Changing out servers

I am getting ready to change out a 2000 server with a 2003 server. The
problem is the 2000 server is the PDC. The 2003 will be the new PDC.
1. What sort of issues should I be on the look out for?
2. Are they any special steps or considerations I need to take into account?

I am planning on doing a DCPROMO on the 2000 box to demote it and promote
the 2003 box to the PDC.

This is the first time I have done any type of a change out like this and
want to make sure I have the bases covered in my rollout plan before I
actually roll anything out.

We are running Active Directory as well.

Hi Scott,

Well -- since Windows 2000 there is no such thing as PDC ;-). All domain
controllers are equal.

First advice -- don't demote your Windows Server 2000 until you have
everything up and running on Windows Server 2003!

Here are some articles that will help you out with your upgrade

How to upgrade Windows 2000 domain controllers to Windows Server 2003
http://support.microsoft.com/default...b;en-us;325379

Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003
Domain
http://support.microsoft.com/kb/555040/en-us

Let us know if you need any more information on this.

--
Mike
Microsoft MVP - Windows Security

"Scott Sendelbach" <> wrote in
message news:7E6A7696-39A0-40D1-A9C7-...
>I am getting ready to change out a 2000 server with a 2003 server. The
> problem is the 2000 server is the PDC. The 2003 will be the new PDC.
> 1. What sort of issues should I be on the look out for?
> 2. Are they any special steps or considerations I need to take into
> account?
>
> I am planning on doing a DCPROMO on the 2000 box to demote it and promote
> the 2003 box to the PDC.
>
> This is the first time I have done any type of a change out like this and
> want to make sure I have the bases covered in my rollout plan before I
> actually roll anything out.
>
> We are running Active Directory as well.

We already have 2 other 2003 servers on the Active Directory structure. We
will be pulling the plug on the old 2000 server and replacing it with a newer
server with faster hardware running server 2003. There will be two other 2000
servers on the domain still.
All I need to really do is just DCPROMO the 2003 server and power down the
old 2000 server?

We have our email outsourced through MAILSTREET and do not have a local
exchange server. ADC is running on the server we are removing, but I don't
think it is needed any longer since we don't have an exchange server in
house.
Is that correct?




"Miha Pihler [MVP]" wrote:

> Hi Scott,
>
> Well -- since Windows 2000 there is no such thing as PDC ;-). All domain
> controllers are equal.
>
> First advice -- don't demote your Windows Server 2000 until you have
> everything up and running on Windows Server 2003!
>
> Here are some articles that will help you out with your upgrade
>
> How to upgrade Windows 2000 domain controllers to Windows Server 2003
> http://support.microsoft.com/default...b;en-us;325379
>
> Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003
> Domain
> http://support.microsoft.com/kb/555040/en-us
>
> Let us know if you need any more information on this.
>
> --
> Mike
> Microsoft MVP - Windows Security
>
> "Scott Sendelbach" <> wrote in
> message news:7E6A7696-39A0-40D1-A9C7-...
> >I am getting ready to change out a 2000 server with a 2003 server. The
> > problem is the 2000 server is the PDC. The 2003 will be the new PDC.
> > 1. What sort of issues should I be on the look out for?
> > 2. Are they any special steps or considerations I need to take into
> > account?
> >
> > I am planning on doing a DCPROMO on the 2000 box to demote it and promote
> > the 2003 box to the PDC.
> >
> > This is the first time I have done any type of a change out like this and
> > want to make sure I have the bases covered in my rollout plan before I
> > actually roll anything out.
> >
> > We are running Active Directory as well.
>
>
>

Hi,

Are other two Windows Server 2003 already domain controllers?

- Did you transfer FSMO roles from Windows 2000 server to Windows Server
2003 DC?
- Did you make your Windows Server 2003 domain controllers Global Catalogs?
- Did you update clients to use new servers for DNS queries (if they used
Windows 2000 till now)?

Why was ADC installed if you don't have Exchange? Did you have it at some
point?

