schema you account must be member of the schema admin group. > Try to move it from the other DC. > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > > I try to transfer the > > Schema owner usgs0002.kep.co.id > > Domain role owner usgs0002.kep.co.id from server 2 to server > > 1 > > using MMC snap in , when i click on active directy schema, it said you > > only have permission to view , the id i use to login is administrator > > id which is under domain admin, schema , enterprise admin group. > > > > I can's run the adprep /forestprep. > > "Meinolf Weber" wrote: > >> Hello DD, > >> > >> Yes, you can transfer them to server 1. After changing i would > >> transfer them to the 2003 DC. > >> > >> Best regards > >> > >> Meinolf Weber > >> Disclaimer: This posting is provided "AS IS" with no warranties, and > >> confers > >> no rights. > >> ** Please do NOT email, only reply to Newsgroups > >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm> >>> Can I transfer all the role to 001 before I replace the server 2,if > >>> can how to do the transfer If I can transfer the all the role to > >>> 001, do I still need to run the trasfer process ? > >>> > >>> the new server will be replacing the 002 server. > >>> > >>> "Meinolf Weber" wrote: > >>> > >>>> Hello DD, > >>>> > >>>> You have 5 FSMO roles, so you can see that 002 is schema owner and > >>>> Domain owner and the other roles are at 001. See here about them: > >>>> http://support.microsoft.com/kb/223346/en-us> >>>> > >>>> Best regards > >>>> > >>>> Meinolf Weber > >>>> Disclaimer: This posting is provided "AS IS" with no warranties, > >>>> and > >>>> confers > >>>> no rights. > >>>> ** Please do NOT email, only reply to Newsgroups > >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>> This is the query , which one is FSMO ? USGS0001 OR USGS0002 ? > >>>>> C:\Documents and Settings\idadmin1>netdom query fsmo > >>>>> Schema owner usgs0002.kep.co.id > >>>>> Domain role owner usgs0002.kep.co.id > >>>>> PDC role usgs0001.kep.co.id > >>>>> RID pool manager usgs0001.kep.co.id > >>>>> Infrastructure owner usgs0001.kep.co.id > >>>>> I will be migrating the server tomorrow, hope got your reply > >>>>> bytoday. > >>>>> Thanks > >>>>> "Meinolf Weber" wrote: > >>>>> > >>>>>> Hello DD, > >>>>>> > >>>>>> Run in a command prompt: > >>>>>> > >>>>>> netdom query fsmo > >>>>>> > >>>>>> For this tools you have to install the support\tools\suptools.msi > >>>>>> from the 2000 or 2003 installation disk. > >>>>>> > >>>>>> Best regards > >>>>>> > >>>>>> Meinolf Weber > >>>>>> Disclaimer: This posting is provided "AS IS" with no warranties, > >>>>>> and > >>>>>> confers > >>>>>> no rights. > >>>>>> ** Please do NOT email, only reply to Newsgroups > >>>>>> ** HELP us help YOU!!! > >>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>>>> Currently we have two server running AD, so how to verify which > >>>>>>> one has the FSMO, > >>>>>>> > >>>>>>> Sorry , not very goold in this area. > >>>>>>> > >>>>>>> "Meinolf Weber" wrote: > >>>>>>> > >>>>>>>> Hello DD, > >>>>>>>> > >>>>>>>> If you will take out a DC which has the FSMO roles you have to > >>>>>>>> transfer them if you like to control it. During demotion the > >>>>>>>> roles are also transferred but you have no control to which DC, > >>>>>>>> if you have more then one. > >>>>>>>> > >>>>>>>> Seizing is only needed, if the FSMO role holder is crashed for > >>>>>>>> example and you are not able to transfer them from the running > >>>>>>>> machine. > >>>>>>>> > >>>>>>>> Best regards > >>>>>>>> > >>>>>>>> Meinolf Weber > >>>>>>>> Disclaimer: This posting is provided "AS IS" with no > >>>>>>>> warranties, > >>>>>>>> and > >>>>>>>> confers > >>>>>>>> no rights. > >>>>>>>> ** Please do NOT email, only reply to Newsgroups > >>>>>>>> ** HELP us help YOU!!! > >>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>>>>>> Hi, > >>>>>>>>> > >>>>>>>>> Very useful info, I have question on Transfer, NOT seize the > >>>>>>>>> 5 FSMO roles to the new Domain controller > >>>>>>>>> ( http://support.microsoft.com/kb/324801)> >>>>>>>>> > >>>>>>>>> I must do this steps ? refer to this link > >>>>>>>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;325379> >>>>>>>>> &s > >>>>>>>>> d= > >>>>>>>>> te > >>>>>>>>> ch > >>>>>>>>> it doesn't mentions about this steps. > >>>>>>>>> "Meinolf Weber" wrote: > >>>>>>>>>> Hello DD, > >>>>>>>>>> > >>>>>>>>>> For DHCP: > >>>>>>>>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;32547> >>>>>>>>>> 3 > >>>>>>>>>> For DNS make your live easy and use AD integrated zones on > >>>>>>>>>> the > >>>>>>>>>> 2000 > >>>>>>>>>> DC, then you have just to install the new server as DC and > >>>>>>>>>> install > >>>>>>>>>> after reboot DNS role. Then just wait. > >>>>>>>>>> See here for migration plan: > >>>>>>>>>> !!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF > >>>>>>>>>> YOU > >>>>>>>>>> DATA/MACHINE!!! > >>>>>>>>>> One question first: > >>>>>>>>>> Is the old server also Exchange server and will it be taken > >>>>>>>>>> out > >>>>>>>>>> of > >>>>>>>>>> the domain > >>>>>>>>>> forever, when the new server is running? > >>>>>>>>>> - On the old server open DNS management console and check > >>>>>>>>>> that > >>>>>>>>>> you > >>>>>>>>>> are running Active directory integrated zone (easier for > >>>>>>>>>> replication, > >>>>>>>>>> if you have more then one DNS server) > >>>>>>>>>> - run replmon from the run line or repadmin /showrepl, dcdiag > >>>>>>>>>> and > >>>>>>>>>> netdiag from the command prompt on the old machine to check > >>>>>>>>>> for > >>>>>>>>>> errors, if you have some post the complete output from the > >>>>>>>>>> command > >>>>>>>>>> here or solve them first. For this tools you have to install > >>>>>>>>>> the > >>>>>>>>>> support\tools\suptools.msi from the 2000 or 2003 installation > >>>>>>>>>> disk. > >>>>>>>>>> - run adprep /forestprep and adprep /domainprep from the 2003 > >>>>>>>>>> installation disk against the 2000 server, with an account > >>>>>>>>>> that > >>>>>>>>>> is member of the Schema admins, to upgrade the schema to the > >>>>>>>>>> new > >>>>>>>>>> version > >>>>>>>>>> - Install the new machine as a member server in your existing > >>>>>>>>>> domain > >>>>>>>>>> - configure a fixed ip and set the preferred DNS server to > >>>>>>>>>> the old DNS server only > >>>>>>>>>> > >>>>>>>>>> - run dcpromo and follow the wizard to add the 2003 server to > >>>>>>>>>> an existing domain > >>>>>>>>>> > >>>>>>>>>> - if you are prompted for DNS configuration choose Yes (also > >>>>>>>>>> possible that no DNS preparation occur), then install DNS > >>>>>>>>>> after the reboot > >>>>>>>>>> > >>>>>>>>>> - for DNS give the server time for replication, at least 15 > >>>>>>>>>> minutes. Because you use Active directory integrated zones it > >>>>>>>>>> will automatically replicate the zones to the new server. > >>>>>>>>>> Open DNS management console to check that they appear > >>>>>>>>>> > >>>>>>>>>> - if the new machine is domain controller and DNS server run > >>>>>>>>>> again replmon, dcdiag and netdiag on both domain controllers > >>>>>>>>>> > >>>>>>>>>> - if you have no errors, make the new server Global catalog > >>>>>>>>>> server, open Active directory Sites and Services and then > >>>>>>>>>> double-click sitename, double-click Servers, click your > >>>>>>>>>> domain controller, right-click NTDS Settings, and then click > >>>>>>>>>> Properties, on the General tab, click to select the Global > >>>>>>>>>> catalog check box ( http://support.microsoft.com/?id=313994)> >>>>>>>>>> > >>>>>>>>>> - Transfer, NOT seize the 5 FSMO roles to the new Domain > >>>>>>>>>> controller ( http://support.microsoft.com/kb/324801)> >>>>>>>>>> > >>>>>>>>>> - you can see in the event viewer (Directory service) that > >>>>>>>>>> the roles are transferred, also give it some time > >>>>>>>>>> > >>>>>>>>>> - reconfigure the DNS configuration on your NIC of the 2003 > >>>>>>>>>> server, preferred DNS itself, secondary the old one > >>>>>>>>>> > >>>>>>>>>> - if you use DHCP do not forget to reconfigure the scope > >>>>>>>>>> settings to point to the new installed DNS server > >>>>>>>>>> > >>>>>>>>>> - export and import of DHCP database (if needed) > >>>>>>>>>> ( http://support.microsoft.com/kb/325473)> >>>>>>>>>> Demoting the old DC (if needed) > >>>>>>>>>> - reconfigure your clients/servers that they not longer point > >>>>>>>>>> to > >>>>>>>>>> the old DC/DNS server on the NIC > >>>>>>>>>> - to be sure that everything runs fine, disconnect the old DC > >>>>>>>>>> from the network and check with clients and servers the > >>>>>>>>>> connectivity, logon and also with one client a restart to see > >>>>>>>>>> that everything is ok > >>>>>>>>>> - then run dcpromo to demote the old DC, if it works fine the > >>>>>>>>>> machine will move from the DC's OU to the computers > >>>>>>>>>> container, where you can delete it by hand. Can be that you > >>>>>>>>>> got an error during demoting at the beginning, then uncheck > >>>>>>>>>> the Global catalog on that DC and try again > >>>>>>>>>> > >>>>>>>>>> - check the DNS management console, that all entries from the > >>>>>>>>>> machine are disappeared or delete them by hand if the machine > >>>>>>>>>> is off the network for ever > >>>>>>>>>> > >>>>>>>>>> - also you have to start AD sites and services and delete the > >>>>>>>>>> old servername under the site, this will not be done during > >>>>>>>>>> promotion > >>>>>>>>>> > >>>>>>>>>> Best regards > >>>>>>>>>> > >>>>>>>>>> Meinolf Weber > >>>>>>>>>> Disclaimer: This posting is provided "AS IS" with no > >>>>>>>>>> warranties, > >>>>>>>>>> and > >>>>>>>>>> confers > >>>>>>>>>> no rights. > >>>>>>>>>> ** Please do NOT email, only reply to Newsgroups > >>>>>>>>>> ** HELP us help YOU!!! > >>>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>>>>>>>> We will replace the old windows 2k DC to the new windows > >>>>>>>>>>> 2003 DC , thd old win 2K running as DNS server, can i > >>>>>>>>>>> migrate the dns and dhcp from the old 2K DC to the new 2003 > >>>>>>>>>>> DC ? > >>>>>>>>>>> > > > |
|
dcdiag from usg001
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine usg001, is a DC.
