Adding 2003 DC to 2000 domain...

I am replacing my main file & print server running Win2k with a 2003 server.
I have run adprep & domain prep on old server, joined new server to domain,
transferred all FSMO roles to it, as well as made it a global catalog
server.
We also have another domain (Win2k) & a trust is set up between them.
Everything seems to be going smoothly so far except for a message in event
viewer;

This computer was not able to set up a secure session with a domain
controller in domain OTHERDOMAIN due to the following:
There are currently no logon servers available to service the logon request.
This may lead to authentication problems. Make sure that this computer is
connected to the network. If the problem persists, please contact your
domain administrator.
ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it sets up
the secure session to the primary domain controller emulator in the
specified domain. Otherwise, this computer sets up the secure session to any
domain controller in the specified domain.

My other task is to smoothly transition all shares, printers, etc., to new
server as transparently as possible.
There are about a dozen networked printers that users have mapped,
\\server\printer, as well as network shares that are mapped via log-on
scripts, as well as manually mapping the drives, in some cases.

I planned on installing new printers on new server & sharing them out the
same way & backing up everything from my old DATA driver to new DATA drive,
that should retain permissions, etc.

I had thought that I could add an alias in my DNS records, pointing
OLDSERVER to NEWSERVER, as well as entering the old servers IP address on my
second nic after demoting & removing old server from domain & all would
transition smoothly, or am I dreaming?

I really don't want 50+ users flipping out on Monday morning because
everything has gone to hell, so any & all advice would be appreciated!

I will still have a Win2k server in the mix acting as backup DC, additional
DNS server until I can get another Win2k box & get all 2000 servers out of
the mix. Will this cause problems?

Hello Mike,

You have to work either with the new names or go over a tempDC to use the
old name again. Working with alias in DNS is no workable solution.

The new DC make also DNS server and reconfigure the domain machines to use
it on the NIC as perferred. Use AD integrated zones for DNS so they replicate
with AD replication and are not read-only as secondary DNS.

For printers use printmigrator:
http://www.microsoft.com/DOWNLOADS/d...displaylang=en

For the shares copy the data including permissions with robocopy form the
old to the new machine and for the shares export and import ther registry
key:
hklm/system/currentcontrolset/services/lanmanserver/shares

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I am replacing my main file & print server running Win2k with a 2003
> server.
> I have run adprep & domain prep on old server, joined new server to
> domain,
> transferred all FSMO roles to it, as well as made it a global catalog
> server.
> We also have another domain (Win2k) & a trust is set up between them.
> Everything seems to be going smoothly so far except for a message in
> event
> viewer;
> This computer was not able to set up a secure session with a domain
> controller in domain OTHERDOMAIN due to the following:
> There are currently no logon servers available to service the logon
> request.
> This may lead to authentication problems. Make sure that this computer
> is
> connected to the network. If the problem persists, please contact your
> domain administrator.
> ADDITIONAL INFO
> If this computer is a domain controller for the specified domain, it
> sets up
> the secure session to the primary domain controller emulator in the
> specified domain. Otherwise, this computer sets up the secure session
> to any
> domain controller in the specified domain.
> My other task is to smoothly transition all shares, printers, etc., to
> new
> server as transparently as possible.
> There are about a dozen networked printers that users have mapped,
> \\server\printer, as well as network shares that are mapped via log-on
> scripts, as well as manually mapping the drives, in some cases.
> I planned on installing new printers on new server & sharing them out
> the same way & backing up everything from my old DATA driver to new
> DATA drive, that should retain permissions, etc.
>
> I had thought that I could add an alias in my DNS records, pointing
> OLDSERVER to NEWSERVER, as well as entering the old servers IP address
> on my second nic after demoting & removing old server from domain &
> all would transition smoothly, or am I dreaming?
>
> I really don't want 50+ users flipping out on Monday morning because
> everything has gone to hell, so any & all advice would be appreciated!
>
> I will still have a Win2k server in the mix acting as backup DC,
> additional DNS server until I can get another Win2k box & get all 2000
> servers out of the mix. Will this cause problems?
>

Since new server is already a dc, I wouldn't be able to rename to old
server's name, right?