--
Mike
Microsoft MVP - Windows Security

"Scott Sendelbach" <> wrote in
message news:A7727500-DBDD-4664-89F0-...
> We already have 2 other 2003 servers on the Active Directory structure. We
> will be pulling the plug on the old 2000 server and replacing it with a
> newer
> server with faster hardware running server 2003. There will be two other
> 2000
> servers on the domain still.
> All I need to really do is just DCPROMO the 2003 server and power down the
> old 2000 server?
>
> We have our email outsourced through MAILSTREET and do not have a local
> exchange server. ADC is running on the server we are removing, but I don't
> think it is needed any longer since we don't have an exchange server in
> house.
> Is that correct?
>
>
>
>
> "Miha Pihler [MVP]" wrote:
>
>> Hi Scott,
>>
>> Well -- since Windows 2000 there is no such thing as PDC ;-). All domain
>> controllers are equal.
>>
>> First advice -- don't demote your Windows Server 2000 until you have
>> everything up and running on Windows Server 2003!
>>
>> Here are some articles that will help you out with your upgrade
>>
>> How to upgrade Windows 2000 domain controllers to Windows Server 2003
>> http://support.microsoft.com/default...b;en-us;325379
>>
>> Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003
>> Domain
>> http://support.microsoft.com/kb/555040/en-us
>>
>> Let us know if you need any more information on this.
>>
>> --
>> Mike
>> Microsoft MVP - Windows Security
>>
>> "Scott Sendelbach" <> wrote in
>> message news:7E6A7696-39A0-40D1-A9C7-...
>> >I am getting ready to change out a 2000 server with a 2003 server. The
>> > problem is the 2000 server is the PDC. The 2003 will be the new PDC.
>> > 1. What sort of issues should I be on the look out for?
>> > 2. Are they any special steps or considerations I need to take into
>> > account?
>> >
>> > I am planning on doing a DCPROMO on the 2000 box to demote it and
>> > promote
>> > the 2003 box to the PDC.
>> >
>> > This is the first time I have done any type of a change out like this
>> > and
>> > want to make sure I have the bases covered in my rollout plan before I
>> > actually roll anything out.
>> >
>> > We are running Active Directory as well.
>>
>>
>>

Yes, the two 2003 servers are domain controllers. The 2000 server is still
the master controller. That is the one that is being replaced by another 2003
server.

I don't think the FMSO roles were transferred. One of the 2003 server were
already existing when I was hired late last year.

Global Catalogs: I believe the only GC is the 2000 server being replaced. I
thought there could only be 1 GC?

ADC: We did have an exchange server at one time, or so I was told. We don't
right now. I take it ADC will not be needed on the replacement server?

"Miha Pihler [MVP]" wrote:

> Hi,
>
> Are other two Windows Server 2003 already domain controllers?
>
> - Did you transfer FSMO roles from Windows 2000 server to Windows Server
> 2003 DC?
> - Did you make your Windows Server 2003 domain controllers Global Catalogs?
> - Did you update clients to use new servers for DNS queries (if they used
> Windows 2000 till now)?
>
> Why was ADC installed if you don't have Exchange? Did you have it at some
> point?
>
> --
> Mike
> Microsoft MVP - Windows Security
>
> "Scott Sendelbach" <> wrote in
> message news:A7727500-DBDD-4664-89F0-...
> > We already have 2 other 2003 servers on the Active Directory structure. We
> > will be pulling the plug on the old 2000 server and replacing it with a
> > newer
> > server with faster hardware running server 2003. There will be two other
> > 2000
> > servers on the domain still.
> > All I need to really do is just DCPROMO the 2003 server and power down the
> > old 2000 server?
> >
> > We have our email outsourced through MAILSTREET and do not have a local
> > exchange server. ADC is running on the server we are removing, but I don't
> > think it is needed any longer since we don't have an exchange server in
> > house.
> > Is that correct?
> >
> >
> >
> >
> > "Miha Pihler [MVP]" wrote:
> >
> >> Hi Scott,
> >>
> >> Well -- since Windows 2000 there is no such thing as PDC ;-). All domain
> >> controllers are equal.
> >>
> >> First advice -- don't demote your Windows Server 2000 until you have
> >> everything up and running on Windows Server 2003!
> >>
> >> Here are some articles that will help you out with your upgrade
> >>
> >> How to upgrade Windows 2000 domain controllers to Windows Server 2003
> >> http://support.microsoft.com/default...b;en-us;325379
> >>
> >> Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003
> >> Domain
> >> http://support.microsoft.com/kb/555040/en-us
> >>
> >> Let us know if you need any more information on this.
> >>
> >> --
> >> Mike
> >> Microsoft MVP - Windows Security
> >>
> >> "Scott Sendelbach" <> wrote in
> >> message news:7E6A7696-39A0-40D1-A9C7-...
> >> >I am getting ready to change out a 2000 server with a 2003 server. The
> >> > problem is the 2000 server is the PDC. The 2003 will be the new PDC.
> >> > 1. What sort of issues should I be on the look out for?
> >> > 2. Are they any special steps or considerations I need to take into
> >> > account?
> >> >
> >> > I am planning on doing a DCPROMO on the 2000 box to demote it and
> >> > promote
> >> > the 2003 box to the PDC.
> >> >
> >> > This is the first time I have done any type of a change out like this
> >> > and
> >> > want to make sure I have the bases covered in my rollout plan before I
> >> > actually roll anything out.
> >> >
> >> > We are running Active Directory as well.
> >>
> >>
> >>
>
>
>

Hi Scoot,

Here are some articles that can help you with moving FSMO roles from your
Windows 2000 Server to Windows Server 2003.

Using Ntdsutil.exe to seize or transfer FSMO roles to a domain controller
http://support.microsoft.com/kb/255504

How to view and transfer FSMO roles in Windows Server 2003
http://support.microsoft.com/?id=324801

How To Create or Move a Global Catalog in Windows 2000
http://support.microsoft.com/?kbid=313994
You can have as many Global Catalogs as you want. You should have at least
two in every production domain. If you have only one Global Catalog and this
server fails, your users won't be able to logon to domain -- hence the
reason for having at least two.

