NT4 to WS2K3 migration

Discussion in 'Server Migration' started by Manos Anastasiadis, Jun 24, 2004.

  1. Hello all,

    We are in the process of migrating our domain from NT4 to WS2K3
    and we also need to retain our current domain name.

    Our case as you may see is quite complicated and combines
    the requirements of serveral questions posted by other
    people as we've seen in this and other newsgroups.
    However it is a scenario that IMHO may be quite common
    in the industry, excpet probably, the file/print server portion
    of it, which of course is an off-topic on this newsgroup; we
    are currently only interested in the domain/mail portion.
    I'll try to describe our scenario as well as I can.

    [Current Source NT domain FOO (foo.bar.edu)]
    - 1 x NT4SP6a Server - PDC / WINS
    - 2 x NT4SP6a Server - BDC
    - 1 x NT4SP6a Server - Exchange Server v5.5 (mail accounts: )
    - 1 x Samba v2.x on Debian Linux - File / Print Server / DNS (local) :(
    * DNS service is also provided by our homing organization (bar.edu),
    using BIND v8.3.3 (supports dynamic updates).

    [Final, Target domain configuration foo.bar.edu]
    - 2 x WS2K3 Enterprise, Cluster (MSCS), Active Directory,
    Exchange 2003 Enterprise (will be called as S1-S2 in the rest of the
    text)
    - 1 x Samba v3.0 on Debian Linux - File / Print Server (still ... :-(( )
    * Since in other newsgroups/articles we've seen that the configration
    of Exchange 2003 is not supported (why?) on a cluster running AD
    too, we may install it on a standalone member server
    running Windows 2000 Advanced server (we already know
    that there should be a temporary server during the migration
    process, since we've read that the 1st Ex2K3 server in an
    organization _cannot_ be a clustered one so this is not
    actually an overhead).

    In addition, we have over 2000 users that we want to move to the
    new AD-based WS2K3 domain and perform Group restructuring
    as appropriate. One good think is that only a small number of them
    (less than 30) will be active during the migration period.

    Finally, all client workstations are running W2K Pro SP4 (and all post SP4
    hotfixes). However, workstation migration is not an issue as we plan to
    perform a clean install of W2K Pro on all of them from the beginning so,
    they
    can easily just become members of the new domain.

    As a first step, we decided to perform a _migration_ instead of an
    in-place upgrade of NT4 to WS2K3 since:
    - we' ve got brand-new, expensive hardware
    - we want to have a nice-and-clean setup of our new servers
    with no potential NT4 left-overs in registry and system files
    - we want to re-organize our user groups
    We currently have WS2K3 installed on each of the S1 & S2 servers
    that will form the clustered AD. They are currently configured as
    standalone servers (members of a Workgroup) and of course
    MSCS is not yet configured since the docs say that AD
    should be configured first, then go on with forming the cluster.

    We plan to perform the steps described below, but we'd like a
    confirmation if these are adequate.

    a) Taking one of our BDCs off-line.
    b) Create a virtual network using a hub/switch with the S1, S2
    and the BDC mentioned above, which will not be connected
    to the rest of the network, to avoid conflicts.
    c) Setup a another WS2K3 AD to serve as a temporary domain server,
    (as Bob Qin suggested on another similar question, not involving
    Exchange though) and migrate users from the BDC to it using ADMT v2.
    d) Take BDC off
    e) Setup up DNS and AD on S1 using the original domain name;
    the homing organization's DNS (as mentioned in the start) may
    be used to forward requests to it.
    f) Migrate the domain users from the temporary domain to S1
    using ADMT v2 again.
    g) Make S2 a secondary AD.
    h) Form a cluster using S1 and S2.

    At this point we _hope_ that we could take all workstations but a few
    off-line and atempt to be able to use the new AD-based Domain
    and Exchange 5.5-based mail server.
    (* We know that there will be a problem with accessing user files
    stored on the samba server until it is re-configured to work with AD,
    however this will not concern us at this posting).

    This will eventually be the point where we want to proceed
    with Exchange migration from v5.5 to 2003 (another issue
    that will not concern us at this posting), so we need to
    know whether tis plan should work.
    Are there any ideas or objections?
    If this is not going to work, we'd greatly appreciate something like
    a check-list, or a few links to (hopefully in-depth) information.

    Note that we have already read several books / white-papers / articles
    / newsgroup posts etc., however we haven't dropped on something that
    covers the whole picture completely...

    Many Thanks In Advance and a big excuse for the lengthy posting.


    Manos
     
    Manos Anastasiadis, Jun 24, 2004
    #1
    1. Advertisements

  2. Hi Manos,

    As for your scenario, I would like to recommend In-Place Upgrade. It will
    make the process more easily than migration since you prefer to keep the
    original domain name.

    In addition, it will fit all your requirements.

    - we' ve got brand-new, expensive hardware
    [You can install Windows Server 2003 on the new box]
    - we want to have a nice-and-clean setup of our new servers with no
    potential NT4 left-overs in registry and system files
    [you can add a temp NT BDC, after you upgrade to Windows 2003, you can add
    the new clean Windows 2003 box into domain as new DC and remove the temp NT
    BDC]
    - we want to re-organize our user groups
    [It is easy to re-organize the user accounts in Active Directory. If you
    have to move many user accounts, you can also try script ]

    Here is a sample of VB script code that will do this

    Set objOU = GetObject("LDAP://ou=sales,dc=na,dc=fabrikam,dc=com")
    objOU.MoveHere _
    "LDAP://cn=BarrAdam,OU=hr,dc=na,dc=fabrikam,dc=com", vbNullString

    Have a nice day!

    Regards,
    Bob Qin
    Product Support Services
    Microsoft Corporation

    Get Secure! - www.microsoft.com/security

    ====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    ====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Bob Qin [MSFT], Jun 25, 2004
    #2
    1. Advertisements

  3. Hi Bob,

    Thanks for your answer to our problem.

    Yet, in documents and web-casts we've taken into account,
    regarding In-Place Upgrades from NT4 to WS2K3 domains,
    we found that the upgrade should be made to the NT4 PDC
    while at least one synchronized BDC is taken off-line
    (for roll-back).

    To make sure I understood your proposal, you mean that it is possible to:
    a) promote a NT4 BDC to PDC
    b) upgrade to Windows Server 2003 and configure it as an AD DC
    (this will be our First DC in the new Forest)
    c) install AD on a 'fresh' WS2K3 server and configure it as an AD DC
    (replica?)
    d) withdraw the upgraded DC (the original NT BDC that we upgraded in step b)

    Would there be any special considerations regarding FSMO assignments
    or any other settings on the upgraded DC which will be withdrawn
    that we will have to transfer to the new DC before the withdrawal?

    Thanks again, and have a nice weekend!

    Manos
     
    Manos Anastasiadis, Jun 25, 2004
    #3
  4. Hi Manos,

    You need to transfer all the FSMO roles from the first Windows 2003 DC to
    the new clean Windows 2003 DC. Then run DCpromo on the first Windows 2003
    DC to demote it be a member server. As last, you can move it from domain to
    workgroup.

    Please refer to the following document.
    ===
    HOW TO: View and Transfer FSMO Roles in Windows Server 2003
    http://support.microsoft.com/?id=324801

    Have a nice day!

    Regards,
    Bob Qin
    Product Support Services
    Microsoft Corporation

    Get Secure! - www.microsoft.com/security

    ====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    ====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Bob Qin [MSFT], Jun 25, 2004
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.