Add a Windows 2003 Server to a Windows 2000 Domain
Undoubtedly one of the most exciting things to learn was Win 2K3 server. After seeing what it can do it brought me a new found respect for Bill and his crew.
Situation:
One of the clients were wanted to put a new server in place and add it to the existing domain, keeping all their current users and current shares. basically they users must not even find a difference when logging into the domain and doing work like normal.
The guys who did the upgrade prior to us had left the place in an interesting situtation.
2000 server is based on PDC (Primary Domain Controller) and BDC (Backup Domain Controller).
If configured correctly once the PDC Goes down the BDC kicks in leaving the end users with no hassles to logging into their domain. The BDC Then awaits for the PDC to come back online and give all the respective roles back to the PDC.
This situation however, the previous Company had just plugged in a new server, made it a BDC and removed the PDC from the whole equation. The Company was now due for an upgrade of their server because of their current one being under immense stress as a File Server, Application Server, Domain Controller, DHCP and DNS roles.
Layout:
Old Server >> Windows server 2000
Intel Pentium 4
Intel Server Board
New Server >> Windows server 2003 (Using 2000 Domain)
Intel Xeon Quad Core
Problem:
Because the current server was just a BDC waiting for the PDC it knew to come back online, it was refusing to let us use the New server as the PDC. We wanted to take of as much load as we could from the old server, and without delegating control of the domain to the new Server, the new servers existence would be pointless, because in order for us to add the 2003 server to the existing domain you have to run a series of commands which requires an active PDC.
Solution:
Step 1
First seize the following roles of the dead PDC and give it to the BDC:
__________________
domain naming master
infrastructure master
PDC
RID Master
schema master
__________________
----------------------------------------------------------------------------------
Click Start, click Run, and then type cmd.
At the command prompt, type ntdsutil.
At the ntdsutil prompt, type roles.
At the fsmo maintenance prompt, type connections.
At the server connections prompt, type connect to server, followed by the fully qualified domain name.
At the server connections prompt, type quit.
At the fsmo maintenance prompt, type seize domain naming master.
At the fsmo maintenance prompt, type seize infrastructure master
At the fsmo maintenance prompt, type seize PDC
At the fsmo maintenance prompt, type seize RID master
At the fsmo maintenance prompt, type seize schema master
At the fsmo maintenance prompt, type quit.
At the ntdsutil prompt, type quit.
----------------------------------------------------------------------------------
Step 2
To add a 2003 server to a 2000 Domain >>
On the 2000 server insert the Windows 2003 server Disk2 and
ul find the adprep program, the following commands are based on this specific version.
in command prompt :-
---------------------------------
type: adprep /forestprep
---------------------------------
let it run for a while then
---------------------------------
type: adprep /domainprep
---------------------------------
now wait a while and ul finally be able to add your 2003 server to the existing 2000 Domain.
Problem:
The old DC still exists somewhere on the current domain. and you still wont be able to add new users and we had problems logging into the domain with certain accounts.
Solution:
Follow this ariticle to delete failed DC's from Active Directory:
--------------------------------------------------------
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
--------------------------------------------------------
Now just delegate all control to your new server and ul be able to make all the necessary changes you want
Problem:
We also wanted the shares to come across to the new server and keep the directory structure as well as keeping the permissions previously used on each individual folder.
Solution:
Microsoft have released a nifty program called FSMigrate
it lets you copy over Entire shares, preserving all the structures and contents, and the best part, with no changes to the permissions.
After its done it shares the new folders and removes the shares from the old machine.
Obtain it here
----------------------------------------------------------------------------------------
http://www.microsoft.com/downloads/details.aspx?FamilyID=d00e3eae-930a-42b0-b595-66f462f5d87b&displaylang=en
----------------------------------------------------------------------------------------
*Please consult your system administrator if your new to this. i was fortunate to be under the guidance of Ridzo. shot man, much appreciated!
=)
Situation:
One of the clients were wanted to put a new server in place and add it to the existing domain, keeping all their current users and current shares. basically they users must not even find a difference when logging into the domain and doing work like normal.
The guys who did the upgrade prior to us had left the place in an interesting situtation.
2000 server is based on PDC (Primary Domain Controller) and BDC (Backup Domain Controller).
If configured correctly once the PDC Goes down the BDC kicks in leaving the end users with no hassles to logging into their domain. The BDC Then awaits for the PDC to come back online and give all the respective roles back to the PDC.
This situation however, the previous Company had just plugged in a new server, made it a BDC and removed the PDC from the whole equation. The Company was now due for an upgrade of their server because of their current one being under immense stress as a File Server, Application Server, Domain Controller, DHCP and DNS roles.
Layout:
Old Server >> Windows server 2000
Intel Pentium 4
Intel Server Board
New Server >> Windows server 2003 (Using 2000 Domain)
Intel Xeon Quad Core
Problem:
Because the current server was just a BDC waiting for the PDC it knew to come back online, it was refusing to let us use the New server as the PDC. We wanted to take of as much load as we could from the old server, and without delegating control of the domain to the new Server, the new servers existence would be pointless, because in order for us to add the 2003 server to the existing domain you have to run a series of commands which requires an active PDC.
Solution:
Step 1
First seize the following roles of the dead PDC and give it to the BDC:
__________________
domain naming master
infrastructure master
PDC
RID Master
schema master
__________________
----------------------------------------------------------------------------------
Click Start, click Run, and then type cmd.
At the command prompt, type ntdsutil.
At the ntdsutil prompt, type roles.
At the fsmo maintenance prompt, type connections.
At the server connections prompt, type connect to server, followed by the fully qualified domain name.
At the server connections prompt, type quit.
At the fsmo maintenance prompt, type seize domain naming master.
At the fsmo maintenance prompt, type seize infrastructure master
At the fsmo maintenance prompt, type seize PDC
At the fsmo maintenance prompt, type seize RID master
At the fsmo maintenance prompt, type seize schema master
At the fsmo maintenance prompt, type quit.
At the ntdsutil prompt, type quit.
----------------------------------------------------------------------------------
Step 2
To add a 2003 server to a 2000 Domain >>
On the 2000 server insert the Windows 2003 server Disk2 and
ul find the adprep program, the following commands are based on this specific version.
in command prompt :-
---------------------------------
type: adprep /forestprep
---------------------------------
let it run for a while then
---------------------------------
type: adprep /domainprep
---------------------------------
now wait a while and ul finally be able to add your 2003 server to the existing 2000 Domain.
Problem:
The old DC still exists somewhere on the current domain. and you still wont be able to add new users and we had problems logging into the domain with certain accounts.
Solution:
Follow this ariticle to delete failed DC's from Active Directory:
--------------------------------------------------------
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
--------------------------------------------------------
Now just delegate all control to your new server and ul be able to make all the necessary changes you want
Problem:
We also wanted the shares to come across to the new server and keep the directory structure as well as keeping the permissions previously used on each individual folder.
Solution:
Microsoft have released a nifty program called FSMigrate
it lets you copy over Entire shares, preserving all the structures and contents, and the best part, with no changes to the permissions.
After its done it shares the new folders and removes the shares from the old machine.
Obtain it here
----------------------------------------------------------------------------------------
http://www.microsoft.com/downloads/details.aspx?FamilyID=d00e3eae-930a-42b0-b595-66f462f5d87b&displaylang=en
----------------------------------------------------------------------------------------
*Please consult your system administrator if your new to this. i was fortunate to be under the guidance of Ridzo. shot man, much appreciated!
=)
Comments