If you don't have Exchange any more then uninstall ADC and after you do
above steps run dcpromo on Windows 2000 server.
Another suggestion here would be to shut down your current Windows 2000
computer after you do above steps for few days to see if everything is
running fine. If there are no complaints then you can safely run dcpromo and
make your current Windows 2000 server a member server.

I would like to remind you again about your DNS server. I am guessing here,
but your Windows 2000 server is probably also DNS server. Make sure that you
update any clients that currently point to it for DNS resolution... If you
don't -- clients won't be able to find any domain controllers (they use DNS
for locating domain controllers).

--
Mike
Microsoft MVP - Windows Security

"Scott Sendelbach" <> wrote in
message news:F0E09290-00E3-407F-A18E-...
> Yes, the two 2003 servers are domain controllers. The 2000 server is still
> the master controller. That is the one that is being replaced by another
> 2003
> server.
>
> I don't think the FMSO roles were transferred. One of the 2003 server were
> already existing when I was hired late last year.
>
> Global Catalogs: I believe the only GC is the 2000 server being replaced.
> I
> thought there could only be 1 GC?
>
> ADC: We did have an exchange server at one time, or so I was told. We
> don't
> right now. I take it ADC will not be needed on the replacement server?
>
> "Miha Pihler [MVP]" wrote:
>
>> Hi,
>>
>> Are other two Windows Server 2003 already domain controllers?
>>
>> - Did you transfer FSMO roles from Windows 2000 server to Windows Server
>> 2003 DC?
>> - Did you make your Windows Server 2003 domain controllers Global
>> Catalogs?
>> - Did you update clients to use new servers for DNS queries (if they used
>> Windows 2000 till now)?
>>
>> Why was ADC installed if you don't have Exchange? Did you have it at some
>> point?
>>
>> --
>> Mike
>> Microsoft MVP - Windows Security
>>
>> "Scott Sendelbach" <> wrote in
>> message news:A7727500-DBDD-4664-89F0-...
>> > We already have 2 other 2003 servers on the Active Directory structure.
>> > We
>> > will be pulling the plug on the old 2000 server and replacing it with a
>> > newer
>> > server with faster hardware running server 2003. There will be two
>> > other
>> > 2000
>> > servers on the domain still.
>> > All I need to really do is just DCPROMO the 2003 server and power down
>> > the
>> > old 2000 server?
>> >
>> > We have our email outsourced through MAILSTREET and do not have a local
>> > exchange server. ADC is running on the server we are removing, but I
>> > don't
>> > think it is needed any longer since we don't have an exchange server in
>> > house.
>> > Is that correct?
>> >
>> >
>> >
>> >
>> > "Miha Pihler [MVP]" wrote:
>> >
>> >> Hi Scott,
>> >>
>> >> Well -- since Windows 2000 there is no such thing as PDC ;-). All
>> >> domain
>> >> controllers are equal.
>> >>
>> >> First advice -- don't demote your Windows Server 2000 until you have
>> >> everything up and running on Windows Server 2003!
>> >>
>> >> Here are some articles that will help you out with your upgrade
>> >>
>> >> How to upgrade Windows 2000 domain controllers to Windows Server 2003
>> >> http://support.microsoft.com/default...b;en-us;325379
>> >>
>> >> Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003
>> >> Domain
>> >> http://support.microsoft.com/kb/555040/en-us
>> >>
>> >> Let us know if you need any more information on this.
>> >>
>> >> --
>> >> Mike
>> >> Microsoft MVP - Windows Security
>> >>
>> >> "Scott Sendelbach" <> wrote
>> >> in
>> >> message news:7E6A7696-39A0-40D1-A9C7-...
>> >> >I am getting ready to change out a 2000 server with a 2003 server.
>> >> >The
>> >> > problem is the 2000 server is the PDC. The 2003 will be the new PDC.
>> >> > 1. What sort of issues should I be on the look out for?
>> >> > 2. Are they any special steps or considerations I need to take into
>> >> > account?
>> >> >
>> >> > I am planning on doing a DCPROMO on the 2000 box to demote it and
>> >> > promote
>> >> > the 2003 box to the PDC.
>> >> >
>> >> > This is the first time I have done any type of a change out like
>> >> > this
>> >> > and
>> >> > want to make sure I have the bases covered in my rollout plan before
>> >> > I
>> >> > actually roll anything out.
>> >> >
>> >> > We are running Active Directory as well.
>> >>
>> >>
>> >>
>>
>>
>>

Hi,

He already has Windows Server 2003 domain controller running on the network
so there is no need for /forestprep etc.

He also doesn't need ADC any more since Exchange migration was completed --
and later removed from network.

He has new hardware for new Windows Server 2003 so there is no need for
in-place upgrade.

