A difficult migration (2000 -> 2003)

Discussion in 'Server Migration' started by Massimo, Nov 18, 2004.

  1. Massimo

    Massimo Guest

    I'm in the process of migrating a Windows 2000 domain whose old servers
    encountered some major hardware failures to a new Windows 2003 domain hosted
    by new, top-of-the-line servers; the old domain is in a quite dirty state,
    due to lots of misconfigurations, hardware problems and a dead Exchange
    server, so we tought it was better to create a completely new one instead of
    just replacing the domain controller.

    The new domain must have the same name as the old one (it's a public domain
    name, and it also has to be used for the new, Exchange-2003-based e-mail
    system), and must be joined by the same client computers and the same user
    who are now using the old one; so I installed two of the new servers using
    available IP addresses on the same network, promoted them to DCs creating a
    domain with the same name and installed the DNS service on them. Now I'm
    looking for the easiest and quickest way to migrate users and computers.

    The number of users is quite low (around 60), so it *could* be possible to
    just re-create the accounts, assign new passwords to them, join all the
    computers to the new domain, log in with the user account, log out, re-log
    in as an administrator and copy the old user profile over the new one; all
    of this on each machine; but, altough possible, it would be quite
    time-consuming and prone to errors, so I'm looking for something better.

    I tought about the ADMT, but it can't be used because the two domains have
    the same name; This can be worked around by upgrading the old DC to Windows
    2003 and renaming the domain, but I'm not sure about two things here; first,
    I fear a hardware incompatibility between the old SCSI controller installed
    on the DC and Windows 2003, and I just don't want to run the upgrade wizard
    only to get a blue screen after rebooting; I never ran a direct upgrade (I
    don't trust them), so I'm asking here: is there any way to supply hardware
    drivers to Windows 2003 during the upgrade phase, if the old ones aren't
    working (they are for Windows 2000) and the system doesn't have its own
    ones?
    The second problem is, how does the domain rename operation impact on client
    computers? Do they continue to work as if nothing happened, or do they
    require a domain rejoin or something similar? In the latter case, the whole
    operation would be useless... better to join them to the new domain
    altogether.

    Anyway, let's suppose I manage to rename the old domain, so I can use the
    ADMT to migrate users to the new one. I've read lots of documentation about
    this, and I know the whole procedure quite well, so I think I can handle it
    (damn, I'm a MCSE... if I can't do it, who can? :) ), but I still have some
    doubts.

    First one: the old domain used to have an Exchange 2000 server, which died;
    so, Exchange attributes are still wandering around the directory, users have
    non-working e-mail addresses and mailboxes, and there is a whole Exchange
    organization relying on a server which isn't there, so it can't simply be
    uninstalled. I've tried the Exchange setup with the /removeorg switch, but
    it failed with some errors... and I don't want to manually edit the AD. Can
    I try to re-install Exchange on a server in the old domain, so to be able to
    remove it afterwards? Will it work? And, the most important thing, how does
    this affect the ADMT when migrating users? Can I configure it to not migrate
    Exchange-related attributes?
    Second doubt: after running the ADMT, what needs to be done on each client
    to have it running on the new domain? Does it need a rejoin and/or something
    else? I know the user account will work (at least as long as the trust
    relationship is still there) and the user profile will be preserved, but
    what steps are to be actually done for each computer?

    Thanks for any help.

    Massimo
     
    Massimo, Nov 18, 2004
    #1
    1. Advertisements

  2. Massimo

    Herb Martin Guest

    It is very difficult if not impossible to migrate from a domain to another
    with the SAME NAME. Generally this just doesn't work since trusts
    (NetBIOS based) are required and there are other conflicts.

    If you are determined to use a "new" domain then this may be your best
    course. You could export and import the users (they will be new users
    in a new domain of course) to avoid most of the "prone to errors" issues.

    LDIFDE can do such export/import.

    I am however a BIG believer in UPGRADES, especially where the name
    must not change.
    Why not just put one of the "new" DCs in the old domain, DCPromo it,
    and thereby upgrade the old domain with the new DC?

