domain controller migration

Discussion in 'Server Migration' started by ronaldo, Jan 7, 2010.

  1. ronaldo

    ronaldo Guest

    I have a windows 2000 advance server sp4,
    Because of hardware upgrade,I want to upgrade it window 2008 server.

    This windows 2000 is only dc of a domain,
    In order to migrate everything (e.g.
    user account, policy, file share, security.....) of this server to new
    does microsoft have any suggested procedure on this issue?

    thank you
    ronaldo, Jan 7, 2010
    1. Advertisements

  2. Hello ronaldo,

    There is no way to inplace upgrade a Windows server 200 to Windows server
    2008 directly. See here about a way to do it:


    - Do you use any kind of Exchange in the 2000 domain? If yes, which one?

    - On the old server open DNS management console and check that you are running
    Active directory integrated zone (easier for replication, if you have more
    then one DNS server)

    - run replmon from the run line or repadmin /showreps(only if more then one
    DC exist), dcdiag and netdiag from the command prompt on the old machine
    to check for errors, if you have some post the complete output from the command
    here or solve them first. For this tools you have to install the support\tools\suptools.msi
    from the 2000 installation disk.

    - run adprep /forestprep and adprep /domainprep and adprep /domainprep /gpprep
    and adprep /rodcprep from the 2008 installation disk against the 2000 schema
    master(forestprep) / infrastructure master(domainprep/rodcprep), with an
    account that is member of the Schema/Enterprise/Domain admins, to upgrade
    the schema to the new version (44) or 2008 R2 (47)

    - you can check the schema version with "schupgr" or "dsquery * cn=schema,cn=configuration,dc=domainname,dc=local
    -scope base -attr objectVersion" without the quotes in a command prompt

    - Install the new machine as a member server in your existing domain

    - configure a fixed ip and set the preferred DNS server to the old DNS server
    only, think about disabling IPv6 if you are not using it, some known problems
    exist with it. Follow (
    to disable it

    - run dcpromo and follow the wizard to add the 2008 server to an existing
    domain, make it also Global catalog and DNS server.

    - for DNS give the server time for replication, at least 15 minutes. Because
    you use Active directory integrated zones it will automatically replicate
    the zones to the new server. Open DNS management console to check that they

    - if the new machine is domain controller and DNS server run again replmon,
    dcdiag on both domain controllers. For using netdiag.exe on 2008, NOT 2008
    R2, you have to download and install (,
    ignore the compatibility warning, or extract netdiag.exe only and copy it

    - Transfer, NOT seize the 5 FSMO roles to the new Domain controller (
    applies also for 2008/2008R2), FSMO should always be on the newest OS DC

    - after transfer of the PDCEmulator role, configure the NEW PDCEmulator to
    an external timesource and reconfigure the old PDCEmulator to use the domainhierarchie
    now. Therefore run on the NEW "w32tm /config /manualpeerlist:pEERS /syncfromflags:manual
    /reliable:yes /update" where PEERS will be filled with the ip address or
    server( and on the OLD one run "w32tm /config /syncfromflags:domhier
    /reliable:no /update" and stop/start the time service on the old one. All
    commands run in an elevated command prompt without the quotes.

    - you can see in the event viewer (Directory service) that the roles are
    transferred, also give it some time

    - reconfigure the DNS configuration on your NIC of the 2008 server, preferred
    DNS itself, secondary the old one

    - if you use DHCP do not forget to reconfigure the scope settings to point
    to the new installed DNS server

    Demoting the old DC(if needed)

    - reconfigure your clients/servers that they not longer point to the old
    DC/DNS server on the NIC

    - to be sure that everything runs fine, disconnect the old DC from the network
    and check with clients and servers the connectivity, logon and also with
    one client a restart to see that everything is ok

    - then run dcpromo to demote the old DC, if it works fine the machine will
    move from the DC's OU to the computers container, where you can delete it
    by hand. Can be that you got an error during demoting at the beginning, then
    uncheck the Global catalog on that DC and try again

    - check the DNS management console, that all entries from the machine are
    disappeared or delete them by hand if the machine is off the network for ever

    - also you have to start AD sites and services and delete the old servername
    under the site, this will not be done during demotion

    Best regards

    Meinolf Weber
    Meinolf Weber [MVP-DS], Jan 7, 2010
    1. Advertisements

  3. ronaldo

    ronaldo Guest

    In the case is very simple one.
    In the windows 2000 AD, there are 1 and only 1 server.
    We have no exchange server in the AD.
    We use the 2000 server as file server.
    So, does it make the migration simpler?
    ronaldo, Jan 11, 2010
  4. Hello ronaldo,

    Then you can follow the way described before.

    Best regards

    Meinolf Weber
    Meinolf Weber [MVP-DS], Jan 11, 2010
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.