* Connecting to directory service on server USG001.
* Collecting site info.
* Identifying all servers.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\USG001
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... USG001 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\USG001
Starting test: Replications
* Replications Check
......................... USG001 passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=OCBA,DC=co,DC=id
* Security Permissions Check for
CN=Configuration,DC=OCBA,DC=co,DC=id
* Security Permissions Check for
DC=OCBA,DC=co,DC=id
......................... USG001 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... USG001 passed test NetLogons
Starting test: Advertising
The DC USG001 is advertising itself as a DC and having a DS.
The DC USG001 is advertising as an LDAP server
The DC USG001 is advertising as having a writeable directory
The DC USG001 is advertising as a Key Distribution Center
Warning: USG001 is not advertising as a time server.
The DS USG001 is advertising as a GC.
......................... USG001 failed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN="NTDS Settings
DEL:15bb4502-7524-4072-8806-b05d374c49ec",CN=USG002,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=OCBA,DC=co,DC=id
Warning: CN="NTDS Settings
DEL:15bb4502-7524-4072-8806-b05d374c49ec",CN=USG002,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=OCBA,DC=co,DC=id
is the Schema Owner, but is deleted.
Role Domain Owner = CN="NTDS Settings
DEL:15bb4502-7524-4072-8806-b05d374c49ec",CN=USG002,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=OCBA,DC=co,DC=id
Warning: CN="NTDS Settings
DEL:15bb4502-7524-4072-8806-b05d374c49ec",CN=USG002,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=OCBA,DC=co,DC=id
is the Domain Owner, but is deleted.
Role PDC Owner = CN=NTDS
Settings,CN=USG001,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=OCBA,DC=co,DC=id
Role Rid Owner = CN=NTDS
Settings,CN=USG001,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=OCBA,DC=co,DC=id
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=USG001,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=OCBA,DC=co,DC=id
......................... USG001 failed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 4115 to 1073741823
* USG001.OCBA.COM is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 3115 to 3614
* rIDNextRID: 2951
* rIDPreviousAllocationPool is 2615 to 3114
......................... USG001 passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/USG001.OCBA.COM/OCBA.COM
* SPN found :LDAP/USG001.OCBA.COM
* SPN found :LDAP/USG001
* SPN found :LDAP/USG001.OCBA.COM/UOBKHID
* SPN found
:LDAP/96677f00-40fa-41c1-8bb1-c11a92606a04._msdcs.OCBA.COM
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/96677f00-40fa-41c1-8bb1-c11a92606a04/OCBA.COM
* SPN found :HOST/USG001.OCBA.COM/OCBA.COM
* SPN found :HOST/USG001.OCBA.COM
* SPN found :HOST/USG001
* SPN found :HOST/USG001.OCBA.COM/UOBKHID
* SPN found :GC/USG001.OCBA.COM/OCBA.COM
......................... USG001 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: RPCLOCATOR
* Checking Service: w32time
w32time Service is stopped on [USG001]
* Checking Service: TrkWks
* Checking Service: TrkSvr
* Checking Service: NETLOGON
* Checking Service: Dnscache
* Checking Service: NtFrs
SMTPSVC Service is stopped on [USG001]
......................... USG001 failed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
USG001 is in domain DC=OCBA,DC=co,DC=id
Checking for CN=USG001,OU=Domain Controllers,DC=OCBA,DC=co,DC=id in
domain DC=OCBA,DC=co,DC=id on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=USG001,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=OCBA,DC=co,DC=id
in domain CN=Configuration,DC=OCBA,DC=co,DC=id on 1 servers
Object is up-to-date on all servers.
......................... USG001 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service Event log test
Error: No record of File Replication System, SYSVOL started.
The Active Directory may be prevented from starting.
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
An Warning Event occured. EventID: 0x800034FA
Time Generated: 11/29/2008 11:25:14
Event String: Following is the summary of warnings and errors
encountered by File Replication Service while
polling the Domain Controller
USG001.OCBA.COM for FRS replica set
configuration information.
The nTDSConnection object cn=4a58d9b4-6646-4882-ab40-e5438eae8771,cn=ntds
settings,cn=USG001,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
is conflicting with cn=USG002,cn=ntds
settings,cn=USG001,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id.
Using cn=4a58d9b4-6646-4882-ab40-e5438eae8771,cn=ntds
settings,cn=USG001,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
An Warning Event occured. EventID: 0x800034FA
Time Generated: 11/29/2008 11:45:14
Event String: Following is the summary of warnings and errors
encountered by File Replication Service while
polling the Domain Controller
USG001.OCBA.COM for FRS replica set
configuration information.
The nTDSConnection object cn=72d6065a-469b-46da-a5ce-f0362006c85e,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
is conflicting with cn=USG001,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id.
Using cn=72d6065a-469b-46da-a5ce-f0362006c85e,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
The nTDSConnection object cn=4a58d9b4-6646-4882-ab40-e5438eae8771,cn=ntds
settings,cn=USG001,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
is conflicting with cn=USG002,cn=ntds
settings,cn=USG001,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id.
Using cn=4a58d9b4-6646-4882-ab40-e5438eae8771,cn=ntds
settings,cn=USG001,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
An Warning Event occured. EventID: 0x800034FA
Time Generated: 11/29/2008 13:05:15
Event String: Following is the summary of warnings and errors
encountered by File Replication Service while
polling the Domain Controller
USG001.OCBA.COM for FRS replica set
configuration information.
The nTDSConnection object cn=72d6065a-469b-46da-a5ce-f0362006c85e,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
is conflicting with cn=USG001,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id.
Using cn=72d6065a-469b-46da-a5ce-f0362006c85e,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
An Warning Event occured. EventID: 0x800034FA
Time Generated: 11/29/2008 14:40:16
Event String: Following is the summary of warnings and errors
encountered by File Replication Service while
polling the Domain Controller
USG001.OCBA.COM for FRS replica set
configuration information.
The nTDSConnection object cn=72d6065a-469b-46da-a5ce-f0362006c85e,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
is conflicting with cn=USG001,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id.
Using cn=72d6065a-469b-46da-a5ce-f0362006c85e,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
The nTDSConnection object cn=10.192.16.1,cn=ntds
settings,cn=USG001,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
is conflicting with cn=USG002,cn=ntds
settings,cn=USG001,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id.
Using cn=10.192.16.1,cn=ntds
settings,cn=USG001,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
An Warning Event occured. EventID: 0x800034FA
Time Generated: 11/30/2008 14:40:24
Event String: Following is the summary of warnings and errors
encountered by File Replication Service while
polling the Domain Controller
USG001.OCBA.COM for FRS replica set
configuration information.
The nTDSConnection object cn=72d6065a-469b-46da-a5ce-f0362006c85e,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
is conflicting with cn=USG001,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id.
Using cn=72d6065a-469b-46da-a5ce-f0362006c85e,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
The nTDSConnection object cn=10.192.16.1,cn=ntds
settings,cn=USG001,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
is conflicting with cn=USG002,cn=ntds
settings,cn=USG001,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id.
Using cn=10.192.16.1,cn=ntds
settings,cn=USG001,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
An Warning Event occured. EventID: 0x800034FA
Time Generated: 12/01/2008 08:05:31
Event String: Following is the summary of warnings and errors
encountered by File Replication Service while
polling the Domain Controller
USG001.OCBA.COM for FRS replica set
configuration information.
The nTDSConnection object cn=72d6065a-469b-46da-a5ce-f0362006c85e,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
is conflicting with cn=USG001,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id.
Using cn=72d6065a-469b-46da-a5ce-f0362006c85e,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
An Warning Event occured. EventID: 0x800034FA
Time Generated: 12/01/2008 15:05:34
Event String: Following is the summary of warnings and errors
encountered by File Replication Service while
polling the Domain Controller
USG001.OCBA.COM for FRS replica set
configuration information.
The nTDSConnection object cn=72d6065a-469b-46da-a5ce-f0362006c85e,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id is conflicting with cn=USG001\
cnf:97867f81-06da-4a63-907d-ee4debdc4cf3,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id.
Using cn=72d6065a-469b-46da-a5ce-f0362006c85e,cn=ntds
settings,cn=USG002,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=OCBA,dc=co,dc=id
......................... USG001 passed test frssysvol
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15
minutes.
......................... USG001 passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... USG001 passed test systemlog
Running enterprise tests on : OCBA.COM
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... OCBA.COM passed test Intersite
Starting test: FsmoCheck
GC Name: \\USG001.OCBA.COM
Locator Flags: 0xe00001bd
PDC Name: \\USG001.OCBA.COM
Locator Flags: 0xe00001bd
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
1355
A Good Time Server could not be located.