    Remove the old DCs; add the other new DCs and clean up the mess (whatever
    that is.)
    No, the client computers would need to be removed and joined to the
    new domain.
    You cannot rename a Win2000 Domain -- you can only rename a Win2003
    (or NT) domain under SPECIAL cases.
     
    Herb Martin, Nov 18, 2004
    #2
    1. Advertisements

  3. Massimo

    Massimo Guest

    Luckily, I tought in advance about possible NetBIOS conflicts (the two
    domains are running on the same physical network), and gave the new domain a
    different NetBIOS name (it's also more suited to the organization's name);
    only the DNS name should remain the same.
    Anyway, the old domain needs to be renamed for ADMT to work, even if only
    the DNS name is the same, so I'm already prepared for this.
    I thought about this, of course, and I'll use it if the ADMT solutions
    doesn't work; but, as you can see, the most difficult part is not typing in
    usernames... it's preserving and migrating their user profiles and their
    documents (which are all stored locally on their computers).
    Ordinarily, I would've done it... but, as I described, the old domain is in
    such an awful state I doubt it can be ever cleaned up.
    That's the simplest solution, of course.
    But there is a defunct Exchange 2000 organization in the old domain, and it
    can't be removed because its one and only Exchange server died and was
    dismissed without properly uninstalling it; In the user's accounts there are
    attributes about non-working e-mail addresses and unreachable mailboxes that
    were hosted on that server, and so on. I'm quite sure a new Exchange
    organization won't install in such a mess, so I went for the "whole new
    domain" approach.
    It's mainly the one I described above, and there are also lots of wrong
    and/or broken GPOs (lots of testing was done by former network
    administrators).
    Really?
    How can the users continue to work after a domain rename operation, then?
    So, the domain rename (which is only a step to migrating users) is going to
    take almost as long as simply joining the new domain? It can't be like
    this... what is domain rename good for, then, if it doesn't have any
    advantage on creating new domains?
    As I said before, if I'm to rename the old domain, I'll upgrade its DC to
    Windows 2003.

    BTW; are you sure a NT domain can be renamed? Never heard about this...

    Massimo
     
    Massimo, Nov 18, 2004
    #3
  4. Massimo

    Massimo Guest

    I've verified this... the domain rename operation only requires a double
    reboot of every member computer, unless it's running Windows NT 4.0, which
    actually needs a re-join.

    Massimo
     
    Massimo, Nov 18, 2004
    #4
  5. Massimo

    Herb Martin Guest

    I thought about this, of course, and I'll use it if the ADMT solutions
    You can overcome this problem easily by changing the
    user properties to all point to a central server and forcing
    them to logon from their favority machine (to convert the
    correct Local profile to their respective Roaming profile.)

    Then move the profiles in bulk if necessary to the new machines
    where you do the same thing -- pointing at the profile location.
    All the default GPOs can be easily restore with an MS tool/procedure.
    Not quite -- I misunderstood your question somewhat -- the "join" of the
    new domain is required if it is a new domain with the same or different
    name.

    You must however do something (practically) equivalent if you manage
    to change a domain name however (only NT and Win2003 in Win2003
    Server mode.)

    The machines must each be told of the domain name change in the
    System Control Panel (or equivalent.)
    They cannot do so completely. They can use their machines the
    same as if there is no DC or (equivalent) they are off the network,
    e.g., traveling laptops.
    Not much. Domain rename has always been an extremely tedious
    process -- suitable for only very small domains or those large
    domains that have no viable choice.
    Yes. It's has been documented in TechNet/KB for years.
     
    Herb Martin, Nov 18, 2004
    #5
  6. Yes, Herb has detailed the questions.

    about NT domain rename, please see the article below:

    How to Rename a Domain
    http://support.microsoft.com/default.aspx?scid=kb;en-us;169741

    Any update, let us get in touch!

    Best regards,

    Rebecca Chen

    MCSE2000 MCDBA CCNA


    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security

    =====================================================

    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.