"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news: .com...
> Hello Mike,
>
> You have to work either with the new names or go over a tempDC to use the
> old name again. Working with alias in DNS is no workable solution.
>
> The new DC make also DNS server and reconfigure the domain machines to use
> it on the NIC as perferred. Use AD integrated zones for DNS so they
> replicate with AD replication and are not read-only as secondary DNS.
>
> For printers use printmigrator:
> http://www.microsoft.com/DOWNLOADS/d...displaylang=en
>
> For the shares copy the data including permissions with robocopy form the
> old to the new machine and for the shares export and import ther registry
> key:
> hklm/system/currentcontrolset/services/lanmanserver/shares
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> I am replacing my main file & print server running Win2k with a 2003
>> server.
>> I have run adprep & domain prep on old server, joined new server to
>> domain,
>> transferred all FSMO roles to it, as well as made it a global catalog
>> server.
>> We also have another domain (Win2k) & a trust is set up between them.
>> Everything seems to be going smoothly so far except for a message in
>> event
>> viewer;
>> This computer was not able to set up a secure session with a domain
>> controller in domain OTHERDOMAIN due to the following:
>> There are currently no logon servers available to service the logon
>> request.
>> This may lead to authentication problems. Make sure that this computer
>> is
>> connected to the network. If the problem persists, please contact your
>> domain administrator.
>> ADDITIONAL INFO
>> If this computer is a domain controller for the specified domain, it
>> sets up
>> the secure session to the primary domain controller emulator in the
>> specified domain. Otherwise, this computer sets up the secure session
>> to any
>> domain controller in the specified domain.
>> My other task is to smoothly transition all shares, printers, etc., to
>> new
>> server as transparently as possible.
>> There are about a dozen networked printers that users have mapped,
>> \\server\printer, as well as network shares that are mapped via log-on
>> scripts, as well as manually mapping the drives, in some cases.
>> I planned on installing new printers on new server & sharing them out
>> the same way & backing up everything from my old DATA driver to new
>> DATA drive, that should retain permissions, etc.
>>
>> I had thought that I could add an alias in my DNS records, pointing
>> OLDSERVER to NEWSERVER, as well as entering the old servers IP address
>> on my second nic after demoting & removing old server from domain &
>> all would transition smoothly, or am I dreaming?
>>
>> I really don't want 50+ users flipping out on Monday morning because
>> everything has gone to hell, so any & all advice would be appreciated!
>>
>> I will still have a Win2k server in the mix acting as backup DC,
>> additional DNS server until I can get another Win2k box & get all 2000
>> servers out of the mix. Will this cause problems?
>>
>
>

Hello Mike,

You can use netdom for renaming a 2003 DC, when domain functional level is
set to 2003(requires only 2003 DCs in the domain) , but personal i would
not rename a DC.

See here about:
http://technet.microsoft.com/en-us/l...61(WS.10).aspx

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Since new server is already a dc, I wouldn't be able to rename to old
> server's name, right?
>
> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
> news: .com...
>
>> Hello Mike,
>>
>> You have to work either with the new names or go over a tempDC to use
>> the old name again. Working with alias in DNS is no workable
>> solution.
>>
>> The new DC make also DNS server and reconfigure the domain machines
>> to use it on the NIC as perferred. Use AD integrated zones for DNS so
>> they replicate with AD replication and are not read-only as secondary
>> DNS.
>>
>> For printers use printmigrator:
>> http://www.microsoft.com/DOWNLOADS/d...D=9b9f2925-cbc
>> 9-44da-b2c9-ffdbc46b0b17&displaylang=en
>> For the shares copy the data including permissions with robocopy form
>> the
>> old to the new machine and for the shares export and import ther
>> registry
>> key:
>> hklm/system/currentcontrolset/services/lanmanserver/shares
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> I am replacing my main file & print server running Win2k with a 2003
>>> server.
>>> I have run adprep & domain prep on old server, joined new server to
>>> domain,
>>> transferred all FSMO roles to it, as well as made it a global
>>> catalog
>>> server.
>>> We also have another domain (Win2k) & a trust is set up between
>>> them.
>>> Everything seems to be going smoothly so far except for a message in
>>> event
>>> viewer;
>>> This computer was not able to set up a secure session with a domain
>>> controller in domain OTHERDOMAIN due to the following:
>>> There are currently no logon servers available to service the logon
>>> request.
>>> This may lead to authentication problems. Make sure that this
>>> computer
>>> is
>>> connected to the network. If the problem persists, please contact
>>> your
>>> domain administrator.
>>> ADDITIONAL INFO
>>> If this computer is a domain controller for the specified domain, it
>>> sets up
>>> the secure session to the primary domain controller emulator in the
>>> specified domain. Otherwise, this computer sets up the secure
>>> session
>>> to any
>>> domain controller in the specified domain.
>>> My other task is to smoothly transition all shares, printers, etc.,
>>> to
>>> new
>>> server as transparently as possible.
>>> There are about a dozen networked printers that users have mapped,
>>> \\server\printer, as well as network shares that are mapped via
>>> log-on
>>> scripts, as well as manually mapping the drives, in some cases.
>>> I planned on installing new printers on new server & sharing them
>>> out
>>> the same way & backing up everything from my old DATA driver to new
>>> DATA drive, that should retain permissions, etc.
>>> I had thought that I could add an alias in my DNS records, pointing
>>> OLDSERVER to NEWSERVER, as well as entering the old servers IP
>>> address on my second nic after demoting & removing old server from
>>> domain & all would transition smoothly, or am I dreaming?
>>>
>>> I really don't want 50+ users flipping out on Monday morning because
>>> everything has gone to hell, so any & all advice would be
>>> appreciated!
>>>
>>> I will still have a Win2k server in the mix acting as backup DC,
>>> additional DNS server until I can get another Win2k box & get all
>>> 2000 servers out of the mix. Will this cause problems?
>>>