KDC Name: \\USG001.OCBA.COM
Locator Flags: 0xe00001bd
......................... OCBA.COM failed test FsmoCheck
"Meinolf Weber" wrote:
[Quoted Text] > Hello DD, > > Run diagnostic tools dcdiag /v, netdiag /v and repadmin /showrepl and post > the result here. You can also pipe the output to a textfile if the command > prompt doesn't list it complete: > > dcdiag /v > C:\dcdiag.log > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > > I try to run adprep /forest it said THE scema master replication not > > complete. > > > > i try to replicate from the site and service, error message, error > > occur during attemp synchorize the domain controler, access is denied. > > > > The two AD can not replicate to each other. > > I also getting the event 1586 > > http://support.microsoft.com/kb/269417> > "Meinolf Weber" wrote: > > > >> Hello DD, > >> > >> Yes, you can transfer them to server 1. After changing i would > >> transfer them to the 2003 DC. > >> > >> Best regards > >> > >> Meinolf Weber > >> Disclaimer: This posting is provided "AS IS" with no warranties, and > >> confers > >> no rights. > >> ** Please do NOT email, only reply to Newsgroups > >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm> >>> Can I transfer all the role to 001 before I replace the server 2,if > >>> can how to do the transfer If I can transfer the all the role to > >>> 001, do I still need to run the trasfer process ? > >>> > >>> the new server will be replacing the 002 server. > >>> > >>> "Meinolf Weber" wrote: > >>> > >>>> Hello DD, > >>>> > >>>> You have 5 FSMO roles, so you can see that 002 is schema owner and > >>>> Domain owner and the other roles are at 001. See here about them: > >>>> http://support.microsoft.com/kb/223346/en-us> >>>> > >>>> Best regards > >>>> > >>>> Meinolf Weber > >>>> Disclaimer: This posting is provided "AS IS" with no warranties, > >>>> and > >>>> confers > >>>> no rights. > >>>> ** Please do NOT email, only reply to Newsgroups > >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>> This is the query , which one is FSMO ? USGS0001 OR USGS0002 ? > >>>>> C:\Documents and Settings\idadmin1>netdom query fsmo > >>>>> Schema owner usgs0002.kep.co.id > >>>>> Domain role owner usgs0002.kep.co.id > >>>>> PDC role usgs0001.kep.co.id > >>>>> RID pool manager usgs0001.kep.co.id > >>>>> Infrastructure owner usgs0001.kep.co.id > >>>>> I will be migrating the server tomorrow, hope got your reply > >>>>> bytoday. > >>>>> Thanks > >>>>> "Meinolf Weber" wrote: > >>>>> > >>>>>> Hello DD, > >>>>>> > >>>>>> Run in a command prompt: > >>>>>> > >>>>>> netdom query fsmo > >>>>>> > >>>>>> For this tools you have to install the support\tools\suptools.msi > >>>>>> from the 2000 or 2003 installation disk. > >>>>>> > >>>>>> Best regards > >>>>>> > >>>>>> Meinolf Weber > >>>>>> Disclaimer: This posting is provided "AS IS" with no warranties, > >>>>>> and > >>>>>> confers > >>>>>> no rights. > >>>>>> ** Please do NOT email, only reply to Newsgroups > >>>>>> ** HELP us help YOU!!! > >>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>>>> Currently we have two server running AD, so how to verify which > >>>>>>> one has the FSMO, > >>>>>>> > >>>>>>> Sorry , not very goold in this area. > >>>>>>> > >>>>>>> "Meinolf Weber" wrote: > >>>>>>> > >>>>>>>> Hello DD, > >>>>>>>> > >>>>>>>> If you will take out a DC which has the FSMO roles you have to > >>>>>>>> transfer them if you like to control it. During demotion the > >>>>>>>> roles are also transferred but you have no control to which DC, > >>>>>>>> if you have more then one. > >>>>>>>> > >>>>>>>> Seizing is only needed, if the FSMO role holder is crashed for > >>>>>>>> example and you are not able to transfer them from the running > >>>>>>>> machine. > >>>>>>>> > >>>>>>>> Best regards > >>>>>>>> > >>>>>>>> Meinolf Weber > >>>>>>>> Disclaimer: This posting is provided "AS IS" with no > >>>>>>>> warranties, > >>>>>>>> and > >>>>>>>> confers > >>>>>>>> no rights. > >>>>>>>> ** Please do NOT email, only reply to Newsgroups > >>>>>>>> ** HELP us help YOU!!! > >>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>>>>>> Hi, > >>>>>>>>> > >>>>>>>>> Very useful info, I have question on Transfer, NOT seize the > >>>>>>>>> 5 FSMO roles to the new Domain controller > >>>>>>>>> ( http://support.microsoft.com/kb/324801)> >>>>>>>>> > >>>>>>>>> I must do this steps ? refer to this link > >>>>>>>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;325379> >>>>>>>>> &s > >>>>>>>>> d= > >>>>>>>>> te > >>>>>>>>> ch > >>>>>>>>> it doesn't mentions about this steps. > >>>>>>>>> "Meinolf Weber" wrote: > >>>>>>>>>> Hello DD, > >>>>>>>>>> > >>>>>>>>>> For DHCP: > >>>>>>>>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;32547> >>>>>>>>>> 3 > >>>>>>>>>> For DNS make your live easy and use AD integrated zones on > >>>>>>>>>> the > >>>>>>>>>> 2000 > >>>>>>>>>> DC, then you have just to install the new server as DC and > >>>>>>>>>> install > >>>>>>>>>> after reboot DNS role. Then just wait. > >>>>>>>>>> See here for migration plan: > >>>>>>>>>> !!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF > >>>>>>>>>> YOU > >>>>>>>>>> DATA/MACHINE!!! > >>>>>>>>>> One question first: > >>>>>>>>>> Is the old server also Exchange server and will it be taken > >>>>>>>>>> out > >>>>>>>>>> of > >>>>>>>>>> the domain > >>>>>>>>>> forever, when the new server is running? > >>>>>>>>>> - On the old server open DNS management console and check > >>>>>>>>>> that > >>>>>>>>>> you > >>>>>>>>>> are running Active directory integrated zone (easier for > >>>>>>>>>> replication, > >>>>>>>>>> if you have more then one DNS server) > >>>>>>>>>> - run replmon from the run line or repadmin /showrepl, dcdiag > >>>>>>>>>> and > >>>>>>>>>> netdiag from the command prompt on the old machine to check > >>>>>>>>>> for > >>>>>>>>>> errors, if you have some post the complete output from the > >>>>>>>>>> command > >>>>>>>>>> here or solve them first. For this tools you have to install > >>>>>>>>>> the > >>>>>>>>>> support\tools\suptools.msi from the 2000 or 2003 installation > >>>>>>>>>> disk. > >>>>>>>>>> - run adprep /forestprep and adprep /domainprep from the 2003 > >>>>>>>>>> installation disk against the 2000 server, with an account > >>>>>>>>>> that > >>>>>>>>>> is member of the Schema admins, to upgrade the schema to the > >>>>>>>>>> new > >>>>>>>>>> version > >>>>>>>>>> - Install the new machine as a member server in your existing > >>>>>>>>>> domain > >>>>>>>>>> - configure a fixed ip and set the preferred DNS server to > >>>>>>>>>> the old DNS server only > >>>>>>>>>> > >>>>>>>>>> - run dcpromo and follow the wizard to add the 2003 server to > >>>>>>>>>> an existing domain > >>>>>>>>>> > >>>>>>>>>> - if you are prompted for DNS configuration choose Yes (also > >>>>>>>>>> possible that no DNS preparation occur), then install DNS > >>>>>>>>>> after the reboot > >>>>>>>>>> > >>>>>>>>>> - for DNS give the server time for replication, at least 15 > >>>>>>>>>> minutes. Because you use Active directory integrated zones it > >>>>>>>>>> will automatically replicate the zones to the new server. > >>>>>>>>>> Open DNS management console to check that they appear > >>>>>>>>>> > >>>>>>>>>> - if the new machine is domain controller and DNS server run > >>>>>>>>>> again replmon, dcdiag and netdiag on both domain controllers > >>>>>>>>>> > >>>>>>>>>> - if you have no errors, make the new server Global catalog > >>>>>>>>>> server, open Active directory Sites and Services and then > >>>>>>>>>> double-click sitename, double-click Servers, click your > >>>>>>>>>> domain controller, right-click NTDS Settings, and then click > >>>>>>>>>> Properties, on the General tab, click to select the Global > >>>>>>>>>> catalog check box ( http://support.microsoft.com/?id=313994)> >>>>>>>>>> > >>>>>>>>>> - Transfer, NOT seize the 5 FSMO roles to the new Domain > >>>>>>>>>> controller ( http://support.microsoft.com/kb/324801)> >>>>>>>>>> > >>>>>>>>>> - you can see in the event viewer (Directory service) that > >>>>>>>>>> the roles are transferred, also give it some time > >>>>>>>>>> > >>>>>>>>>> - reconfigure the DNS configuration on your NIC of the 2003 > >>>>>>>>>> server, preferred DNS itself, secondary the old one > >>>>>>>>>> > >>>>>>>>>> - if you use DHCP do not forget to reconfigure the scope > >>>>>>>>>> settings to point to the new installed DNS server > >>>>>>>>>> > >>>>>>>>>> - export and import of DHCP database (if needed) > >>>>>>>>>> ( http://support.microsoft.com/kb/325473)> >>>>>>>>>> Demoting the old DC (if needed) > >>>>>>>>>> - reconfigure your clients/servers that they not longer point > >>>>>>>>>> to > >>>>>>>>>> the old DC/DNS server on the NIC > >>>>>>>>>> - to be sure that everything runs fine, disconnect the old DC > >>>>>>>>>> from the network and check with clients and servers the > >>>>>>>>>> connectivity, logon and also with one client a restart to see > >>>>>>>>>> that everything is ok > >>>>>>>>>> - then run dcpromo to demote the old DC, if it works fine the > >>>>>>>>>> machine will move from the DC's OU to the computers > >>>>>>>>>> container, where you can delete it by hand. Can be that you > >>>>>>>>>> got an error during demoting at the beginning, then uncheck > >>>>>>>>>> the Global catalog on that DC and try again > >>>>>>>>>> > >>>>>>>>>> - check the DNS management console, that all entries from the > >>>>>>>>>> machine are disappeared or delete them by hand if the machine > >>>>>>>>>> is off the network for ever > >>>>>>>>>> > >>>>>>>>>> - also you have to start AD sites and services and delete the > >>>>>>>>>> old servername under the site, this will not be done during > >>>>>>>>>> promotion > >>>>>>>>>> > >>>>>>>>>> Best regards > >>>>>>>>>> > >>>>>>>>>> Meinolf Weber > >>>>>>>>>> Disclaimer: This posting is provided "AS IS" with no > >>>>>>>>>> warranties, > >>>>>>>>>> and > >>>>>>>>>> confers > >>>>>>>>>> no rights. > >>>>>>>>>> ** Please do NOT email, only reply to Newsgroups > >>>>>>>>>> ** HELP us help YOU!!! > >>>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>>>>>>>> We will replace the old windows 2k DC to the new windows > >>>>>>>>>>> 2003 DC , thd old win 2K running as DNS server, can i > >>>>>>>>>>> migrate the dns and dhcp from the old 2K DC to the new 2003 > >>>>>>>>>>> DC ? > >>>>>>>>>>> > > > |
|
NETDIAG FILE TOO LONG , can't post it here.
I getting this error message
I can do the replicate now from the site service service. but when i run the
adpredp /forest from the server 2.
The schema master did not complete a replication cycle after the last
reboot. Th
e schema master must complete at least one replication cycle before the
schema c
an be extended.
[User Action]
Verify that the schema master is connected to the network and can
communicate wi
th other domain controllers. Use the Sites and Services snap-in to
replicate be
tween the schema operations master and at least one replication partner.
