Transitioning to Windows 2008 DCs

I have two windows 2003 domain controllers that are dns, dhcp, wins, and
print servers. I would like to put 2 new domain controllers in with new
hardware and make them windows 2008 domain controllers. I would to put dns,
dhcp, and wins on the new domain controllers and leave the old domain
controllers as print servers only. My questions are:

1. is there any reason why I should not demote the two old domain
controllers after I have 2008 domain controllers (backup purposes etc)
2. If i use the current DC ip addresses for the new DC's will my clients
notice anything?
3. if i backup and restore the DHCP datbase to the new 2008 DC's are client
leases restored. Will users notice anything the next time they log in?

Hello Bad,

1. No, if you have more then one DC, you will be fine, that's the minimum
you should have. Also if you take out the old OS DC's you can raise the Forest/domain
functional levels and use the new options that come with 2008 like fine grained
password policies for example.

2. Even if you chang ethe ip addresses the clients will not notify if you
reconfigure the scope options of the DHCP server and the other fixed settings
in your domain.

3. For DHCP also the clients shouldn't notice anything, especially if the
machines are shutdown. If they are running they will obtain a new lease after
the half lease time you configured in your DHCP server, so latest then they
will get the new/updated configuration.

See here for upgrading:
!!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOUR DATA/MACHINE!!!


- On the old server open DNS management console and check that you are running
Active directory integrated zone (easier for replication, if you have more
then one DNS server)

- run replmon from the run line or repadmin /showrepl, dcdiag and netdiag
from the command prompt on the old machine to check for errors, if you have
some post the complete output from the command here or solve them first.
For this tools you have to install the support\tools\suptools.msi from the
2003 installation disk.

- run adprep /forestprep and adprep /domainprep and adprep /rodcprep from
the 2008 installation disk against the 2003 schema master, with an account
that is member of the Schema admins, to upgrade the schema to the new version
(44), you can check the version with "schupgr" in a command prompt.

- Install the new machine as a member server in your existing domain

- configure a fixed ip and set the preferred DNS server to the old DNS server
only

- run dcpromo and follow the wizard to add the 2008 server to an existing
domain, make it also Global catalog.

- if you are prompted for DNS configuration choose Yes. If not, install DNS
role after promotion.

- for DNS give the server time for replication, at least 15 minutes. Because
you use Active directory integrated zones it will automatically replicate
the zones to the new server. Open DNS management console to check that they
appear

- if the new machine is domain controller and DNS server run again replmon,
dcdiag and netdiag (copy the netdiag from the 2003 to 2008, will work) on
both domain controllers

- Transfer, NOT seize the 5 FSMO roles to the new Domain controller (http://support.microsoft.com/kb/324801
applies also for 2008)

- you can see in the event viewer (Directory service) that the roles are
transferred, also give it some time

- reconfigure the DNS configuration on your NIC of the 2008 server, preferred
DNS itself, secondary the old one

- if you use DHCP do not forget to reconfigure the scope settings to point
to the new installed DNS server

- export and import of DHCP database for 2008 choose "netshell dhcp backup"
and "netshell dhcp restore" command (http://technet.microsoft.com/en-us/l.../cc772372.aspx)


Demoting the old DC

- reconfigure your clients/servers that they not longer point to the old
DC/DNS server on the NIC

- to be sure that everything runs fine, disconnect the old DC from the network
and check with clients and servers the connectivity, logon and also with
one client a restart to see that everything is ok

- then run dcpromo to demote the old DC, if it works fine the machine will
move from the DC's OU to the computers container, where you can delete it
by hand. Can be that you got an error during demoting at the beginning, then
uncheck the Global catalog on that DC and try again

- check the DNS management console, that all entries from the machine are
disappeared or delete them by hand if the machine is off the network for ever

- also you have to start AD sites and services and delete the old servername
under the site, this will not be done during promotion

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I have two windows 2003 domain controllers that are dns, dhcp, wins,
> and print servers. I would like to put 2 new domain controllers in
> with new hardware and make them windows 2008 domain controllers. I
> would to put dns, dhcp, and wins on the new domain controllers and
> leave the old domain controllers as print servers only. My questions
> are:
>
> 1. is there any reason why I should not demote the two old domain
> controllers after I have 2008 domain controllers (backup purposes etc)
> 2. If i use the current DC ip addresses for the new DC's will my
> clients
> notice anything?
> 3. if i backup and restore the DHCP datbase to the new 2008 DC's are
> client
> leases restored. Will users notice anything the next time they log
> in?

Thank you for the detailed steps. I have to retain the IP addresses of the
old DCs because they are hard coded on remote sites. At what point should I
change the IP addresses of the new DC to the IP address of the old DC?

Also, is there any benefit of me adding another windows 2003 dc to my
network? Is there any benefit to keeping on DC turned off when I update the
schema? I know I will have a backup but just want to make sure I can
recover if I have to.