No, I will still have a 2000 DC in the mix for a little while longer.

"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news: .com...
> Hello Mike,
>
> You can use netdom for renaming a 2003 DC, when domain functional level is
> set to 2003(requires only 2003 DCs in the domain) , but personal i would
> not rename a DC.
>
> See here about:
> http://technet.microsoft.com/en-us/l...61(WS.10).aspx
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Since new server is already a dc, I wouldn't be able to rename to old
>> server's name, right?
>>
>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>> news: .com...
>>
>>> Hello Mike,
>>>
>>> You have to work either with the new names or go over a tempDC to use
>>> the old name again. Working with alias in DNS is no workable
>>> solution.
>>>
>>> The new DC make also DNS server and reconfigure the domain machines
>>> to use it on the NIC as perferred. Use AD integrated zones for DNS so
>>> they replicate with AD replication and are not read-only as secondary
>>> DNS.
>>>
>>> For printers use printmigrator:
>>> http://www.microsoft.com/DOWNLOADS/d...D=9b9f2925-cbc
>>> 9-44da-b2c9-ffdbc46b0b17&displaylang=en
>>> For the shares copy the data including permissions with robocopy form
>>> the
>>> old to the new machine and for the shares export and import ther
>>> registry
>>> key:
>>> hklm/system/currentcontrolset/services/lanmanserver/shares
>>> Best regards
>>>
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers no rights.
>>> ** Please do NOT email, only reply to Newsgroups
>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>> I am replacing my main file & print server running Win2k with a 2003
>>>> server.
>>>> I have run adprep & domain prep on old server, joined new server to
>>>> domain,
>>>> transferred all FSMO roles to it, as well as made it a global
>>>> catalog
>>>> server.
>>>> We also have another domain (Win2k) & a trust is set up between
>>>> them.
>>>> Everything seems to be going smoothly so far except for a message in
>>>> event
>>>> viewer;
>>>> This computer was not able to set up a secure session with a domain
>>>> controller in domain OTHERDOMAIN due to the following:
>>>> There are currently no logon servers available to service the logon
>>>> request.
>>>> This may lead to authentication problems. Make sure that this
>>>> computer
>>>> is
>>>> connected to the network. If the problem persists, please contact
>>>> your
>>>> domain administrator.
>>>> ADDITIONAL INFO
>>>> If this computer is a domain controller for the specified domain, it
>>>> sets up
>>>> the secure session to the primary domain controller emulator in the
>>>> specified domain. Otherwise, this computer sets up the secure
>>>> session
>>>> to any
>>>> domain controller in the specified domain.
>>>> My other task is to smoothly transition all shares, printers, etc.,
>>>> to
>>>> new
>>>> server as transparently as possible.
>>>> There are about a dozen networked printers that users have mapped,
>>>> \\server\printer, as well as network shares that are mapped via
>>>> log-on
>>>> scripts, as well as manually mapping the drives, in some cases.
>>>> I planned on installing new printers on new server & sharing them
>>>> out
>>>> the same way & backing up everything from my old DATA driver to new
>>>> DATA drive, that should retain permissions, etc.
>>>> I had thought that I could add an alias in my DNS records, pointing
>>>> OLDSERVER to NEWSERVER, as well as entering the old servers IP
>>>> address on my second nic after demoting & removing old server from
>>>> domain & all would transition smoothly, or am I dreaming?
>>>>
>>>> I really don't want 50+ users flipping out on Monday morning because
>>>> everything has gone to hell, so any & all advice would be
>>>> appreciated!
>>>>
>>>> I will still have a Win2k server in the mix acting as backup DC,
>>>> additional DNS server until I can get another Win2k box & get all
>>>> 2000 servers out of the mix. Will this cause problems?
>>>>
>
>