--
Mike
Microsoft MVP - Windows Security

"N.K.Jaiswal" <> wrote in message
news: ups.com...
> As far as ur details say.....the best thing to solve as well as
> complete all ur task..is by...
>
> *. Build the new Server with 2003 make that an ADC But before that
> ensure that on 2000 DC you hav executed -----Adprep /Domainprep &
> ------Adprep /Forestprep to make It compatiable with 2003
> counterpart...and then transfer all the roles running on Ur 2000 DC.
> Ones done u can execute Dcpromo to remove it from ur Forest...and then
> Decommision the Server.
>
>
> OR the Simplest or best...solution will be....to..do in place
> upgrade...that is...execute -----Adprep /Domainprep & ------Adprep
> /Forestprep to make 2000 DC compatiable with 2003 counterpart...and
> then...upgrade the OS....thats all...And in future if u wana change the
> Server BOX u will just need to transfer the roles and then take it off
> after Running Dcpromo to Decomission it from AD Forest Domain.
>

I have moved the FSMO roles over to the new server. The new server is also
acting as one of the DNS servers. How ever we are having issues when I do a
DCDIAG that I am also trying to resolve.

As far as DCPROMO on the 2000 server that is the current main controller,
how do I tell the domain the new main controller is the new 2003 server? The
2003 is running active directory, DNS, and FSMO roles.

I gather there is no need for ADC since we no longer have a local exchange
server?

The 2000 server is called ADMINSERVER and the 2003 server is called MESA.

How do I tell ADMINSERVER to step down and tell MESA to step up? If I try to
run DCRPOMO on MESA again it wants to remove active directory altogether.

Are there other pitfalls I should be on the look out for during the transfer
of roles/authority?

"Miha Pihler [MVP]" wrote:

> Hi Scoot,
>
> Here are some articles that can help you with moving FSMO roles from your
> Windows 2000 Server to Windows Server 2003.
>
> Using Ntdsutil.exe to seize or transfer FSMO roles to a domain controller
> http://support.microsoft.com/kb/255504
>
> How to view and transfer FSMO roles in Windows Server 2003
> http://support.microsoft.com/?id=324801
>
> How To Create or Move a Global Catalog in Windows 2000
> http://support.microsoft.com/?kbid=313994
> You can have as many Global Catalogs as you want. You should have at least
> two in every production domain. If you have only one Global Catalog and this
> server fails, your users won't be able to logon to domain -- hence the
> reason for having at least two.
>
> If you don't have Exchange any more then uninstall ADC and after you do
> above steps run dcpromo on Windows 2000 server.
> Another suggestion here would be to shut down your current Windows 2000
> computer after you do above steps for few days to see if everything is
> running fine. If there are no complaints then you can safely run dcpromo and
> make your current Windows 2000 server a member server.
>
> I would like to remind you again about your DNS server. I am guessing here,
> but your Windows 2000 server is probably also DNS server. Make sure that you
> update any clients that currently point to it for DNS resolution... If you
> don't -- clients won't be able to find any domain controllers (they use DNS
> for locating domain controllers).
>
> --
> Mike
> Microsoft MVP - Windows Security
>
> "Scott Sendelbach" <> wrote in
> message news:F0E09290-00E3-407F-A18E-...
> > Yes, the two 2003 servers are domain controllers. The 2000 server is still
> > the master controller. That is the one that is being replaced by another
> > 2003
> > server.
> >
> > I don't think the FMSO roles were transferred. One of the 2003 server were
> > already existing when I was hired late last year.
> >
> > Global Catalogs: I believe the only GC is the 2000 server being replaced.
> > I
> > thought there could only be 1 GC?
> >
> > ADC: We did have an exchange server at one time, or so I was told. We
> > don't
> > right now. I take it ADC will not be needed on the replacement server?
> >
> > "Miha Pihler [MVP]" wrote:
> >
> >> Hi,
> >>
> >> Are other two Windows Server 2003 already domain controllers?
> >>
> >> - Did you transfer FSMO roles from Windows 2000 server to Windows Server
> >> 2003 DC?
> >> - Did you make your Windows Server 2003 domain controllers Global
> >> Catalogs?
> >> - Did you update clients to use new servers for DNS queries (if they used
> >> Windows 2000 till now)?
> >>
> >> Why was ADC installed if you don't have Exchange? Did you have it at some
> >> point?
> >>
> >> --
> >> Mike
> >> Microsoft MVP - Windows Security
> >>
> >> "Scott Sendelbach" <> wrote in
> >> message news:A7727500-DBDD-4664-89F0-...
> >> > We already have 2 other 2003 servers on the Active Directory structure.
> >> > We
> >> > will be pulling the plug on the old 2000 server and replacing it with a
> >> > newer
> >> > server with faster hardware running server 2003. There will be two
> >> > other
> >> > 2000
> >> > servers on the domain still.
> >> > All I need to really do is just DCPROMO the 2003 server and power down
> >> > the
> >> > old 2000 server?
> >> >
> >> > We have our email outsourced through MAILSTREET and do not have a local
> >> > exchange server. ADC is running on the server we are removing, but I
> >> > don't
> >> > think it is needed any longer since we don't have an exchange server in
> >> > house.
> >> > Is that correct?
> >> >
> >> >
> >> >
> >> >
> >> > "Miha Pihler [MVP]" wrote:
> >> >
> >> >> Hi Scott,
> >> >>
> >> >> Well -- since Windows 2000 there is no such thing as PDC ;-). All
> >> >> domain
> >> >> controllers are equal.
> >> >>
> >> >> First advice -- don't demote your Windows Server 2000 until you have
> >> >> everything up and running on Windows Server 2003!
> >> >>
> >> >> Here are some articles that will help you out with your upgrade
> >> >>
> >> >> How to upgrade Windows 2000 domain controllers to Windows Server 2003
> >> >> http://support.microsoft.com/default...b;en-us;325379
> >> >>
> >> >> Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003
> >> >> Domain
> >> >> http://support.microsoft.com/kb/555040/en-us
> >> >>
> >> >> Let us know if you need any more information on this.
> >> >>
> >> >> --
> >> >> Mike
> >> >> Microsoft MVP - Windows Security
> >> >>
> >> >> "Scott Sendelbach" <> wrote
> >> >> in
> >> >> message news:7E6A7696-39A0-40D1-A9C7-...
> >> >> >I am getting ready to change out a 2000 server with a 2003 server.
> >> >> >The
> >> >> > problem is the 2000 server is the PDC. The 2003 will be the new PDC.
> >> >> > 1. What sort of issues should I be on the look out for?
> >> >> > 2. Are they any special steps or considerations I need to take into
> >> >> > account?
> >> >> >
> >> >> > I am planning on doing a DCPROMO on the 2000 box to demote it and
> >> >> > promote
> >> >> > the 2003 box to the PDC.
> >> >> >
> >> >> > This is the first time I have done any type of a change out like
> >> >> > this
> >> >> > and
> >> >> > want to make sure I have the bases covered in my rollout plan before
> >> >> > I
> >> >> > actually roll anything out.
> >> >> >
> >> >> > We are running Active Directory as well.
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>