    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Rebecca Chen [MSFT], Nov 19, 2004
    #6
  7. Massimo

    Massimo Guest

    Mmm, nice point, but we're not implementing roaming profiles now (and we
    won't, it's not part of this project) so there isn't much storage space
    available; and many users have *lots* of files in their Documents folders.
    Also, remember roaming profiles don't preserve Outlook/Outlook Express's
    databases, and we *can't* have the users lose them.
    Yes, this can be fixed; it's the Exchange thing that scares me.
    I looked up this on Microsoft's docs for domain renaming, and it says member
    computers only need a double reboot, and will then continue to work just
    like before.
    But it's quite unsupported, isn't it?

    Massimo
     
    Massimo, Nov 19, 2004
    #7
  8. Massimo

    Herb Martin Guest

    Mmm, nice point, but we're not implementing roaming profiles now (and we
    USMT is the answer (usually the best answer) for such items.
    USMT = User State Migration Tool
    Not that I know -- I don't recall any specific disclaimers in
    those procedures but it has probably been years since I read
    them fully.

    In any case, many things are technically unsupported but clearly
    documented by Microsoft -- and work quite well.

    In such cases, the "unsupported" merely means that IF you mess
    up you systems Microsoft doesn't have to help you even if you
    have a support agreement.

    It doesn't even mean that they "won't" help you, just that they can
    refuse if you screw it up. (Usually they help anyway.)
     
    Herb Martin, Nov 19, 2004
    #8
  9. Massimo

    Massimo Guest

    Yes, yes.
    But I'm looking for a way to do almost all of the work on the servers,
    without the need to do something on each of the client; I'm the only person
    on this project, and I really don't want to have to do things on each
    computer on the network.
    If I can find a way to work only on the servers, even if it's a lot more
    difficult, this is what I want to do.

    Massimo
     
    Massimo, Nov 20, 2004
    #9
  10. Massimo

    Herb Martin Guest

    Also, remember roaming profiles don't preserve Outlook/Outlook
    Express's
    You are going to lose the items such as OE and Outlook unless
    you manage it with roaming profiles or otherwise do it manually.

    These items are NOT going to just fold into new accounts
    unless you do an UPGRADE and avoid creating those new
    accounts for the users.
     
    Herb Martin, Nov 20, 2004
    #10
  11. Massimo

    Massimo Guest

    This is the main reason I'm looking for a way to migrate users, i.e. ADMT.
    But I have to rename the old domain, to use it.

    Massimo
     
    Massimo, Nov 21, 2004
    #11
  12. Hi Massimo,

    I have read the whole thread and understand you have the following concerns:
    1. The domain name should be remained the same, before/after the migration.
    2. The old SCSI controller mighte not support win2k3 server.
    3. User profile should be remained.

    If so, you can use the following upgrade process, it is not an in-place
    upgrade.


    1. Run Adprep /forestprep, Adprep /domainprep on win2k server.
    2. Install win2k3 on your new machine and join it to the win2k
    domain.
    3. Promote win2k3 to be a backup DC. This process will replicate
    user/computer accounts from 2k to 2k3.
    4. Install AD-integrated DNS on 2k3, this process will auto
    replicate DNS from 2k to 2k3.

    5. Move Global Catalog
    6. Switch FSMO Roles to new server.

    By using this process, you don't need to use ADMT to migrate the user
    accounts since the AD info/user accounts/DNS will be replicated when you
    promote win2k3 server to be an additional DC in the existing win2k domain.
    User profiles are also kept intact.

    More details, please refer to the following article:
    How to upgrade Windows 2000 domain controllers to Windows Server 2003
    http://support.microsoft.com/?id=325379

    HTH!

    Best regards,

    Rebecca Chen

    MCSE2000 MCDBA CCNA


    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security

    =====================================================

    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.

    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Rebecca Chen [MSFT], Nov 22, 2004
    #12
  13. Massimo

    Herb Martin Guest

    Well, he has been resisting the upgrade and I keep
    hinting (or insisting) this is usually the best method.
     