Thanks.
"Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
news:. com...
> Hello Bad,
>
> 1. No, if you have more then one DC, you will be fine, that's the minimum
> you should have. Also if you take out the old OS DC's you can raise the
> Forest/domain functional levels and use the new options that come with
> 2008 like fine grained password policies for example.
>
> 2. Even if you chang ethe ip addresses the clients will not notify if you
> reconfigure the scope options of the DHCP server and the other fixed
> settings in your domain.
>
> 3. For DHCP also the clients shouldn't notice anything, especially if the
> machines are shutdown. If they are running they will obtain a new lease
> after the half lease time you configured in your DHCP server, so latest
> then they will get the new/updated configuration.
>
> See here for upgrading:
> !!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOUR
> DATA/MACHINE!!!
>
>
> - On the old server open DNS management console and check that you are
> running Active directory integrated zone (easier for replication, if you
> have more then one DNS server)
>
> - run replmon from the run line or repadmin /showrepl, dcdiag and netdiag
> from the command prompt on the old machine to check for errors, if you
> have some post the complete output from the command here or solve them
> first. For this tools you have to install the support\tools\suptools.msi
> from the 2003 installation disk.
>
> - run adprep /forestprep and adprep /domainprep and adprep /rodcprep from
> the 2008 installation disk against the 2003 schema master, with an account
> that is member of the Schema admins, to upgrade the schema to the new
> version (44), you can check the version with "schupgr" in a command
> prompt.
>
> - Install the new machine as a member server in your existing domain
>
> - configure a fixed ip and set the preferred DNS server to the old DNS
> server only
>
> - run dcpromo and follow the wizard to add the 2008 server to an existing
> domain, make it also Global catalog.
>
> - if you are prompted for DNS configuration choose Yes. If not, install
> DNS role after promotion.
>
> - for DNS give the server time for replication, at least 15 minutes.
> Because you use Active directory integrated zones it will automatically
> replicate the zones to the new server. Open DNS management console to
> check that they appear
>
> - if the new machine is domain controller and DNS server run again
> replmon, dcdiag and netdiag (copy the netdiag from the 2003 to 2008, will
> work) on both domain controllers
>
> - Transfer, NOT seize the 5 FSMO roles to the new Domain controller
> (http://support.microsoft.com/kb/324801 applies also for 2008)
>
> - you can see in the event viewer (Directory service) that the roles are
> transferred, also give it some time
>
> - reconfigure the DNS configuration on your NIC of the 2008 server,
> preferred DNS itself, secondary the old one
>
> - if you use DHCP do not forget to reconfigure the scope settings to point
> to the new installed DNS server
>
> - export and import of DHCP database for 2008 choose "netshell dhcp
> backup" and "netshell dhcp restore" command
> (http://technet.microsoft.com/en-us/l.../cc772372.aspx)
>
>
> Demoting the old DC
>
> - reconfigure your clients/servers that they not longer point to the old
> DC/DNS server on the NIC
>
> - to be sure that everything runs fine, disconnect the old DC from the
> network and check with clients and servers the connectivity, logon and
> also with one client a restart to see that everything is ok
>
> - then run dcpromo to demote the old DC, if it works fine the machine will
> move from the DC's OU to the computers container, where you can delete it
> by hand. Can be that you got an error during demoting at the beginning,
> then uncheck the Global catalog on that DC and try again
>
> - check the DNS management console, that all entries from the machine are
> disappeared or delete them by hand if the machine is off the network for
> ever
>
> - also you have to start AD sites and services and delete the old
> servername under the site, this will not be done during promotion
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> I have two windows 2003 domain controllers that are dns, dhcp, wins,
>> and print servers. I would like to put 2 new domain controllers in
>> with new hardware and make them windows 2008 domain controllers. I
>> would to put dns, dhcp, and wins on the new domain controllers and
>> leave the old domain controllers as print servers only. My questions
>> are:
>>
>> 1. is there any reason why I should not demote the two old domain
>> controllers after I have 2008 domain controllers (backup purposes etc)
>> 2. If i use the current DC ip addresses for the new DC's will my
>> clients
>> notice anything?
>> 3. if i backup and restore the DHCP datbase to the new 2008 DC's are
>> client
>> leases restored. Will users notice anything the next time they log
>> in?
>
>

Hello Bad,

If you have to change the ip's, iwould do it if the users are not there,
so you can work without any additional calls from them. Basically it doesn't
matter when you change them but do it when you not expect problems.

Why will you add an additional 2003 DC when you have 2 that are working correctly?
I can not really understand the question.