Hi Scott,

My comments are in-line.

--
Mike
Microsoft MVP - Windows Security


>I have moved the FSMO roles over to the new server. The new server is also
> acting as one of the DNS servers. How ever we are having issues when I do
> a
> DCDIAG that I am also trying to resolve.
Don't forget to update your servers and clients (their TCP/IP settings) to
point to new DNS server. Make sure that your domain controllers also point
to active directory DNS server.

> As far as DCPROMO on the 2000 server that is the current main controller,
> how do I tell the domain the new main controller is the new 2003 server?
> The
> 2003 is running active directory, DNS, and FSMO roles.

If you transferred the roles and you made your new server a global catalog
then that is all you need to do. Changing FSMO and Global Catalog roles on
the servers updates DNS records (if you have your Active Directory DNS set
up correctly (look above)).
Remember -- clients use this DNS server to locate domain controller and
since all domain controllers are equal (no such thing as PDC or main domain
controller) it will pick one to talk to.
It one of the other domain controllers needs some information from one of
the FSMO role it will again check DNS to find out which domain controller
holds that FSMO role and then it will contact that DC.

So -- a good healthy DNS is vital for good stable domain environment.

> I gather there is no need for ADC since we no longer have a local exchange
> server?
>
> The 2000 server is called ADMINSERVER and the 2003 server is called MESA.
>
> How do I tell ADMINSERVER to step down and tell MESA to step up?

Again -- there is no such function. This was design of Windows NT and was
changed in Windows 2000 when Microsoft introduced Active Directory.

> If I try to run DCRPOMO on MESA again it wants to remove active directory
> altogether.
>
> Are there other pitfalls I should be on the look out for during the
> transfer
> of roles/authority?

There should be none -- but it really depends on your configuration. After
you transfer all roles to your new domain controllers wait few hours for all
information to replicate. Then you can shutdown your Windows 2000 server for
few days. This way you can see if anything will fail. If it does, you can
bring Windows 2000 back up to resolve the problem. If there are no problems
after you shutdown Windows 2000 for few days then you can safely remove
domain controller role from it and make it a domain member by running
dcpromo.


