• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Upgrading a server...

D

dawks

Diamond Member
Howdy,

We are looking at upgrading our current old server (running Active Directory on Windows 2000) to a new box and upgrading to Server 2003 R2.

I'm not sure how to go about doing this (partition size issues)....

Maybe the best way is to just install Server 2003 on the new box, and import the AD data? How does one do this? Install AD, then 'restore' the system state data? Maybe I'll need to upgrade the 2000 Server OS to Server 2003, then export, and import the system state data on the new box?

Thanks...
 
Why not bring the 2nd server up as a domain controller as well so you have some redundancy in case one server fails?
 
Thats a possibility. So we'd install Server 2003 on the new box, run dcpromo, and make it a domain controller in the new domain. Never thought of that. That would take care of migrating user accounts and such? At that point we could take the old 2000 Server offline, and/or upgrade it to server 2003...
 
Originally posted by: dawks
Thats a possibility. So we'd install Server 2003 on the new box, run dcpromo, and make it a domain controller in the new domain. Never thought of that. That would take care of migrating user accounts and such? At that point we could take the old 2000 Server offline, and/or upgrade it to server 2003...
Click to expand...

no at that point you would want to full backup the old 2000 box, then wipe it and install a fresh 2003 R2 server (which you could make a domain controller if you wanted).

May I ask why you are upgrading hardware on a DC? Most DC's don't need much horsepower unless you have multiple thousands of machines in the domain, or the DC is not just a DC. For example, a 512mb / 500mhz p3 would make a perfectly good domain controller for all but the biggest corps.

Also, if you have new hardware, have you looked at VM'ing it out? this way you could create a DC in a VM machine that would be hardware transparent and could run on literally any hardware, and would never need to be re-installed...



 
Originally posted by: ebaycj
Originally posted by: dawks
Thats a possibility. So we'd install Server 2003 on the new box, run dcpromo, and make it a domain controller in the new domain. Never thought of that. That would take care of migrating user accounts and such? At that point we could take the old 2000 Server offline, and/or upgrade it to server 2003...
Click to expand...

no at that point you would want to full backup the old 2000 box, then wipe it and install a fresh 2003 R2 server (which you could make a domain controller if you wanted).

May I ask why you are upgrading hardware on a DC? Most DC's don't need much horsepower unless you have multiple thousands of machines in the domain, or the DC is not just a DC. For example, a 512mb / 500mhz p3 would make a perfectly good domain controller for all but the biggest corps.

Also, if you have new hardware, have you looked at VM'ing it out? this way you could create a DC in a VM machine that would be hardware transparent and could run on literally any hardware, and would never need to be re-installed...
Click to expand...

We'll mostly for space. Our current box only has a few SCSI drives, and no open drive bays. The only way to get the storage we want (in SCSI) would cost almost as much as a new box anyway. Plus we'd like to do more in the future.

Our current server is a P3 600 with 1gig ram, but only 12gigs in storage.

VM might be a very good idea.

We're a non profit so cost efficiency is critical.
 
Originally posted by: dawks
Thats a possibility. So we'd install Server 2003 on the new box, run dcpromo, and make it a domain controller in the new domain. Never thought of that. That would take care of migrating user accounts and such? At that point we could take the old 2000 Server offline, and/or upgrade it to server 2003...
Click to expand...

Unless, you have a reason to create a new domain. Join the new server to the current domain and then run DCPROMO on the new server. Then the two AD domain servers will synch the AD data.

VM'ng a domain controller is away to go even if it is just for disaster recovery.

Something the company I work for is trying, 1st DR test after conversion to Windows 2003, and I still need to work out the exact steps. We have a virtual instance of a domain controller, no DNS server, that we bring up every 3 months and let it synch to the hardware based DC's. Then we copy the virtual server files to a externalhard drive. It takes some work to seize the various roles but a lot less than it would be restoring a backup.
 
Originally posted by: ebaycj
Originally posted by: dawks
Thats a possibility. So we'd install Server 2003 on the new box, run dcpromo, and make it a domain controller in the new domain. Never thought of that. That would take care of migrating user accounts and such? At that point we could take the old 2000 Server offline, and/or upgrade it to server 2003...
Click to expand...

no at that point you would want to full backup the old 2000 box, demote it then wipe it and install a fresh 2003 R2 server (which you could make a domain controller if you wanted).