The schema you have to update on the 2003 schema master and ofcourse all
DC's should be up and running and in sync when you do it.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Thank you for the detailed steps. I have to retain the IP addresses
> of the old DCs because they are hard coded on remote sites. At what
> point should I change the IP addresses of the new DC to the IP address
> of the old DC?
>
> Also, is there any benefit of me adding another windows 2003 dc to my
> network? Is there any benefit to keeping on DC turned off when I
> update the schema? I know I will have a backup but just want to make
> sure I can recover if I have to.
>
> Thanks.
> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
> news:. com...
>> Hello Bad,
>>
>> 1. No, if you have more then one DC, you will be fine, that's the
>> minimum you should have. Also if you take out the old OS DC's you can
>> raise the Forest/domain functional levels and use the new options
>> that come with 2008 like fine grained password policies for example.
>>
>> 2. Even if you chang ethe ip addresses the clients will not notify if
>> you reconfigure the scope options of the DHCP server and the other
>> fixed settings in your domain.
>>
>> 3. For DHCP also the clients shouldn't notice anything, especially if
>> the machines are shutdown. If they are running they will obtain a new
>> lease after the half lease time you configured in your DHCP server,
>> so latest then they will get the new/updated configuration.
>>
>> See here for upgrading:
>> !!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOUR
>> DATA/MACHINE!!!
>> - On the old server open DNS management console and check that you
>> are running Active directory integrated zone (easier for replication,
>> if you have more then one DNS server)
>>
>> - run replmon from the run line or repadmin /showrepl, dcdiag and
>> netdiag from the command prompt on the old machine to check for
>> errors, if you have some post the complete output from the command
>> here or solve them first. For this tools you have to install the
>> support\tools\suptools.msi from the 2003 installation disk.
>>
>> - run adprep /forestprep and adprep /domainprep and adprep /rodcprep
>> from the 2008 installation disk against the 2003 schema master, with
>> an account that is member of the Schema admins, to upgrade the schema
>> to the new version (44), you can check the version with "schupgr" in
>> a command prompt.
>>
>> - Install the new machine as a member server in your existing domain
>>
>> - configure a fixed ip and set the preferred DNS server to the old
>> DNS server only
>>
>> - run dcpromo and follow the wizard to add the 2008 server to an
>> existing domain, make it also Global catalog.
>>
>> - if you are prompted for DNS configuration choose Yes. If not,
>> install DNS role after promotion.
>>
>> - for DNS give the server time for replication, at least 15 minutes.
>> Because you use Active directory integrated zones it will
>> automatically replicate the zones to the new server. Open DNS
>> management console to check that they appear
>>
>> - if the new machine is domain controller and DNS server run again
>> replmon, dcdiag and netdiag (copy the netdiag from the 2003 to 2008,
>> will work) on both domain controllers
>>
>> - Transfer, NOT seize the 5 FSMO roles to the new Domain controller
>> (http://support.microsoft.com/kb/324801 applies also for 2008)
>>
>> - you can see in the event viewer (Directory service) that the roles
>> are transferred, also give it some time
>>
>> - reconfigure the DNS configuration on your NIC of the 2008 server,
>> preferred DNS itself, secondary the old one
>>
>> - if you use DHCP do not forget to reconfigure the scope settings to
>> point to the new installed DNS server
>>
>> - export and import of DHCP database for 2008 choose "netshell dhcp
>> backup" and "netshell dhcp restore" command
>> (http://technet.microsoft.com/en-us/l.../cc772372.aspx)
>>
>> Demoting the old DC
>>
>> - reconfigure your clients/servers that they not longer point to the
>> old DC/DNS server on the NIC
>>
>> - to be sure that everything runs fine, disconnect the old DC from
>> the network and check with clients and servers the connectivity,
>> logon and also with one client a restart to see that everything is ok
>>
>> - then run dcpromo to demote the old DC, if it works fine the machine
>> will move from the DC's OU to the computers container, where you can
>> delete it by hand. Can be that you got an error during demoting at
>> the beginning, then uncheck the Global catalog on that DC and try
>> again
>>
>> - check the DNS management console, that all entries from the machine
>> are disappeared or delete them by hand if the machine is off the
>> network for ever
>>
>> - also you have to start AD sites and services and delete the old
>> servername under the site, this will not be done during promotion
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> I have two windows 2003 domain controllers that are dns, dhcp, wins,
>>> and print servers. I would like to put 2 new domain controllers in
>>> with new hardware and make them windows 2008 domain controllers. I
>>> would to put dns, dhcp, and wins on the new domain controllers and
>>> leave the old domain controllers as print servers only. My
>>> questions are:
>>>
>>> 1. is there any reason why I should not demote the two old domain
>>> controllers after I have 2008 domain controllers (backup purposes
>>> etc)
>>> 2. If i use the current DC ip addresses for the new DC's will my
>>> clients
>>> notice anything?
>>> 3. if i backup and restore the DHCP datbase to the new 2008 DC's
>>> are
>>> client
>>> leases restored. Will users notice anything the next time they log
>>> in?