Adding a New Windows 2K3 64bit DC and trasfering roles

Discussion in 'Server Migration' started by Dave Pearce, Mar 7, 2008.

  1. Dave Pearce

    Dave Pearce Guest

    Please could someone give me the thumbs up or down!

    I have a 2k3 domain with 3 DC's
    SVR1 (Orignally the first)
    SVR2 (another DC box) and
    SVR3 (VM inside another box)

    I want to replace SVR1 (holds all the FSMO roles etc and DNS) DHCP done
    seperatly

    So i DCPROMO new Box called SVR4 and transfer roles in AD U&C "operations"
    and install DNS and export and import the data.

    Also change the scripts for GPO to point to the SVR4 now as SVR1 will be
    decomissioned.

    Is this ok? Anything else i need to do?

    Many Thanks!!
     
    Dave Pearce, Mar 7, 2008
    #1
    1. Advertisements

  2. Hello Dave,

    You have to move 5 FSMO roles:
    http://support.microsoft.com/kb/324801

    Also you have to make at least one other DC global catalog server, open Active
    directory Sites and Services and then double-click sitename, double-click
    Servers, click your domain controller, right-click NTDS Settings, and then
    click Properties, on the General tab, click to select the Global catalog
    check box (http://support.microsoft.com/?id=313994)

    Better make all DC's Global catalog and think also about one additional DNS
    server, use Active directory integrated zones, so DNS will be replicated
    via AD, much more easier, also if you install a new DNS server you only have
    to wait for replication and it's done.

    Did you reconfigure the clients DNS settins to the new DNS?

    Before demoting the old server run replmon, dcdiag and netdiag to check for
    errors on all dc's.

    Best regards

    Meinolf Weber
     
    Meinolf Weber, Mar 7, 2008
    #2
    1. Advertisements

  3. Dave Pearce

    Dave Pearce Guest

    Thanks for the quick reply!

    The IP Address of this new server will be the same as the old one was
    therefore DNS and DHCP shouldnt be a problem.

    One last question, what is best practice in terms on DNS server's currently
    DHCP lists DNS for....

    first... Domain Controller
    seond.... ISP DNS
    third... ISP DNS

    therefore if my primary DC fails DNS fails i.e AD hows best to get round this.

    Regards
    Dave
     
    Dave Pearce, Mar 7, 2008
    #3
  4. Hello Dave,

    In a domain NEVER point to ISP's DNS on the NIC of the machines. All domain
    machines, servers and workstations, have to point to your internal DNS server.
    On the DNS server you have to configure FORWARDERS to your ISP's DNS server.
    On the NIC only set prefeered DNS1 and secondary DNS2 if you have more then
    one.

    Also use more then one DNS server like i stated in my first answer.

    Best regards

    Meinolf Weber
     
    Meinolf Weber, Mar 7, 2008
    #4
  5. Dave Pearce

    Dave Pearce Guest

    Thanks, theyare setup as forwardeds too, i'll get them removed from the list
    and setup our second dns as the next entry if the first server doesnt reply...

    One of the issues we have is taht the scripts use files lcoated on the first
    server and we map unc's from them i.e \\SVR1\MSI$ etc. I have been looked at
    environement variables to get the machine to look at the currently logon
    server and not a fixed address but the only one i could find was refering to
    logon domain.

    This means if the main box falls over even if we sort the DNS the sciprts
    wouldnt run properly as they are looking at a fixed server UNC path.

    Thanks again for you help.

    Dave
     
    Dave Pearce, Mar 7, 2008
    #5
  6. Hello Dave,

    What kind of script do you run? .vbs .bat etc.

    Best regards

    Meinolf Weber
     
    Meinolf Weber, Mar 7, 2008
    #6
  7. Dave Pearce

    Dave Pearce Guest

    well they are all .cmd. But they include if exisit commands for the clients
    i.e it xcopies down files from a central location on the DC down to the
    client each logon and thats from a fixed UNC path on one server. What i dont
    want to do its put all those folders and files in the SYSVOL becuase of the
    physical size.

    some of the stuff isnt a problem becuase its only running set commands that
    could run from anywhere such as reg keys and cacls etc
     
    Dave Pearce, Mar 7, 2008
    #7
  8. Hello Dave,

    Did your try "%logonserver%" without the quotes?

    Best regards

    Meinolf Weber
     
    Meinolf Weber, Mar 7, 2008
    #8
  9. Dave Pearce

    Dave Pearce Guest

    I tried this but it only worked for the scripts that were run post logon
    prior to that the logon server hasnt been established.

    Well on the way with the migration now, just promoted and setup DNS.
    Operations master next....

    Thanks
    Dave
     
    Dave Pearce, Mar 8, 2008
    #9
  10. Hello Dave,

    Thanks for posting here, and thanks Meinolf for your contribution.