>
> "Miha Pihler [MVP]" wrote:
>
>> Hi Scoot,
>>
>> Here are some articles that can help you with moving FSMO roles from your
>> Windows 2000 Server to Windows Server 2003.
>>
>> Using Ntdsutil.exe to seize or transfer FSMO roles to a domain controller
>> http://support.microsoft.com/kb/255504
>>
>> How to view and transfer FSMO roles in Windows Server 2003
>> http://support.microsoft.com/?id=324801
>>
>> How To Create or Move a Global Catalog in Windows 2000
>> http://support.microsoft.com/?kbid=313994
>> You can have as many Global Catalogs as you want. You should have at
>> least
>> two in every production domain. If you have only one Global Catalog and
>> this
>> server fails, your users won't be able to logon to domain -- hence the
>> reason for having at least two.
>>
>> If you don't have Exchange any more then uninstall ADC and after you do
>> above steps run dcpromo on Windows 2000 server.
>> Another suggestion here would be to shut down your current Windows 2000
>> computer after you do above steps for few days to see if everything is
>> running fine. If there are no complaints then you can safely run dcpromo
>> and
>> make your current Windows 2000 server a member server.
>>
>> I would like to remind you again about your DNS server. I am guessing
>> here,
>> but your Windows 2000 server is probably also DNS server. Make sure that
>> you
>> update any clients that currently point to it for DNS resolution... If
>> you
>> don't -- clients won't be able to find any domain controllers (they use
>> DNS
>> for locating domain controllers).
>>
>> --
>> Mike
>> Microsoft MVP - Windows Security
>>
>> "Scott Sendelbach" <> wrote in
>> message news:F0E09290-00E3-407F-A18E-...
>> > Yes, the two 2003 servers are domain controllers. The 2000 server is
>> > still
>> > the master controller. That is the one that is being replaced by
>> > another
>> > 2003
>> > server.
>> >
>> > I don't think the FMSO roles were transferred. One of the 2003 server
>> > were
>> > already existing when I was hired late last year.
>> >
>> > Global Catalogs: I believe the only GC is the 2000 server being
>> > replaced.
>> > I
>> > thought there could only be 1 GC?
>> >
>> > ADC: We did have an exchange server at one time, or so I was told. We
>> > don't
>> > right now. I take it ADC will not be needed on the replacement server?
>> >
>> > "Miha Pihler [MVP]" wrote:
>> >
>> >> Hi,
>> >>
>> >> Are other two Windows Server 2003 already domain controllers?
>> >>
>> >> - Did you transfer FSMO roles from Windows 2000 server to Windows
>> >> Server
>> >> 2003 DC?
>> >> - Did you make your Windows Server 2003 domain controllers Global
>> >> Catalogs?
>> >> - Did you update clients to use new servers for DNS queries (if they
>> >> used
>> >> Windows 2000 till now)?
>> >>
>> >> Why was ADC installed if you don't have Exchange? Did you have it at
>> >> some
>> >> point?
>> >>
>> >> --
>> >> Mike
>> >> Microsoft MVP - Windows Security
>> >>
>> >> "Scott Sendelbach" <> wrote
>> >> in
>> >> message news:A7727500-DBDD-4664-89F0-...
>> >> > We already have 2 other 2003 servers on the Active Directory
>> >> > structure.
>> >> > We
>> >> > will be pulling the plug on the old 2000 server and replacing it
>> >> > with a
>> >> > newer
>> >> > server with faster hardware running server 2003. There will be two
>> >> > other
>> >> > 2000
>> >> > servers on the domain still.
>> >> > All I need to really do is just DCPROMO the 2003 server and power
>> >> > down
>> >> > the
>> >> > old 2000 server?
>> >> >
>> >> > We have our email outsourced through MAILSTREET and do not have a
>> >> > local
>> >> > exchange server. ADC is running on the server we are removing, but I
>> >> > don't
>> >> > think it is needed any longer since we don't have an exchange server
>> >> > in
>> >> > house.
>> >> > Is that correct?
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > "Miha Pihler [MVP]" wrote:
>> >> >
>> >> >> Hi Scott,
>> >> >>
>> >> >> Well -- since Windows 2000 there is no such thing as PDC ;-). All
>> >> >> domain
>> >> >> controllers are equal.
>> >> >>
>> >> >> First advice -- don't demote your Windows Server 2000 until you
>> >> >> have
>> >> >> everything up and running on Windows Server 2003!
>> >> >>
>> >> >> Here are some articles that will help you out with your upgrade
>> >> >>
>> >> >> How to upgrade Windows 2000 domain controllers to Windows Server
>> >> >> 2003
>> >> >> http://support.microsoft.com/default...b;en-us;325379
>> >> >>
>> >> >> Common Mistakes When Upgrading a Windows 2000 Domain To a Windows
>> >> >> 2003
>> >> >> Domain
>> >> >> http://support.microsoft.com/kb/555040/en-us
>> >> >>
>> >> >> Let us know if you need any more information on this.
>> >> >>
>> >> >> --
>> >> >> Mike
>> >> >> Microsoft MVP - Windows Security
>> >> >>
>> >> >> "Scott Sendelbach" <>
>> >> >> wrote
>> >> >> in
>> >> >> message news:7E6A7696-39A0-40D1-A9C7-...
>> >> >> >I am getting ready to change out a 2000 server with a 2003 server.
>> >> >> >The
>> >> >> > problem is the 2000 server is the PDC. The 2003 will be the new
>> >> >> > PDC.
>> >> >> > 1. What sort of issues should I be on the look out for?
>> >> >> > 2. Are they any special steps or considerations I need to take
>> >> >> > into
>> >> >> > account?
>> >> >> >
>> >> >> > I am planning on doing a DCPROMO on the 2000 box to demote it and
>> >> >> > promote
>> >> >> > the 2003 box to the PDC.
>> >> >> >
>> >> >> > This is the first time I have done any type of a change out like
>> >> >> > this
>> >> >> > and
>> >> >> > want to make sure I have the bases covered in my rollout plan
>> >> >> > before
>> >> >> > I
>> >> >> > actually roll anything out.
>> >> >> >
>> >> >> > We are running Active Directory as well.
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>

Mike,

Thanks for all the help and information.