After r
eplication has succeeded, run adprep again.
"Meinolf Weber" wrote:
[Quoted Text] > Hello DD, > > Run diagnostic tools dcdiag /v, netdiag /v and repadmin /showrepl and post > the result here. You can also pipe the output to a textfile if the command > prompt doesn't list it complete: > > dcdiag /v > C:\dcdiag.log > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > > I try to run adprep /forest it said THE scema master replication not > > complete. > > > > i try to replicate from the site and service, error message, error > > occur during attemp synchorize the domain controler, access is denied. > > > > The two AD can not replicate to each other. > > I also getting the event 1586 > > http://support.microsoft.com/kb/269417> > "Meinolf Weber" wrote: > > > >> Hello DD, > >> > >> Yes, you can transfer them to server 1. After changing i would > >> transfer them to the 2003 DC. > >> > >> Best regards > >> > >> Meinolf Weber > >> Disclaimer: This posting is provided "AS IS" with no warranties, and > >> confers > >> no rights. > >> ** Please do NOT email, only reply to Newsgroups > >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm> >>> Can I transfer all the role to 001 before I replace the server 2,if > >>> can how to do the transfer If I can transfer the all the role to > >>> 001, do I still need to run the trasfer process ? > >>> > >>> the new server will be replacing the 002 server. > >>> > >>> "Meinolf Weber" wrote: > >>> > >>>> Hello DD, > >>>> > >>>> You have 5 FSMO roles, so you can see that 002 is schema owner and > >>>> Domain owner and the other roles are at 001. See here about them: > >>>> http://support.microsoft.com/kb/223346/en-us> >>>> > >>>> Best regards > >>>> > >>>> Meinolf Weber > >>>> Disclaimer: This posting is provided "AS IS" with no warranties, > >>>> and > >>>> confers > >>>> no rights. > >>>> ** Please do NOT email, only reply to Newsgroups > >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>> This is the query , which one is FSMO ? USGS0001 OR USGS0002 ? > >>>>> C:\Documents and Settings\idadmin1>netdom query fsmo > >>>>> Schema owner usgs0002.kep.co.id > >>>>> Domain role owner usgs0002.kep.co.id > >>>>> PDC role usgs0001.kep.co.id > >>>>> RID pool manager usgs0001.kep.co.id > >>>>> Infrastructure owner usgs0001.kep.co.id > >>>>> I will be migrating the server tomorrow, hope got your reply > >>>>> bytoday. > >>>>> Thanks > >>>>> "Meinolf Weber" wrote: > >>>>> > >>>>>> Hello DD, > >>>>>> > >>>>>> Run in a command prompt: > >>>>>> > >>>>>> netdom query fsmo > >>>>>> > >>>>>> For this tools you have to install the support\tools\suptools.msi > >>>>>> from the 2000 or 2003 installation disk. > >>>>>> > >>>>>> Best regards > >>>>>> > >>>>>> Meinolf Weber > >>>>>> Disclaimer: This posting is provided "AS IS" with no warranties, > >>>>>> and > >>>>>> confers > >>>>>> no rights. > >>>>>> ** Please do NOT email, only reply to Newsgroups > >>>>>> ** HELP us help YOU!!! > >>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>>>> Currently we have two server running AD, so how to verify which > >>>>>>> one has the FSMO, > >>>>>>> > >>>>>>> Sorry , not very goold in this area. > >>>>>>> > >>>>>>> "Meinolf Weber" wrote: > >>>>>>> > >>>>>>>> Hello DD, > >>>>>>>> > >>>>>>>> If you will take out a DC which has the FSMO roles you have to > >>>>>>>> transfer them if you like to control it. During demotion the > >>>>>>>> roles are also transferred but you have no control to which DC, > >>>>>>>> if you have more then one. > >>>>>>>> > >>>>>>>> Seizing is only needed, if the FSMO role holder is crashed for > >>>>>>>> example and you are not able to transfer them from the running > >>>>>>>> machine. > >>>>>>>> > >>>>>>>> Best regards > >>>>>>>> > >>>>>>>> Meinolf Weber > >>>>>>>> Disclaimer: This posting is provided "AS IS" with no > >>>>>>>> warranties, > >>>>>>>> and > >>>>>>>> confers > >>>>>>>> no rights. > >>>>>>>> ** Please do NOT email, only reply to Newsgroups > >>>>>>>> ** HELP us help YOU!!! > >>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>>>>>> Hi, > >>>>>>>>> > >>>>>>>>> Very useful info, I have question on Transfer, NOT seize the > >>>>>>>>> 5 FSMO roles to the new Domain controller > >>>>>>>>> ( http://support.microsoft.com/kb/324801)> >>>>>>>>> > >>>>>>>>> I must do this steps ? refer to this link > >>>>>>>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;325379> >>>>>>>>> &s > >>>>>>>>> d= > >>>>>>>>> te > >>>>>>>>> ch > >>>>>>>>> it doesn't mentions about this steps. > >>>>>>>>> "Meinolf Weber" wrote: > >>>>>>>>>> Hello DD, > >>>>>>>>>> > >>>>>>>>>> For DHCP: > >>>>>>>>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;32547> >>>>>>>>>> 3 > >>>>>>>>>> For DNS make your live easy and use AD integrated zones on > >>>>>>>>>> the > >>>>>>>>>> 2000 > >>>>>>>>>> DC, then you have just to install the new server as DC and > >>>>>>>>>> install > >>>>>>>>>> after reboot DNS role. Then just wait. > >>>>>>>>>> See here for migration plan: > >>>>>>>>>> !!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF > >>>>>>>>>> YOU > >>>>>>>>>> DATA/MACHINE!!! > >>>>>>>>>> One question first: > >>>>>>>>>> Is the old server also Exchange server and will it be taken > >>>>>>>>>> out > >>>>>>>>>> of > >>>>>>>>>> the domain > >>>>>>>>>> forever, when the new server is running? > >>>>>>>>>> - On the old server open DNS management console and check > >>>>>>>>>> that > >>>>>>>>>> you > >>>>>>>>>> are running Active directory integrated zone (easier for > >>>>>>>>>> replication, > >>>>>>>>>> if you have more then one DNS server) > >>>>>>>>>> - run replmon from the run line or repadmin /showrepl, dcdiag > >>>>>>>>>> and > >>>>>>>>>> netdiag from the command prompt on the old machine to check > >>>>>>>>>> for > >>>>>>>>>> errors, if you have some post the complete output from the > >>>>>>>>>> command > >>>>>>>>>> here or solve them first. For this tools you have to install > >>>>>>>>>> the > >>>>>>>>>> support\tools\suptools.msi from the 2000 or 2003 installation > >>>>>>>>>> disk. > >>>>>>>>>> - run adprep /forestprep and adprep /domainprep from the 2003 > >>>>>>>>>> installation disk against the 2000 server, with an account > >>>>>>>>>> that > >>>>>>>>>> is member of the Schema admins, to upgrade the schema to the > >>>>>>>>>> new > >>>>>>>>>> version > >>>>>>>>>> - Install the new machine as a member server in your existing > >>>>>>>>>> domain > >>>>>>>>>> - configure a fixed ip and set the preferred DNS server to > >>>>>>>>>> the old DNS server only > >>>>>>>>>> > >>>>>>>>>> - run dcpromo and follow the wizard to add the 2003 server to > >>>>>>>>>> an existing domain > >>>>>>>>>> > >>>>>>>>>> - if you are prompted for DNS configuration choose Yes (also > >>>>>>>>>> possible that no DNS preparation occur), then install DNS > >>>>>>>>>> after the reboot > >>>>>>>>>> > >>>>>>>>>> - for DNS give the server time for replication, at least 15 > >>>>>>>>>> minutes. Because you use Active directory integrated zones it > >>>>>>>>>> will automatically replicate the zones to the new server. > >>>>>>>>>> Open DNS management console to check that they appear > >>>>>>>>>> > >>>>>>>>>> - if the new machine is domain controller and DNS server run > >>>>>>>>>> again replmon, dcdiag and netdiag on both domain controllers > >>>>>>>>>> > >>>>>>>>>> - if you have no errors, make the new server Global catalog > >>>>>>>>>> server, open Active directory Sites and Services and then > >>>>>>>>>> double-click sitename, double-click Servers, click your > >>>>>>>>>> domain controller, right-click NTDS Settings, and then click > >>>>>>>>>> Properties, on the General tab, click to select the Global > >>>>>>>>>> catalog check box ( http://support.microsoft.com/?id=313994)> >>>>>>>>>> > >>>>>>>>>> - Transfer, NOT seize the 5 FSMO roles to the new Domain > >>>>>>>>>> controller ( http://support.microsoft.com/kb/324801)> >>>>>>>>>> > >>>>>>>>>> - you can see in the event viewer (Directory service) that > >>>>>>>>>> the roles are transferred, also give it some time > >>>>>>>>>> > >>>>>>>>>> - reconfigure the DNS configuration on your NIC of the 2003 > >>>>>>>>>> server, preferred DNS itself, secondary the old one > >>>>>>>>>> > >>>>>>>>>> - if you use DHCP do not forget to reconfigure the scope > >>>>>>>>>> settings to point to the new installed DNS server > >>>>>>>>>> > >>>>>>>>>> - export and import of DHCP database (if needed) > >>>>>>>>>> ( http://support.microsoft.com/kb/325473)> >>>>>>>>>> Demoting the old DC (if needed) > >>>>>>>>>> - reconfigure your clients/servers that they not longer point > >>>>>>>>>> to > >>>>>>>>>> the old DC/DNS server on the NIC > >>>>>>>>>> - to be sure that everything runs fine, disconnect the old DC > >>>>>>>>>> from the network and check with clients and servers the > >>>>>>>>>> connectivity, logon and also with one client a restart to see > >>>>>>>>>> that everything is ok > >>>>>>>>>> - then run dcpromo to demote the old DC, if it works fine the > >>>>>>>>>> machine will move from the DC's OU to the computers > >>>>>>>>>> container, where you can delete it by hand. Can be that you > >>>>>>>>>> got an error during demoting at the beginning, then uncheck > >>>>>>>>>> the Global catalog on that DC and try again > >>>>>>>>>> > >>>>>>>>>> - check the DNS management console, that all entries from the > >>>>>>>>>> machine are disappeared or delete them by hand if the machine > >>>>>>>>>> is off the network for ever > >>>>>>>>>> > >>>>>>>>>> - also you have to start AD sites and services and delete the > >>>>>>>>>> old servername under the site, this will not be done during > >>>>>>>>>> promotion > >>>>>>>>>> > >>>>>>>>>> Best regards > >>>>>>>>>> > >>>>>>>>>> Meinolf Weber > >>>>>>>>>> Disclaimer: This posting is provided "AS IS" with no > >>>>>>>>>> warranties, > >>>>>>>>>> and > >>>>>>>>>> confers > >>>>>>>>>> no rights. > >>>>>>>>>> ** Please do NOT email, only reply to Newsgroups > >>>>>>>>>> ** HELP us help YOU!!! > >>>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>>>>>>>> We will replace the old windows 2k DC to the new windows > >>>>>>>>>>> 2003 DC , thd old win 2K running as DNS server, can i > >>>>>>>>>>> migrate the dns and dhcp from the old 2K DC to the new 2003 > >>>>>>>>>>> DC ? > >>>>>>>>>>> > > > |
|
I create the server using the same name, not sure is it because the server 1
still hardcord the crash server GUID, cause I can't run the adprep/forest
which I have post the error message.