May I ask why you are upgrading hardware on a DC? Most DC's don't need much horsepower unless you have multiple thousands of machines in the domain, or the DC is not just a DC. For example, a 512mb / 500mhz p3 would make a perfectly good domain controller for all but the biggest corps.

Also, if you have new hardware, have you looked at VM'ing it out? this way you could create a DC in a VM machine that would be hardware transparent and could run on literally any hardware, and would never need to be re-installed...
Click to expand...

Added a critical step you missed.
 
Originally posted by: PELarson
Originally posted by: dawks
Thats a possibility. So we'd install Server 2003 on the new box, run dcpromo, and make it a domain controller in the new domain. Never thought of that. That would take care of migrating user accounts and such? At that point we could take the old 2000 Server offline, and/or upgrade it to server 2003...
Click to expand...

Unless, you have a reason to create a new domain. Join the new server to the current domain and then run DCPROMO on the new server. Then the two AD domain servers will synch the AD data.

VM'ng a domain controller is away to go even if it is just for disaster recovery.

Something the company I work for is trying, 1st DR test after conversion to Windows 2003, and I still need to work out the exact steps. We have a virtual instance of a domain controller, no DNS server, that we bring up every 3 months and let it synch to the hardware based DC's. Then we copy the virtual server files to a externalhard drive. It takes some work to seize the various roles but a lot less than it would be restoring a backup.
Click to expand...

The new domain part was a typo/brainfart.

Thanks for the help guys.
 
I guess I misunderstood what you were saying. If you have some catastrophe, and you seize all the roles to the VM and metadata cleanup all the other DCs, then that's ok. But if you take a snapshot of a VM DC and then restore that snap at a later date, you will be screwed.
 
Originally posted by: stash
I guess I misunderstood what you were saying. If you have some catastrophe, and you seize all the roles to the VM and metadata cleanup all the other DCs, then that's ok. But if you take a snapshot of a VM DC and then restore that snap at a later date, you will be screwed.
Click to expand...

I'm pretty sure he was talking about keeping the VM active...not a onetime snapshot.
 
Originally posted by: SoulAssassin
Originally posted by: stash
I guess I misunderstood what you were saying. If you have some catastrophe, and you seize all the roles to the VM and metadata cleanup all the other DCs, then that's ok. But if you take a snapshot of a VM DC and then restore that snap at a later date, you will be screwed.
Click to expand...

I'm pretty sure he was talking about keeping the VM active...not a onetime snapshot.
Click to expand...

The idea, and it wasn't my original idea, is to have a virtual instance of a domain controller that is started on a regular basis and allowed to synch with the other domain controllers. The original idea was that if the AD became corrupt you could use the virtual instance to recover quicker.

I decided to try and take it one step further. Use the virtual domain controller as a better starting point for disaster recovery than a backup file.
 
on the VM issue also, let's say your server hardware gets fried, but your storage is intact. Then you would move those VM files to a new box with VMWare on it and you wouldn't have to worry about hardware and driver issues with moving your OS.

If you have multiple VMWare servers and use shared storage, than you wouldn't even have to waste time moving hardware, just start up the VM on a different server.

As for keeping the Windows 2000 as a redundant DC, unless I'm mistaken, you lose some abilities if not ALL of your DCs are Windows 2003. So, I would suggest demoting the Windows 2000 DC, wipe the harddrive and install a Windows 2003 DC on that system.
 
Use the virtual domain controller as a better starting point for disaster recovery than a backup file.
Click to expand...
I'm not sure it really is a better starting point though, because now your data is only as good as the last time the virtual DC was started and synced.

If your AD suffers such a catastrophic failure that it requires you to go the virtual DC, you are essentially doing a forest recovery. So if you do the forest recovery using a virtual DC or a forest recovery using backups, it will take pretty much the same amount of time. In both cases, you will need to seize roles, metadata clean all other DCs and then rebuild/repromote DCs back into the environment. But backups are more likely to have more current data.

Another thing that some orgs do a a lag site, where you have a separate site that only replicates once a week or something. Neither of these methods (lag site or a virtual DC that is only online once in awhile) is a supported recovery method.
 
Running VMs for DR purposes is great but only if you pretty much treat it like a physical box.

This means keeping it online and synced with the other DCs at all times and backing it up from within the VM on a regular basis using an AD aware backup utility

Where it comes in handy is when you lose the physical hardware it's sitting on you can restore to a different physical server without the pain and unreliability of a dissimilar hardware restore.

What is bad joo-joo: Keeping a VM around and taking periodic snapshots of it, or merely bringing it online from time to time.