    Herb Martin, Nov 22, 2004
    #13
  14. Massimo

    Massimo Guest

    Yes, I know this process quite well, thanks :)
    Normally I'd have used it... but the main concern here is the dirty state of
    the old domain, which has a dead Exchange organization, based on a server
    that's not there anymore (and nobody uninstalled it before removing it). I
    fear that, by replicating the whole AD database, a new Exchange 2003
    organization won't install and run in the domain. Also, I fear the old AD
    can be quite corrupted, since 1) some administrators did *a lot* of
    thinkering with it, and 2) the old servers encountered a lot of hardware
    problems (that's the main reason we're replacing them).

    Massimo
     
    Massimo, Nov 22, 2004
    #14
  15. Hi Massimo,

    I understand....Your concerns make sense.

    What is kind of AD information do you want to migrate? If you only plan to
    migrate the user accounts and you plan to take the old win2k server
    offline, you may consider using csvde or LDIFDE to export AD schema and
    user accounts to a text file, and then import them into win2k3 server. This
    means you create the user accounts by using a batch file, in other word,
    you create a new user account in win2k3 server with the same name in
    win2k. However, the user profile, the group relationship etc has lost. You
    need to use other tools to migrate them, such as USMT as Herb has suggested.

    For more details, please refer to the following article:
    Using LDIFDE to Import and Export Directory Objects to Active Directory
    http://support.microsoft.com/kb/q237677/


    Actually, another better method is to add a intermin domain. I mean, you
    can consider the following process:

    1. Install win2k or win2k3 server on the third machine, let us call this
    machine InterimSrv. DCpromote this machine to be a new domain, let us call
    it InterimDom.
    2. Use ADMT to migrate the info from your old win2k domain to InterimDom.
    3. Take your old win2k DC offline.
    4. Install win2k3 server on the machine you descriabled.
    5. Promote it to be a DC with the same name as your old win2k domain.
    6. Use ADMT to migrate the info from InterimDom to your win2k3 server.

    Does this process apply your scenario?


    Best regards,

    Rebecca Chen

    MCSE2000 MCDBA CCNA


    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security

    =====================================================

    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.

    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
    --------------------
    <ebLyK#>
    <uFv$>
    <> <cnld50$qrp$>
    <>
    <cnmji7$13s4$>
    <>
     
    Rebecca Chen [MSFT], Nov 23, 2004
    #15
  16. Massimo

    Massimo Guest

    Yes, it could have worked. Luckily, the renaming of the old domain worked,
    so I was able to use the ADMT (details in another message).

    Massimo
     
    Massimo, Nov 23, 2004
    #16
  17. Hi Massimo,

    Oh, do you mean rename win2k domain has worked? Where is another message
    detailed this process? It would be interesting. :)

    Best regards,

    Rebecca Chen

    MCSE2000 MCDBA CCNA


    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security

    =====================================================

    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.

    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
    --------------------
    <ebLyK#>
    <uFv$>
    <> <cnld50$qrp$>
    <>
    <cnmji7$13s4$>
    <>
    <cnq6fa$1s53$>
     
    Rebecca Chen [MSFT], Nov 24, 2004
    #17
  18. Massimo

    Massimo Guest

    Well, after some upgrading to 2003... :)

    Massimo
     
    Massimo, Nov 24, 2004
    #18
  19. Oh, yes, I have read that thread. :)

    Best regards,

    Rebecca Chen

    MCSE2000 MCDBA CCNA


    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security

    =====================================================

    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.

    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
    --------------------
    <ebLyK#>
    <uFv$>
    <> <cnld50$qrp$>
    <>
    <cnmji7$13s4$>
    <>
    <cnq6fa$1s53$>
    <>
    <cns5f0$m77$> <gcFvg#>
     
    Rebecca Chen [MSFT], Nov 24, 2004
    #19
  20. Massimo

    Ghass Guest

    Hi Guys

    Just i like to get your help.

    I want to migrate the windows 2000 server from old hardware to a new hardware.

    and i am affraid from this migration and from the fsmo roles transfer.

    so any one can tell me what i have to do exactly in the fsmo roles,

    what i have to do exactly to migrate the domain controler from 2000

    server to 2003 server domain.

    Regards
     
    Ghass, Nov 28, 2004
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.