I post few questions cause I encounter different error when I try to promote
the new server as member server and this post is quite some times ago so
worry nobody reply or help.
Do I need to remove any crash server infor from the AD ?
"Meinolf Weber" wrote:
[Quoted Text] > Hello DD, > > I see that in the you are posting a lot of questions. Maybe some of them > stick together because of the existing problem. So please wait until the > main problems are solved, seems in your case the Active directory configuration. > If this works correct start with new postings. Now you post that there was > a server crash from server2, did you reinstall it from backup or image or > just create a new server with the same name? > > To remove a DC from the database follow this article: > http://support.microsoft.com/kb/555846/en-us> > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > > I only have two DC, server 1 and server 2,i try to move from server 1 > > to server 2, no othere domain can move. > > > > the server2 crash last month, suspect the server one still hardcode > > the old > > server 2 GUID. how to remove this entry by using the ntdutil? > > when I try to use the replicate now from server 1 to server 2, it > > said > > access denied, i delete the default server 2 automatically generated > > site and > > service and recreate , still can replicate said dns lookup error, but > > i can resolve server 2 computer name > > > > cause of the replication incomplete, i could run the adprep /forest in > > server 2. > > > > "Meinolf Weber" wrote: > > > >> Hello DD, > >> > >> To move the schema you account must be member of the schema admin > >> group. Try to move it from the other DC. > >> > >> Best regards > >> > >> Meinolf Weber > >> Disclaimer: This posting is provided "AS IS" with no warranties, and > >> confers > >> no rights. > >> ** Please do NOT email, only reply to Newsgroups > >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm> >>> I try to transfer the > >>> Schema owner usgs0002.kep.co.id > >>> Domain role owner usgs0002.kep.co.id from server 2 to > >>> server > >>> 1 > >>> using MMC snap in , when i click on active directy schema, it said > >>> you > >>> only have permission to view , the id i use to login is > >>> administrator > >>> id which is under domain admin, schema , enterprise admin group. > >>> I can's run the adprep /forestprep. > >>> "Meinolf Weber" wrote: > >>>> Hello DD, > >>>> > >>>> Yes, you can transfer them to server 1. After changing i would > >>>> transfer them to the 2003 DC. > >>>> > >>>> Best regards > >>>> > >>>> Meinolf Weber > >>>> Disclaimer: This posting is provided "AS IS" with no warranties, > >>>> and > >>>> confers > >>>> no rights. > >>>> ** Please do NOT email, only reply to Newsgroups > >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>> Can I transfer all the role to 001 before I replace the server > >>>>> 2,if can how to do the transfer If I can transfer the all the > >>>>> role to 001, do I still need to run the trasfer process ? > >>>>> > >>>>> the new server will be replacing the 002 server. > >>>>> > >>>>> "Meinolf Weber" wrote: > >>>>> > >>>>>> Hello DD, > >>>>>> > >>>>>> You have 5 FSMO roles, so you can see that 002 is schema owner > >>>>>> and Domain owner and the other roles are at 001. See here about > >>>>>> them: http://support.microsoft.com/kb/223346/en-us> >>>>>> > >>>>>> Best regards > >>>>>> > >>>>>> Meinolf Weber > >>>>>> Disclaimer: This posting is provided "AS IS" with no warranties, > >>>>>> and > >>>>>> confers > >>>>>> no rights. > >>>>>> ** Please do NOT email, only reply to Newsgroups > >>>>>> ** HELP us help YOU!!! > >>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>>>> This is the query , which one is FSMO ? USGS0001 OR USGS0002 ? > >>>>>>> C:\Documents and Settings\idadmin1>netdom query fsmo > >>>>>>> Schema owner usgs0002.kep.co.id > >>>>>>> Domain role owner usgs0002.kep.co.id > >>>>>>> PDC role usgs0001.kep.co.id > >>>>>>> RID pool manager usgs0001.kep.co.id > >>>>>>> Infrastructure owner usgs0001.kep.co.id > >>>>>>> I will be migrating the server tomorrow, hope got your reply > >>>>>>> bytoday. > >>>>>>> Thanks > >>>>>>> "Meinolf Weber" wrote: > >>>>>>>> Hello DD, > >>>>>>>> > >>>>>>>> Run in a command prompt: > >>>>>>>> > >>>>>>>> netdom query fsmo > >>>>>>>> > >>>>>>>> For this tools you have to install the > >>>>>>>> support\tools\suptools.msi from the 2000 or 2003 installation > >>>>>>>> disk. > >>>>>>>> > >>>>>>>> Best regards > >>>>>>>> > >>>>>>>> Meinolf Weber > >>>>>>>> Disclaimer: This posting is provided "AS IS" with no > >>>>>>>> warranties, > >>>>>>>> and > >>>>>>>> confers > >>>>>>>> no rights. > >>>>>>>> ** Please do NOT email, only reply to Newsgroups > >>>>>>>> ** HELP us help YOU!!! > >>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>>>>>> Currently we have two server running AD, so how to verify > >>>>>>>>> which one has the FSMO, > >>>>>>>>> > >>>>>>>>> Sorry , not very goold in this area. > >>>>>>>>> > >>>>>>>>> "Meinolf Weber" wrote: > >>>>>>>>> > >>>>>>>>>> Hello DD, > >>>>>>>>>> > >>>>>>>>>> If you will take out a DC which has the FSMO roles you have > >>>>>>>>>> to transfer them if you like to control it. During demotion > >>>>>>>>>> the roles are also transferred but you have no control to > >>>>>>>>>> which DC, if you have more then one. > >>>>>>>>>> > >>>>>>>>>> Seizing is only needed, if the FSMO role holder is crashed > >>>>>>>>>> for example and you are not able to transfer them from the > >>>>>>>>>> running machine. > >>>>>>>>>> > >>>>>>>>>> Best regards > >>>>>>>>>> > >>>>>>>>>> Meinolf Weber > >>>>>>>>>> Disclaimer: This posting is provided "AS IS" with no > >>>>>>>>>> warranties, > >>>>>>>>>> and > >>>>>>>>>> confers > >>>>>>>>>> no rights. > >>>>>>>>>> ** Please do NOT email, only reply to Newsgroups > >>>>>>>>>> ** HELP us help YOU!!! > >>>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>>>>>>>> Hi, > >>>>>>>>>>> > >>>>>>>>>>> Very useful info, I have question on Transfer, NOT seize > >>>>>>>>>>> the 5 FSMO roles to the new Domain controller > >>>>>>>>>>> ( http://support.microsoft.com/kb/324801)> >>>>>>>>>>> > >>>>>>>>>>> I must do this steps ? refer to this link > >>>>>>>>>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;3253> >>>>>>>>>>> 79 > >>>>>>>>>>> &s > >>>>>>>>>>> d= > >>>>>>>>>>> te > >>>>>>>>>>> ch > >>>>>>>>>>> it doesn't mentions about this steps. > >>>>>>>>>>> "Meinolf Weber" wrote: > >>>>>>>>>>>> Hello DD, > >>>>>>>>>>>> > >>>>>>>>>>>> For DHCP: > >>>>>>>>>>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;325> >>>>>>>>>>>> 47 > >>>>>>>>>>>> 3 > >>>>>>>>>>>> For DNS make your live easy and use AD integrated zones on > >>>>>>>>>>>> the > >>>>>>>>>>>> 2000 > >>>>>>>>>>>> DC, then you have just to install the new server as DC and > >>>>>>>>>>>> install > >>>>>>>>>>>> after reboot DNS role. Then just wait. > >>>>>>>>>>>> See here for migration plan: > >>>>>>>>>>>> !!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF > >>>>>>>>>>>> YOU > >>>>>>>>>>>> DATA/MACHINE!!! > >>>>>>>>>>>> One question first: > >>>>>>>>>>>> Is the old server also Exchange server and will it be taken > >>>>>>>>>>>> out > >>>>>>>>>>>> of > >>>>>>>>>>>> the domain > >>>>>>>>>>>> forever, when the new server is running? > >>>>>>>>>>>> - On the old server open DNS management console and check > >>>>>>>>>>>> that > >>>>>>>>>>>> you > >>>>>>>>>>>> are running Active directory integrated zone (easier for > >>>>>>>>>>>> replication, > >>>>>>>>>>>> if you have more then one DNS server) > >>>>>>>>>>>> - run replmon from the run line or repadmin /showrepl, > >>>>>>>>>>>> dcdiag > >>>>>>>>>>>> and > >>>>>>>>>>>> netdiag from the command prompt on the old machine to check > >>>>>>>>>>>> for > >>>>>>>>>>>> errors, if you have some post the complete output from the > >>>>>>>>>>>> command > >>>>>>>>>>>> here or solve them first. For this tools you have to > >>>>>>>>>>>> install > >>>>>>>>>>>> the > >>>>>>>>>>>> support\tools\suptools.msi from the 2000 or 2003 > >>>>>>>>>>>> installation > >>>>>>>>>>>> disk. > >>>>>>>>>>>> - run adprep /forestprep and adprep /domainprep from the > >>>>>>>>>>>> 2003 > >>>>>>>>>>>> installation disk against the 2000 server, with an account > >>>>>>>>>>>> that > >>>>>>>>>>>> is member of the Schema admins, to upgrade the schema to > >>>>>>>>>>>> the > >>>>>>>>>>>> new > >>>>>>>>>>>> version > >>>>>>>>>>>> - Install the new machine as a member server in your > >>>>>>>>>>>> existing > >>>>>>>>>>>> domain > >>>>>>>>>>>> - configure a fixed ip and set the preferred DNS server to > >>>>>>>>>>>> the old DNS server only > >>>>>>>>>>>> - run dcpromo and follow the wizard to add the 2003 server > >>>>>>>>>>>> to an existing domain > >>>>>>>>>>>> > >>>>>>>>>>>> - if you are prompted for DNS configuration choose Yes > >>>>>>>>>>>> (also possible that no DNS preparation occur), then install > >>>>>>>>>>>> DNS after the reboot > >>>>>>>>>>>> > >>>>>>>>>>>> - for DNS give the server time for replication, at least 15 > >>>>>>>>>>>> minutes. Because you use Active directory integrated zones > >>>>>>>>>>>> it will automatically replicate the zones to the new > >>>>>>>>>>>> server. Open DNS management console to check that they > >>>>>>>>>>>> appear > >>>>>>>>>>>> > >>>>>>>>>>>> - if the new machine is domain controller and DNS server > >>>>>>>>>>>> run again replmon, dcdiag and netdiag on both domain > >>>>>>>>>>>> controllers > >>>>>>>>>>>> > >>>>>>>>>>>> - if you have no errors, make the new server Global catalog > >>>>>>>>>>>> server, open Active directory Sites and Services and then > >>>>>>>>>>>> double-click sitename, double-click Servers, click your > >>>>>>>>>>>> domain controller, right-click NTDS Settings, and then > >>>>>>>>>>>> click Properties, on the General tab, click to select the > >>>>>>>>>>>> Global catalog check box > >>>>>>>>>>>> ( http://support.microsoft.com/?id=313994)> >>>>>>>>>>>> > >>>>>>>>>>>> - Transfer, NOT seize the 5 FSMO roles to the new Domain > >>>>>>>>>>>> controller ( http://support.microsoft.com/kb/324801)> >>>>>>>>>>>> > >>>>>>>>>>>> - you can see in the event viewer (Directory service) that > >>>>>>>>>>>> the roles are transferred, also give it some time > >>>>>>>>>>>> > >>>>>>>>>>>> - reconfigure the DNS configuration on your NIC of the 2003 > >>>>>>>>>>>> server, preferred DNS itself, secondary the old one > >>>>>>>>>>>> > >>>>>>>>>>>> - if you use DHCP do not forget to reconfigure the scope > >>>>>>>>>>>> settings to point to the new installed DNS server > >>>>>>>>>>>> > >>>>>>>>>>>> - export and import of DHCP database (if needed) > >>>>>>>>>>>> ( http://support.microsoft.com/kb/325473)> >>>>>>>>>>>> Demoting the old DC (if needed) > >>>>>>>>>>>> - reconfigure your clients/servers that they not longer > >>>>>>>>>>>> point > >>>>>>>>>>>> to > >>>>>>>>>>>> the old DC/DNS server on the NIC > >>>>>>>>>>>> - to be sure that everything runs fine, disconnect the old > >>>>>>>>>>>> DC > >>>>>>>>>>>> from the network and check with clients and servers the > >>>>>>>>>>>> connectivity, logon and also with one client a restart to > >>>>>>>>>>>> see > >>>>>>>>>>>> that everything is ok > >>>>>>>>>>>> - then run dcpromo to demote the old DC, if it works fine > >>>>>>>>>>>> the > >>>>>>>>>>>> machine will move from the DC's OU to the computers > >>>>>>>>>>>> container, where you can delete it by hand. Can be that you > >>>>>>>>>>>> got an error during demoting at the beginning, then uncheck > >>>>>>>>>>>> the Global catalog on that DC and try again > >>>>>>>>>>>> - check the DNS management console, that all entries from > >>>>>>>>>>>> the machine are disappeared or delete them by hand if the > >>>>>>>>>>>> machine is off the network for ever > >>>>>>>>>>>> > >>>>>>>>>>>> - also you have to start AD sites and services and delete > >>>>>>>>>>>> the old servername under the site, this will not be done > >>>>>>>>>>>> during promotion > >>>>>>>>>>>> > >>>>>>>>>>>> Best regards > >>>>>>>>>>>> > >>>>>>>>>>>> Meinolf Weber > >>>>>>>>>>>> Disclaimer: This posting is provided "AS IS" with no |
|
i din't not assign the roles to the new installed DC, it automatically
assigned.currently server 2 hold the schema owner and domain role owner and
server 1 hold the pdc , rid & infrastructure.
Can you guide me in detail how to remove the old server ? understand I can
use ntdsutil . but a bit worry if I remove the wrong entry may cause the
whole AD not working .
Appreciate your help.
If still can run the adprep /forest, i intend to install the new server as
windows 2000 and the upgrade from there. what is your comment ?
"Meinolf Weber" wrote:
[Quoted Text] > Hello DD, > > Yes, you have to remove the old server and also make sure that the FSMO roles > are existing on the other server. The new fresh installed one should not > have any role until now. In your dcdiag was stated that 2 roles are missing, > How did you assign the roles to the new installed DC, which the netdom query > fsmo output states? > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > > I create the server using the same name, not sure is it because the > > server 1 still hardcord the crash server GUID, cause I can't run the > > adprep/forest which I have post the error message. > > > > I post few questions cause I encounter different error when I try to > > promote the new server as member server and this post is quite some > > times ago so worry nobody reply or help. > > > > Do I need to remove any crash server infor from the AD ? > > > > "Meinolf Weber" wrote: > > > >> Hello DD, > >> > >> I see that in the you are posting a lot of questions. Maybe some of > >> them stick together because of the existing problem. So please wait > >> until the main problems are solved, seems in your case the Active > >> directory configuration. If this works correct start with new > >> postings. Now you post that there was a server crash from server2, > >> did you reinstall it from backup or image or just create a new server > >> with the same name? > >> > >> To remove a DC from the database follow this article: > >> http://support.microsoft.com/kb/555846/en-us> >> > >> Best regards > >> > >> Meinolf Weber > >> Disclaimer: This posting is provided "AS IS" with no warranties, and > >> confers > >> no rights. > >> ** Please do NOT email, only reply to Newsgroups > >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm> >>> I only have two DC, server 1 and server 2,i try to move from server > >>> 1 to server 2, no othere domain can move. > >>> > >>> the server2 crash last month, suspect the server one still hardcode > >>> the old > >>> server 2 GUID. how to remove this entry by using the ntdutil? > >>> when I try to use the replicate now from server 1 to server 2, it > >>> said > >>> access denied, i delete the default server 2 automatically generated > >>> site and > >>> service and recreate , still can replicate said dns lookup error, > >>> but > >>> i can resolve server 2 computer name > >>> cause of the replication incomplete, i could run the adprep /forest > >>> in server 2. > >>> > >>> "Meinolf Weber" wrote: > >>> > >>>> Hello DD, > >>>> > >>>> To move the schema you account must be member of the schema admin > >>>> group. Try to move it from the other DC. > >>>> > >>>> Best regards > >>>> > >>>> Meinolf Weber > >>>> Disclaimer: This posting is provided "AS IS" with no warranties, > >>>> and > >>>> confers > >>>> no rights. > >>>> ** Please do NOT email, only reply to Newsgroups > >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>> I try to transfer the > >>>>> Schema owner usgs0002.kep.co.id > >>>>> Domain role owner usgs0002.kep.co.id from server 2 to > >>>>> server > >>>>> 1 > >>>>> using MMC snap in , when i click on active directy schema, it said > >>>>> you > >>>>> only have permission to view , the id i use to login is > >>>>> administrator > >>>>> id which is under domain admin, schema , enterprise admin group. > >>>>> I can's run the adprep /forestprep. > >>>>> "Meinolf Weber" wrote: > >>>>>> Hello DD, > >>>>>> > >>>>>> Yes, you can transfer them to server 1. After changing i would > >>>>>> transfer them to the 2003 DC. > >>>>>> > >>>>>> Best regards > >>>>>> > >>>>>> Meinolf Weber > >>>>>> Disclaimer: This posting is provided "AS IS" with no warranties, > >>>>>> and > >>>>>> confers > >>>>>> no rights. > >>>>>> ** Please do NOT email, only reply to Newsgroups > >>>>>> ** HELP us help YOU!!! > >>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>>>> Can I transfer all the role to 001 before I replace the server > >>>>>>> 2,if can how to do the transfer If I can transfer the all the > >>>>>>> role to 001, do I still need to run the trasfer process ? > >>>>>>> > >>>>>>> the new server will be replacing the 002 server. > >>>>>>> > >>>>>>> "Meinolf Weber" wrote: > >>>>>>> > >>>>>>>> Hello DD, > >>>>>>>> > >>>>>>>> You have 5 FSMO roles, so you can see that 002 is schema owner > >>>>>>>> and