How can I tell if the DNS setup I inherited is setup correctly or not? We
have several clients who have to run the IPCONFIG /REGISTERDNS repeatedly.
That tells me there is an error with DNS somewhere. How can I fix it and make
it run correctly?

"Miha Pihler [MVP]" wrote:

> Hi Scott,
>
> My comments are in-line.
>
> --
> Mike
> Microsoft MVP - Windows Security
>
>
> >I have moved the FSMO roles over to the new server. The new server is also
> > acting as one of the DNS servers. How ever we are having issues when I do
> > a
> > DCDIAG that I am also trying to resolve.
> Don't forget to update your servers and clients (their TCP/IP settings) to
> point to new DNS server. Make sure that your domain controllers also point
> to active directory DNS server.
>
> > As far as DCPROMO on the 2000 server that is the current main controller,
> > how do I tell the domain the new main controller is the new 2003 server?
> > The
> > 2003 is running active directory, DNS, and FSMO roles.
>
> If you transferred the roles and you made your new server a global catalog
> then that is all you need to do. Changing FSMO and Global Catalog roles on
> the servers updates DNS records (if you have your Active Directory DNS set
> up correctly (look above)).
> Remember -- clients use this DNS server to locate domain controller and
> since all domain controllers are equal (no such thing as PDC or main domain
> controller) it will pick one to talk to.
> It one of the other domain controllers needs some information from one of
> the FSMO role it will again check DNS to find out which domain controller
> holds that FSMO role and then it will contact that DC.
>
> So -- a good healthy DNS is vital for good stable domain environment.
>
> > I gather there is no need for ADC since we no longer have a local exchange
> > server?
> >
> > The 2000 server is called ADMINSERVER and the 2003 server is called MESA.
> >
> > How do I tell ADMINSERVER to step down and tell MESA to step up?
>
> Again -- there is no such function. This was design of Windows NT and was
> changed in Windows 2000 when Microsoft introduced Active Directory.
>
> > If I try to run DCRPOMO on MESA again it wants to remove active directory
> > altogether.
> >
> > Are there other pitfalls I should be on the look out for during the
> > transfer
> > of roles/authority?
>
> There should be none -- but it really depends on your configuration. After
> you transfer all roles to your new domain controllers wait few hours for all
> information to replicate. Then you can shutdown your Windows 2000 server for
> few days. This way you can see if anything will fail. If it does, you can
> bring Windows 2000 back up to resolve the problem. If there are no problems
> after you shutdown Windows 2000 for few days then you can safely remove
> domain controller role from it and make it a domain member by running
> dcpromo.
>
>
> >
> > "Miha Pihler [MVP]" wrote:
> >
> >> Hi Scoot,
> >>
> >> Here are some articles that can help you with moving FSMO roles from your
> >> Windows 2000 Server to Windows Server 2003.
> >>
> >> Using Ntdsutil.exe to seize or transfer FSMO roles to a domain controller
> >> http://support.microsoft.com/kb/255504
> >>
> >> How to view and transfer FSMO roles in Windows Server 2003
> >> http://support.microsoft.com/?id=324801
> >>
> >> How To Create or Move a Global Catalog in Windows 2000
> >> http://support.microsoft.com/?kbid=313994
> >> You can have as many Global Catalogs as you want. You should have at
> >> least
> >> two in every production domain. If you have only one Global Catalog and
> >> this
> >> server fails, your users won't be able to logon to domain -- hence the
> >> reason for having at least two.
> >>
> >> If you don't have Exchange any more then uninstall ADC and after you do
> >> above steps run dcpromo on Windows 2000 server.
> >> Another suggestion here would be to shut down your current Windows 2000
> >> computer after you do above steps for few days to see if everything is
> >> running fine. If there are no complaints then you can safely run dcpromo
> >> and
> >> make your current Windows 2000 server a member server.
> >>
> >> I would like to remind you again about your DNS server. I am guessing
> >> here,
> >> but your Windows 2000 server is probably also DNS server. Make sure that
> >> you
> >> update any clients that currently point to it for DNS resolution... If
> >> you
> >> don't -- clients won't be able to find any domain controllers (they use
> >> DNS
> >> for locating domain controllers).