Hello Mike,

Then you have to use the way with another DC to free the name.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> No, I will still have a 2000 DC in the mix for a little while longer.
>
> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
> news: .com...
>
>> Hello Mike,
>>
>> You can use netdom for renaming a 2003 DC, when domain functional
>> level is set to 2003(requires only 2003 DCs in the domain) , but
>> personal i would not rename a DC.
>>
>> See here about:
>> http://technet.microsoft.com/en-us/l...61(WS.10).aspx
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Since new server is already a dc, I wouldn't be able to rename to
>>> old server's name, right?
>>>
>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>>> news: .com...
>>>
>>>> Hello Mike,
>>>>
>>>> You have to work either with the new names or go over a tempDC to
>>>> use the old name again. Working with alias in DNS is no workable
>>>> solution.
>>>>
>>>> The new DC make also DNS server and reconfigure the domain machines
>>>> to use it on the NIC as perferred. Use AD integrated zones for DNS
>>>> so they replicate with AD replication and are not read-only as
>>>> secondary DNS.
>>>>
>>>> For printers use printmigrator:
>>>> http://www.microsoft.com/DOWNLOADS/d...yID=9b9f2925-c
>>>> bc
>>>> 9-44da-b2c9-ffdbc46b0b17&displaylang=en
>>>> For the shares copy the data including permissions with robocopy
>>>> form
>>>> the
>>>> old to the new machine and for the shares export and import ther
>>>> registry
>>>> key:
>>>> hklm/system/currentcontrolset/services/lanmanserver/shares
>>>> Best regards
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>> and
>>>> confers no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> I am replacing my main file & print server running Win2k with a
>>>>> 2003
>>>>> server.
>>>>> I have run adprep & domain prep on old server, joined new server
>>>>> to
>>>>> domain,
>>>>> transferred all FSMO roles to it, as well as made it a global
>>>>> catalog
>>>>> server.
>>>>> We also have another domain (Win2k) & a trust is set up between
>>>>> them.
>>>>> Everything seems to be going smoothly so far except for a message
>>>>> in
>>>>> event
>>>>> viewer;
>>>>> This computer was not able to set up a secure session with a
>>>>> domain
>>>>> controller in domain OTHERDOMAIN due to the following:
>>>>> There are currently no logon servers available to service the
>>>>> logon
>>>>> request.
>>>>> This may lead to authentication problems. Make sure that this
>>>>> computer
>>>>> is
>>>>> connected to the network. If the problem persists, please contact
>>>>> your
>>>>> domain administrator.
>>>>> ADDITIONAL INFO
>>>>> If this computer is a domain controller for the specified domain,
>>>>> it
>>>>> sets up
>>>>> the secure session to the primary domain controller emulator in
>>>>> the
>>>>> specified domain. Otherwise, this computer sets up the secure
>>>>> session
>>>>> to any
>>>>> domain controller in the specified domain.
>>>>> My other task is to smoothly transition all shares, printers,
>>>>> etc.,
>>>>> to
>>>>> new
>>>>> server as transparently as possible.
>>>>> There are about a dozen networked printers that users have mapped,
>>>>> \\server\printer, as well as network shares that are mapped via
>>>>> log-on
>>>>> scripts, as well as manually mapping the drives, in some cases.
>>>>> I planned on installing new printers on new server & sharing them
>>>>> out
>>>>> the same way & backing up everything from my old DATA driver to
>>>>> new
>>>>> DATA drive, that should retain permissions, etc.
>>>>> I had thought that I could add an alias in my DNS records,
>>>>> pointing
>>>>> OLDSERVER to NEWSERVER, as well as entering the old servers IP
>>>>> address on my second nic after demoting & removing old server from
>>>>> domain & all would transition smoothly, or am I dreaming?
>>>>> I really don't want 50+ users flipping out on Monday morning
>>>>> because everything has gone to hell, so any & all advice would be
>>>>> appreciated!
>>>>>
>>>>> I will still have a Win2k server in the mix acting as backup DC,
>>>>> additional DNS server until I can get another Win2k box & get all
>>>>> 2000 servers out of the mix. Will this cause problems?
>>>>>