Domain owner and the other roles are at 001. See here about > >>>>>>>> them: http://support.microsoft.com/kb/223346/en-us> >>>>>>>> > >>>>>>>> Best regards > >>>>>>>> > >>>>>>>> Meinolf Weber > >>>>>>>> Disclaimer: This posting is provided "AS IS" with no > >>>>>>>> warranties, > >>>>>>>> and > >>>>>>>> confers > >>>>>>>> no rights. > >>>>>>>> ** Please do NOT email, only reply to Newsgroups > >>>>>>>> ** HELP us help YOU!!! > >>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>>>>>> This is the query , which one is FSMO ? USGS0001 OR USGS0002 ? > >>>>>>>>> C:\Documents and Settings\idadmin1>netdom query fsmo > >>>>>>>>> Schema owner usgs0002.kep.co.id > >>>>>>>>> Domain role owner usgs0002.kep.co.id > >>>>>>>>> PDC role usgs0001.kep.co.id > >>>>>>>>> RID pool manager usgs0001.kep.co.id > >>>>>>>>> Infrastructure owner usgs0001.kep.co.id > >>>>>>>>> I will be migrating the server tomorrow, hope got your reply > >>>>>>>>> bytoday. > >>>>>>>>> Thanks > >>>>>>>>> "Meinolf Weber" wrote: > >>>>>>>>>> Hello DD, > >>>>>>>>>> > >>>>>>>>>> Run in a command prompt: > >>>>>>>>>> > >>>>>>>>>> netdom query fsmo > >>>>>>>>>> > >>>>>>>>>> For this tools you have to install the > >>>>>>>>>> support\tools\suptools.msi from the 2000 or 2003 installation > >>>>>>>>>> disk. > >>>>>>>>>> > >>>>>>>>>> Best regards > >>>>>>>>>> > >>>>>>>>>> Meinolf Weber > >>>>>>>>>> Disclaimer: This posting is provided "AS IS" with no > >>>>>>>>>> warranties, > >>>>>>>>>> and > >>>>>>>>>> confers > >>>>>>>>>> no rights. > >>>>>>>>>> ** Please do NOT email, only reply to Newsgroups > >>>>>>>>>> ** HELP us help YOU!!! > >>>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>>>>>>>> Currently we have two server running AD, so how to verify > >>>>>>>>>>> which one has the FSMO, > >>>>>>>>>>> > >>>>>>>>>>> Sorry , not very goold in this area. > >>>>>>>>>>> > >>>>>>>>>>> "Meinolf Weber" wrote: > >>>>>>>>>>> > >>>>>>>>>>>> Hello DD, > >>>>>>>>>>>> > >>>>>>>>>>>> If you will take out a DC which has the FSMO roles you have > >>>>>>>>>>>> to transfer them if you like to control it. During demotion > >>>>>>>>>>>> the roles are also transferred but you have no control to > >>>>>>>>>>>> which DC, if you have more then one. > >>>>>>>>>>>> > >>>>>>>>>>>> Seizing is only needed, if the FSMO role holder is crashed > >>>>>>>>>>>> for example and you are not able to transfer them from the > >>>>>>>>>>>> running machine. > >>>>>>>>>>>> > >>>>>>>>>>>> Best regards > >>>>>>>>>>>> > >>>>>>>>>>>> Meinolf Weber > >>>>>>>>>>>> Disclaimer: This posting is provided "AS IS" with no > >>>>>>>>>>>> warranties, > >>>>>>>>>>>> and > >>>>>>>>>>>> confers > >>>>>>>>>>>> no rights. > >>>>>>>>>>>> ** Please do NOT email, only reply to Newsgroups > >>>>>>>>>>>> ** HELP us help YOU!!! > >>>>>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>>>>>>>>>> Hi, > >>>>>>>>>>>>> > >>>>>>>>>>>>> Very useful info, I have question on Transfer, NOT seize > >>>>>>>>>>>>> the 5 FSMO roles to the new Domain controller > >>>>>>>>>>>>> ( http://support.microsoft.com/kb/324801)> >>>>>>>>>>>>> > >>>>>>>>>>>>> I must do this steps ? refer to this link > >>>>>>>>>>>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;32> >>>>>>>>>>>>> 53 > >>>>>>>>>>>>> 79 > >>>>>>>>>>>>> &s > >>>>>>>>>>>>> d= > >>>>>>>>>>>>> te > >>>>>>>>>>>>> ch > >>>>>>>>>>>>> it doesn't mentions about this steps. > >>>>>>>>>>>>> "Meinolf Weber" wrote: > >>>>>>>>>>>>>> Hello DD, > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> For DHCP: > >>>>>>>>>>>>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;3> >>>>>>>>>>>>>> 25 > >>>>>>>>>>>>>> 47 > >>>>>>>>>>>>>> 3 > >>>>>>>>>>>>>> For DNS make your live easy and use AD integrated zones > >>>>>>>>>>>>>> on > >>>>>>>>>>>>>> the > >>>>>>>>>>>>>> 2000 > >>>>>>>>>>>>>> DC, then you have just to install the new server as DC > >>>>>>>>>>>>>> and > >>>>>>>>>>>>>> install > >>>>>>>>>>>>>> after reboot DNS role. Then just wait. > >>>>>>>>>>>>>> See here for migration plan: > >>>>>>>>>>>>>> !!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP > >>>>>>>>>>>>>> OF > >>>>>>>>>>>>>> YOU > >>>>>>>>>>>>>> DATA/MACHINE!!! > >>>>>>>>>>>>>> One question first: > >>>>>>>>>>>>>> Is the old server also Exchange server and will it be > >>>>>>>>>>>>>> taken > >>>>>>>>>>>>>> out > >>>>>>>>>>>>>> of > >>>>>>>>>>>>>> the domain > >>>>>>>>>>>>>> forever, when the new server is running? > >>>>>>>>>>>>>> - On the old server open DNS management console and check > >>>>>>>>>>>>>> that > >>>>>>>>>>>>>> you > >>>>>>>>>>>>>> are running Active directory integrated zone (easier for > >>>>>>>>>>>>>> replication, > >>>>>>>>>>>>>> if you have more then one DNS server) > >>>>>>>>>>>>>> - run replmon from the run line or repadmin /showrepl, > >>>>>>>>>>>>>> dcdiag > >>>>>>>>>>>>>> and > >>>>>>>>>>>>>> netdiag from the command prompt on the old machine to > >>>>>>>>>>>>>> check > >>>>>>>>>>>>>> for > >>>>>>>>>>>>>> errors, if you have some post the complete output from > >>>>>>>>>>>>>> the > >>>>>>>>>>>>>> command > >>>>>>>>>>>>>> here or solve them first. For this tools you have to > >>>>>>>>>>>>>> install > >>>>>>>>>>>>>> the > >>>>>>>>>>>>>> support\tools\suptools.msi from the 2000 or 2003 > >>>>>>>>>>>>>> installation > >>>>>>>>>>>>>> disk. > >>>>>>>>>>>>>> - run adprep /forestprep and adprep /domainprep from the > >>>>>>>>>>>>>> 2003 > >>>>>>>>>>>>>> installation disk against the 2000 server, with an > >>>>>>>>>>>>>> account > >>>>>>>>>>>>>> that > >>>>>>>>>>>>>> is member of the Schema admins, to upgrade the schema to > >>>>>>>>>>>>>> the > >>>>>>>>>>>>>> new > >>>>>>>>>>>>>> version > >>>>>>>>>>>>>> - Install the new machine as a member server in your > >>>>>>>>>>>>>> existing > >>>>>>>>>>>>>> domain > >>>>>>>>>>>>>> - configure a fixed ip and set the preferred DNS server > >>>>>>>>>>>>>> to > >>>>>>>>>>>>>> the old DNS server only > >>>>>>>>>>>>>> - run dcpromo and follow the wizard to add the 2003 > >>>>>>>>>>>>>> server > >>>>>>>>>>>>>> to an existing domain > >>>>>>>>>>>>>> - if you are prompted for DNS configuration choose Yes > >>>>>>>>>>>>>> (also possible that no DNS preparation occur), then > >>>>>>>>>>>>>> install DNS after the reboot > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> - for DNS give the server time for replication, at least > >>>>>>>>>>>>>> 15 minutes. Because you use Active directory integrated > >>>>>>>>>>>>>> zones it will automatically replicate the zones to the > >>>>>>>>>>>>>> new server. Open DNS management console to check that > >>>>>>>>>>>>>> they appear > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> - if the new machine is domain controller and DNS server > >>>>>>>>>>>>>> run again replmon, dcdiag and netdiag on both domain > >>>>>>>>>>>>>> controllers > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> - if you have no errors, make the new server Global > >>>>>>>>>>>>>> catalog server, open Active directory Sites and Services > >>>>>>>>>>>>>> and then double-click sitename, double-click Servers, > >>>>>>>>>>>>>> click your domain controller, right-click NTDS Settings, > >>>>>>>>>>>>>> and then click Properties, on the General tab, click to > >>>>>>>>>>>>>> select the Global catalog check box > >>>>>>>>>>>>>> ( http://support.microsoft.com/?id=313994)> >>>>>>>>>>>>>> > >>>>>>>>>>>>>> - Transfer, NOT seize the 5 FSMO roles to the new Domain |
|
Previously we chave two DC runnign, server 1 & server , server 2 crash last
two months, we temporary setup a temp server to replace the server 2.at that
time i did not check the fsmo , so i not sure which server is holding the
role. by right should be server 1. i just setup the new temp server and I did
not do any transfer also did not delete any entry for the crash server, i
just setup using back the same computer name.
one month later, the new server arrived, so I decide to install this server
as windows 2003 and as recommended, i will setup the new server as memeber
server and then promote it to DC , it is more clean way to do it.
so I start checking the fsmo, and noticed that the server 2 hold the shema
owner 7 domain owner role.
Then I start encounter problem can't run the adprep /forest to upgrade the
new windows 2003 server as DC.
i have spend a lot of time to troubleshoot , so just wondering can i setup
the new server as windows 2k as DC and then promote it.
What is your suggestion. as you see i have post many questions but until now
i still can't proceed the new server upgrade.