> >>
> >> --
> >> Mike
> >> Microsoft MVP - Windows Security
> >>
> >> "Scott Sendelbach" <> wrote in
> >> message news:F0E09290-00E3-407F-A18E-...
> >> > Yes, the two 2003 servers are domain controllers. The 2000 server is
> >> > still
> >> > the master controller. That is the one that is being replaced by
> >> > another
> >> > 2003
> >> > server.
> >> >
> >> > I don't think the FMSO roles were transferred. One of the 2003 server
> >> > were
> >> > already existing when I was hired late last year.
> >> >
> >> > Global Catalogs: I believe the only GC is the 2000 server being
> >> > replaced.
> >> > I
> >> > thought there could only be 1 GC?
> >> >
> >> > ADC: We did have an exchange server at one time, or so I was told. We
> >> > don't
> >> > right now. I take it ADC will not be needed on the replacement server?
> >> >
> >> > "Miha Pihler [MVP]" wrote:
> >> >
> >> >> Hi,
> >> >>
> >> >> Are other two Windows Server 2003 already domain controllers?
> >> >>
> >> >> - Did you transfer FSMO roles from Windows 2000 server to Windows
> >> >> Server
> >> >> 2003 DC?
> >> >> - Did you make your Windows Server 2003 domain controllers Global
> >> >> Catalogs?
> >> >> - Did you update clients to use new servers for DNS queries (if they
> >> >> used
> >> >> Windows 2000 till now)?
> >> >>
> >> >> Why was ADC installed if you don't have Exchange? Did you have it at
> >> >> some
> >> >> point?
> >> >>
> >> >> --
> >> >> Mike
> >> >> Microsoft MVP - Windows Security
> >> >>
> >> >> "Scott Sendelbach" <> wrote
> >> >> in
> >> >> message news:A7727500-DBDD-4664-89F0-...
> >> >> > We already have 2 other 2003 servers on the Active Directory
> >> >> > structure.
> >> >> > We
> >> >> > will be pulling the plug on the old 2000 server and replacing it
> >> >> > with a
> >> >> > newer
> >> >> > server with faster hardware running server 2003. There will be two
> >> >> > other
> >> >> > 2000
> >> >> > servers on the domain still.
> >> >> > All I need to really do is just DCPROMO the 2003 server and power
> >> >> > down
> >> >> > the
> >> >> > old 2000 server?
> >> >> >
> >> >> > We have our email outsourced through MAILSTREET and do not have a
> >> >> > local
> >> >> > exchange server. ADC is running on the server we are removing, but I
> >> >> > don't
> >> >> > think it is needed any longer since we don't have an exchange server
> >> >> > in
> >> >> > house.
> >> >> > Is that correct?
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> > "Miha Pihler [MVP]" wrote:
> >> >> >
> >> >> >> Hi Scott,
> >> >> >>
> >> >> >> Well -- since Windows 2000 there is no such thing as PDC ;-). All
> >> >> >> domain
> >> >> >> controllers are equal.
> >> >> >>
> >> >> >> First advice -- don't demote your Windows Server 2000 until you
> >> >> >> have
> >> >> >> everything up and running on Windows Server 2003!
> >> >> >>
> >> >> >> Here are some articles that will help you out with your upgrade
> >> >> >>
> >> >> >> How to upgrade Windows 2000 domain controllers to Windows Server
> >> >> >> 2003
> >> >> >> http://support.microsoft.com/default...b;en-us;325379
> >> >> >>
> >> >> >> Common Mistakes When Upgrading a Windows 2000 Domain To a Windows
> >> >> >> 2003
> >> >> >> Domain
> >> >> >> http://support.microsoft.com/kb/555040/en-us
> >> >> >>
> >> >> >> Let us know if you need any more information on this.
> >> >> >>
> >> >> >> --
> >> >> >> Mike
> >> >> >> Microsoft MVP - Windows Security
> >> >> >>
> >> >> >> "Scott Sendelbach" <>
> >> >> >> wrote
> >> >> >> in
> >> >> >> message news:7E6A7696-39A0-40D1-A9C7-...
> >> >> >> >I am getting ready to change out a 2000 server with a 2003 server.
> >> >> >> >The
> >> >> >> > problem is the 2000 server is the PDC. The 2003 will be the new
> >> >> >> > PDC.
> >> >> >> > 1. What sort of issues should I be on the look out for?
> >> >> >> > 2. Are they any special steps or considerations I need to take
> >> >> >> > into
> >> >> >> > account?
> >> >> >> >
> >> >> >> > I am planning on doing a DCPROMO on the 2000 box to demote it and
> >> >> >> > promote
> >> >> >> > the 2003 box to the PDC.
> >> >> >> >
> >> >> >> > This is the first time I have done any type of a change out like
> >> >> >> > this
> >> >> >> > and
> >> >> >> > want to make sure I have the bases covered in my rollout plan
> >> >> >> > before
> >> >> >> > I
> >> >> >> > actually roll anything out.
> >> >> >> >
> >> >> >> > We are running Active Directory as well.
> >> >> >>
> >> >> >>
> >> >> >>
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>