    According to the description, you may follow Meinolf's suggestion to
    migrate the SVR1 to SVR4, which will be helpful to you.

    Analysis and Suggestion:
    ========================

    For you concern about the scripts to copy files from the first server with
    the fixed server UNC path, I would like to suggest that you migrate the
    file share from SVR1 to SVR4 after promotion of SVR4, and then you may
    adjust the target server UNC path i.e. to \\SVR4\MSI$ in the scripts. You
    may simply migrate the file share with File Server Migration Toolkit.

    Additional Suggestion Steps with FSMT:
    ==================================

    1. You may install File Server Migration Tool on the new server.

    2. Launch the File Server Migration Wizard.

    3. Create a new migration project and save it in "C:\FileServerMigration"

    4. When you add source file server, please input hostname (inputting IP
    address of server is not supported)

    5. Please unselect the checkbox of "Resolve invalid Security descriptors"
    and select the checkbox of "Copy security settings"

    6. You may find that all the files and folders with Share and Security
    permission have been replicated to the target server.

    7. Since the Security descriptors (users and groups) are stored in Active
    Directory Database, all the folders and files can be accessible as normally.

    For more information:
    ====================

    Download: Microsoft File Server Migration Toolkit
    http://www.microsoft.com/downloads/details.aspx?FamilyID=d00e3eae-930a-42b0-
    b595-66f462f5d87b&DisplayLang=en

    File Server Migration Toolkit Whitepaper
    http://download.microsoft.com/download/9/6/3/963f5b22-6304-4f15-a2af-35e0b81
    046af/FSMT%20Whitepaper.doc

    I hope all the information will help.


    David Shen
    Microsoft Online Partner Support
     
    David Shen [MSFT], Mar 10, 2008
    #10
  11. Hello Dave,

    How's everything going?

    I'm wondering if the suggestion has helped or if you have any further
    questions. Please feel free to respond to the newsgroups if I can assist
    further.

    David Shen
    Microsoft Online Partner Support
     
    David Shen [MSFT], Mar 12, 2008
    #11
  12. Dave Pearce

    Dave Pearce Guest

    Sorry for not getting back ive been out the office. The migration was
    sucessful. my only remaining issue is around the sciprt side.

    If i have a server i.e SVR1 with some MSI shares for instance for the
    deployment of packages.

    eg

    \\SVR1\MSI$\Acrobat.msi

    etc

    If SVR1 goes down then the issue is that the file shares go with it, so i am
    looking for a way to give that some resilence i.e it look elsewhere for the
    data.

    Regards
    Dave
     
    Dave Pearce, Mar 12, 2008
    #12
  13. Hello Dave,

    Thanks for the feedback.

    For your concern about the file share on the SVR1 server, I would like to
    share some suggestions with you.

    Suggestions:
    ===================

    1. You may migrate the file share from SVR1 to SVR4 after promotion of
    SVR4. You may simply migrate the file share with File Server Migration
    Toolkit.

    2. You may adjust the target server UNC path i.e. to
    \\SVR4\MSI$\Acrobat.msi in the script.

    3. Stop sharing the file share on the SVR1 and let SVR1 be decommission.

    4. Make the new server SVR4 online with the file sharing, and then apply
    the new script with new UNC path on the client side.

    5. After that, the clients can copy the deployment of packages files from
    the new server with the new script even if the file share goes away with
    decommission of the SVR1 server.

    FSMT migration steps:
    ==========================

    1. You may install File Server Migration Tool on the new server.

    2. Launch the File Server Migration Wizard.

    3. Create a new migration project and save it in "C:\FileServerMigration"

    4. When you add source file server, please input hostname (inputting IP
    address of server is not supported)

    5. Please unselect the checkbox of "Resolve invalid Security descriptors"
    and select the checkbox of "Copy security settings"

    6. You may find that all the files and folders with Share and Security
    permission have been replicated to the target server.

    7. Since the Security descriptors (users and groups) are stored in Active
    Directory Database, all the folders and files can be accessible as normally.

    For more information:
    ====================

    Download: Microsoft File Server Migration Toolkit
    http://www.microsoft.com/downloads/details.aspx?FamilyID=d00e3eae-930a-42b0-
    b595-66f462f5d87b&DisplayLang=en

    File Server Migration Toolkit Whitepaper
    http://download.microsoft.com/download/9/6/3/963f5b22-6304-4f15-a2af-35e0b81
    046af/FSMT%20Whitepaper.doc

    I hope all the information will help. Thanks.

    David Shen
    Microsoft Online Partner Support
     
    David Shen [MSFT], Mar 13, 2008
    #13
  14. Hello Dave,

    How's everything going?

    I'm wondering if the suggestion has helped or if you have any further
    questions. Please feel free to respond to the newsgroups if I can assist
    further.

    David Shen
    Microsoft Online Partner Support
     
    David Shen [MSFT], Mar 17, 2008
    #14
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.