For the OPs migration:
1. Bring up a 2nd DC in a virtual machine with w2k loaded. Dc promo it up as a second DC. Any physical hardware will do. Use a PC in the office if you need. Move fsmo to it.
2. Bring your new box online as a 2003 member. If you have dns, dhcp, wins or such install these here. This will be your new DC but not just yet. Replicate with existing boxes, then point all clients over to it for network services. Run like this for a few days to be sure things are fine. (say a full dhcp lease duration)
3. Take the old physical DC offline and set it aside.
4. Inplace upgrade the Virtual Machine from 2000 to 2003. You do this in the VM because the inplace upgrade is guaranteed not to have glitches. You don't want the domain upgrade failing because some driver works in 2000 but not 2003.
5. If things are looking good, dc promo the new physical box. If still good, transfer fsmo roles to it. Note: be sure things are looking good. You can bring the old box online at any time to roll back but the domain is now 2003 so you would have to shut down the two existing DCs.
6. After a couple weeks, flatten the old DC and put it to use elsewhere. If you were putting the virtual DC on a pc in the office you could move the virtual machine back on here.


Stash and guys: Correct me if I'm wrong but this should ensure there is no single point of failure during the process and if anything goes wrong at any step there is a safe rollback process.



 
To add the 2003 server as a DC to the 2000 domain, dont you have to run adprep/forestprep on the 2000 DC before adding the 2003 machine?
 
By the way OP, Longhorn server will probably be out within the next 12 months, so why not wait for that? I mean, you waited 7 years to go from 2000 to 2003, why not one more year. You could at least purchase the Longhorn licenses and install 2003 if you want; then when you feel Longhorn has proven itself enough after release, then migrate to it with no additional cost.
 
Stash and guys: Correct me if I'm wrong but this should ensure there is no single point of failure during the process and if anything goes wrong at any step there is a safe rollback process.
Click to expand...
Your process would work, but I probably wouldn't do it that way. I'm working on a 2000->2003 migration with a customer right now, and this is how we're doing it:

* Disable outbound replication on the schema master and run domainprep and forestprep to get the schema to version 31 (2003 R2). After a successful schema upgrade, re-enable replication
* Join a 2003 server to the domain and then promote it to a DC. Install DNS, transfer all FSMO roles and make it a GC. This will be a temp DC.
* Demote the first 2000 DC you want to uprade to 2003, and clean all references to it from the domain, site, DNS, etc. At this point, the replacement 2003 server is in a workgroup with a temporary name and IP.
* Once the former 2000 DC is offline, change the name and IP of the 2003 server to the name and IP of the former 2000 server. Join it to the domain as a member server and then promote it to a DC. Install DNS after promoting.
* Replace all 2000 DCs in this manner and then when all are replaced, transfer the FSMO roles and demote the temporary 2003 DC.
 
Originally posted by: DrGreen2007
To add the 2003 server as a DC to the 2000 domain, dont you have to run adprep/forestprep on the 2000 DC before adding the 2003 machine?
Click to expand...

In the scenario I mentioned above this doesn't actually occur. In step 2 the 2003 box is just a member. In step 4 the first 2003 DC (a VM) gets introduced at the same time the domain is upgraded.



Stash:
That sounds like good stuff too. How would you translate it to the OPs environment with his limited servers? It seems like VMs would again come in handy for him at least during the upgrade process.
 
That sounds like good stuff too. How would you translate it to the OPs environment with his limited servers? It seems like VMs would again come in handy for him at least during the upgrade process.
Click to expand...
Yeah definitely. You're right, it would need to be modified a bit. If the OP currently has just one DC, I would probably use at least two VMs. The first VM should be an additional 2000 DC. That way if the schema upgrade goes bad, he can recover back to his original state (provided he disables outbound repl on the schema master while extending, as we recommend). If the schema gets borked, you seize the roles to the 2000 VM, metadata clean the physical DC, and then wipe and reload the physical 2000 DC (or at least do a dcpromo /forceremoval and then re-promote it).

Once the schema is upgraded, I would add a second VM, a 2003 DC. Once that's up, he can transfer all the roles from the original (non-virtualized) DC to the new 2003 DC and then demote it, wipe it, install 2003 and promote it back into the domain. Once everything is stable, demote the 2000 VM and convert the domain and forest to 2003 functional mode. Then he can demote the 2003 VM if he wants.

Hopefully that makes sense 🙂
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top