"Meinolf Weber" wrote:
[Quoted Text] > Hello DD, > > I got confused now, please describe exactlyt the steps about the installation > from the new DC and the problem with the broken one. Is the new DC installed > in the domain before the other breaks? Did you rename it maybe? the dcdiag > output states that there is no schema holder, so how did the new DC get this > role, when the old one is broken and you did not seize or move the role? > If the FSMO roles existing on a DC they will not automatically move to another > DC, except you demote a DC correctly and do not move the FSMO roles to another > one yourself, then it choose one available DC. But when a DC breaks this > will not happen. > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > > i din't not assign the roles to the new installed DC, it automatically > > assigned.currently server 2 hold the schema owner and domain role > > owner and server 1 hold the pdc , rid & infrastructure. > > > > Can you guide me in detail how to remove the old server ? understand I > > can use ntdsutil . but a bit worry if I remove the wrong entry may > > cause the whole AD not working . > > > > Appreciate your help. > > > > If still can run the adprep /forest, i intend to install the new > > server as windows 2000 and the upgrade from there. what is your > > comment ? > > > > "Meinolf Weber" wrote: > > > >> Hello DD, > >> > >> Yes, you have to remove the old server and also make sure that the > >> FSMO roles are existing on the other server. The new fresh installed > >> one should not have any role until now. In your dcdiag was stated > >> that 2 roles are missing, How did you assign the roles to the new > >> installed DC, which the netdom query fsmo output states? > >> > >> Best regards > >> > >> Meinolf Weber > >> Disclaimer: This posting is provided "AS IS" with no warranties, and > >> confers > >> no rights. > >> ** Please do NOT email, only reply to Newsgroups > >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm> >>> I create the server using the same name, not sure is it because the > >>> server 1 still hardcord the crash server GUID, cause I can't run the > >>> adprep/forest which I have post the error message. > >>> > >>> I post few questions cause I encounter different error when I try to > >>> promote the new server as member server and this post is quite some > >>> times ago so worry nobody reply or help. > >>> > >>> Do I need to remove any crash server infor from the AD ? > >>> > >>> "Meinolf Weber" wrote: > >>> > >>>> Hello DD, > >>>> > >>>> I see that in the you are posting a lot of questions. Maybe some of > >>>> them stick together because of the existing problem. So please wait > >>>> until the main problems are solved, seems in your case the Active > >>>> directory configuration. If this works correct start with new > >>>> postings. Now you post that there was a server crash from server2, > >>>> did you reinstall it from backup or image or just create a new > >>>> server with the same name? > >>>> > >>>> To remove a DC from the database follow this article: > >>>> http://support.microsoft.com/kb/555846/en-us> >>>> > >>>> Best regards > >>>> > >>>> Meinolf Weber > >>>> Disclaimer: This posting is provided "AS IS" with no warranties, > >>>> and > >>>> confers > >>>> no rights. > >>>> ** Please do NOT email, only reply to Newsgroups > >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>> I only have two DC, server 1 and server 2,i try to move from > >>>>> server 1 to server 2, no othere domain can move. > >>>>> > >>>>> the server2 crash last month, suspect the server one still > >>>>> hardcode > >>>>> the old > >>>>> server 2 GUID. how to remove this entry by using the ntdutil? > >>>>> when I try to use the replicate now from server 1 to server 2, it > >>>>> said > >>>>> access denied, i delete the default server 2 automatically > >>>>> generated > >>>>> site and > >>>>> service and recreate , still can replicate said dns lookup error, > >>>>> but > >>>>> i can resolve server 2 computer name > >>>>> cause of the replication incomplete, i could run the adprep > >>>>> /forest > >>>>> in server 2. > >>>>> "Meinolf Weber" wrote: > >>>>> > >>>>>> Hello DD, > >>>>>> > >>>>>> To move the schema you account must be member of the schema admin > >>>>>> group. Try to move it from the other DC. > >>>>>> > >>>>>> Best regards > >>>>>> > >>>>>> Meinolf Weber > >>>>>> Disclaimer: This posting is provided "AS IS" with no warranties, > >>>>>> and > >>>>>> confers > >>>>>> no rights. > >>>>>> ** Please do NOT email, only reply to Newsgroups > >>>>>> ** HELP us help YOU!!! > >>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>>>> I try to transfer the > >>>>>>> Schema owner usgs0002.kep.co.id > >>>>>>> Domain role owner usgs0002.kep.co.id from server 2 to > >>>>>>> server > >>>>>>> 1 > >>>>>>> using MMC snap in , when i click on active directy schema, it > >>>>>>> said > >>>>>>> you > >>>>>>> only have permission to view , the id i use to login is > >>>>>>> administrator > >>>>>>> id which is under domain admin, schema , enterprise admin group. > >>>>>>> I can's run the adprep /forestprep. > >>>>>>> "Meinolf Weber" wrote: > >>>>>>>> Hello DD, > >>>>>>>> > >>>>>>>> Yes, you can transfer them to server 1. After changing i would > >>>>>>>> transfer them to the 2003 DC. > >>>>>>>> > >>>>>>>> Best regards > >>>>>>>> > >>>>>>>> Meinolf Weber > >>>>>>>> Disclaimer: This posting is provided "AS IS" with no > >>>>>>>> warranties, > >>>>>>>> and > >>>>>>>> confers > >>>>>>>> no rights. > >>>>>>>> ** Please do NOT email, only reply to Newsgroups > >>>>>>>> ** HELP us help YOU!!! > >>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>>>>>> Can I transfer all the role to 001 before I replace the > >>>>>>>>> server 2,if can how to do the transfer If I can transfer the > >>>>>>>>> all the role to 001, do I still need to run the trasfer > >>>>>>>>> process ? > >>>>>>>>> > >>>>>>>>> the new server will be replacing the 002 server. > >>>>>>>>> > >>>>>>>>> "Meinolf Weber" wrote: > >>>>>>>>> > >>>>>>>>>> Hello DD, > >>>>>>>>>> > >>>>>>>>>> You have 5 FSMO roles, so you can see that 002 is schema > >>>>>>>>>> owner and Domain owner and the other roles are at 001. See > >>>>>>>>>> here about them: http://support.microsoft.com/kb/223346/en-us> >>>>>>>>>> > >>>>>>>>>> Best regards > >>>>>>>>>> > >>>>>>>>>> Meinolf Weber > >>>>>>>>>> Disclaimer: This posting is provided "AS IS" with no > >>>>>>>>>> warranties, > >>>>>>>>>> and > >>>>>>>>>> confers > >>>>>>>>>> no rights. > >>>>>>>>>> ** Please do NOT email, only reply to Newsgroups > >>>>>>>>>> ** HELP us help YOU!!! > >>>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>>>>>>>> This is the query , which one is FSMO ? USGS0001 OR USGS0002 > >>>>>>>>>>> ? > >>>>>>>>>>> C:\Documents and Settings\idadmin1>netdom query fsmo > >>>>>>>>>>> Schema owner usgs0002.kep.co.id > >>>>>>>>>>> Domain role owner usgs0002.kep.co.id > >>>>>>>>>>> PDC role usgs0001.kep.co.id > >>>>>>>>>>> RID pool manager usgs0001.kep.co.id > >>>>>>>>>>> Infrastructure owner usgs0001.kep.co.id > >>>>>>>>>>> I will be migrating the server tomorrow, hope got your reply > >>>>>>>>>>> bytoday. > >>>>>>>>>>> Thanks > >>>>>>>>>>> "Meinolf Weber" wrote: > >>>>>>>>>>>> Hello DD, > >>>>>>>>>>>> > >>>>>>>>>>>> Run in a command prompt: > >>>>>>>>>>>> > >>>>>>>>>>>> netdom query fsmo > >>>>>>>>>>>> > >>>>>>>>>>>> For this tools you have to install the > >>>>>>>>>>>> support\tools\suptools.msi from the 2000 or 2003 > >>>>>>>>>>>> installation disk. > >>>>>>>>>>>> > >>>>>>>>>>>> Best regards > >>>>>>>>>>>> > >>>>>>>>>>>> Meinolf Weber > >>>>>>>>>>>> Disclaimer: This posting is provided "AS IS" with no > >>>>>>>>>>>> warranties, > >>>>>>>>>>>> and > >>>>>>>>>>>> confers > >>>>>>>>>>>> no rights. > >>>>>>>>>>>> ** Please do NOT email, only reply to Newsgroups > >>>>>>>>>>>> ** HELP us help YOU!!! > >>>>>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>>>>>>>>>> Currently we have two server running AD, so how to verify > >>>>>>>>>>>>> which one has the FSMO, > >>>>>>>>>>>>> > >>>>>>>>>>>>> Sorry , not very goold in this area. > >>>>>>>>>>>>> > >>>>>>>>>>>>> "Meinolf Weber" wrote: > >>>>>>>>>>>>> > >>>>>>>>>>>>>> Hello DD, > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> If you will take out a DC which has the FSMO roles you > >>>>>>>>>>>>>> have to transfer them if you like to control it. During > >>>>>>>>>>>>>> demotion the roles are also transferred but you have no > >>>>>>>>>>>>>> control to which DC, if you have more then one. > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Seizing is only needed, if the FSMO role holder is > >>>>>>>>>>>>>> crashed for example and you are not able to transfer them > >>>>>>>>>>>>>> from the running machine. > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Best regards > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Meinolf Weber > >>>>>>>>>>>>>> Disclaimer: This posting is provided "AS IS" with no > >>>>>>>>>>>>>> warranties, > >>>>>>>>>>>>>> and > >>>>>>>>>>>>>> confers > >>>>>>>>>>>>>> no rights. > >>>>>>>>>>>>>> ** Please do NOT email, only reply to Newsgroups > >>>>>>>>>>>>>> ** HELP us help YOU!!! > >>>>>>>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm> >>>>>>>>>>>>>>> Hi, > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> Very useful info, I have question on Transfer, NOT > >>>>>>>>>>>>>>> seize the 5 FSMO roles to the new Domain controller > >>>>>>>>>>>>>>> ( http://support.microsoft.com/kb/324801)> >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> I must do this steps ? refer to this link > >>>>>>>>>>>>>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;> >>>>>>>>>>>>>>> 32 > >>>>>>>>>>>>>>> 53 > >>>>>>>>>>>>>>> 79 > >>>>>>>>>>>>>>> &s > >>>>>>>>>>>>>>> d= > >>>>>>>>>>>>>>> te > >>>>>>>>>>>>>>> ch > >>>>>>>>>>>>>>> it doesn't mentions about this steps. > >>>>>>>>>>>>>>> "Meinolf Weber" wrote: > >>>>>>>>>>>>>>>> Hello DD, > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> For DHCP: > >>>>>>>>>>>>>>>> http://support.microsoft.com/default.aspx?scid=kb;en-us> >>>>>>>>>>>>>>>> ;3 > >>>>>>>>>>>>>>>> 25 > >>>>>>>>>>>>>>>> 47 > >>>>>>>>>>>>>>>> 3 > >>>>>>>>>>>>>>>> For DNS make your live easy and use AD integrated zones > >>>>>>>>>>>>>>>> on > >>>>>>>>>>>>>>>> the > >>>>>>>>>>>>>>>> 2000 > >>>>>>>>>>>>>>>> DC, then you have just to install the new server as DC > >>>>>>>>>>>>>>>> and > >>>>>>>>>>>>>>>> install > >>>>>>>>>>>>>>>> after reboot DNS role. Then just wait. > >>>>>>>>>>>>>>>> See here for migration plan: > >>>>>>>>>>>>>>>> !!!NEVER START BEFORE HAVING CREATED AND TESTED A > >>>>>>>>>>>>>>>> BACKUP > >>>>>>>>>>>>>>>> OF > >>>>>>>>>>>>>>>> YOU > >>>>>>>>>>>>>>>> DATA/MACHINE!!! > >>>>>>>>>>>>>>>> One question first: > >>>>>>>>>>>>>>>> Is the old server also Exchange server and will it be > >>>>>>>>>>>>>>>> taken > >>>>>>>>>>>>>>>> out > >>>>>>>>>>>>>>>> of > >>>>>>>>>>>>>>>> the domain > >>>>>>>>>>>>>>>> forever, when the new server is running? > >>>>>>>>>>>>>>>> - On the old server open DNS management console and > >>>>>>>>>>>>>>>> check > >>>>>>>>>>>>>>>> that > >>>>>>>>>>>>>>>> you > >>>>>>>>>>>>>>>> are running Active directory integrated zone (easier > >>>>>>>>>>>>>>>> for > >>>>>>>>>>>>>>>> replication, > >>>>>>>>>>>>>>>> if you have more then one DNS server) > >>>>>>>>>>>>>>>> - run replmon from the run line or repadmin /showrepl, > >>>>>>>>>>>>>>>> dcdiag > >>>>>>>>>>>>>>>> and > >>>>>>>>>>>>>>>> netdiag from the command prompt on the old machine to > >>>>>>>>>>>>>>>> check > >>>>>>>>>>>>>>>> for > >>>>>>>>>>>>>>>> errors, if you have some post the complete output from |
|
|