Migrating a domain from one domain controller to another, on Windows 2000 o Windows 2003

Print Friendly, PDF & Email

This procedure explains how to get an additional domain controller into a domain and how to migrate the active directory from one server to another (Valid for both MS Windows 2000 How to for MS Windows 2003).

Scenario:

Domain: dominio.com
Current Domain Controller: server01 (172.16.0.1)
Domain controller to which all functions are to be passed: server02 (172.16.0.2).

We start!!!

I'm going to explain exactly how to migrate a domain from one server to another, But you can stop at the pass that interests you, for example if you just want to put in an additional domain controller… Well, that's it, The first thing is once the domain is OK on server01 go to server02 and check that we have the IP network configuration well; we have to indicate that the DNS server of server02 is server01, to resolve our requests for names. Home > Configuration > Panel de Control > Network connections > Properties of “Local Area Connection” > Properties of the “TCP/IP Internet Protocol”.

Once the network is well, is to put server02 in domain as if it were just another position. Go to My Computer with the right mouse button and properties > eyelash “Team Name” and to the “Change…”

We give you the domain name to which you are going to join, In our case “dominio.com” and Accept.

We enter a user who gives us permissions to get into dominio.com, usually the dominio.com administrator

Ok,

Ok,

Restart…

Once server02 has rebooted, we log in to the domain, as a dominio.com administrator

What we're going to do now is join the domain as an additional domain controller. To do this,, Beginning > Execute > dcpromo and we accept.

Following,

Following,

We indicate that we are a DC (Domain Controller) for an existing domain.

The same as before, a user that gives us permissions in the domain to do what we want to do, Usually the domain administrator. Following,

Select which domain we are going to join…

Where the DA DBs will be stored (Active Directory), Default that's fine, Following,

The SYSVOL folder is where all startup scripts will be saved, Policies… that are automatically replicated across all servers, Their location is fine,

The password in case we ever need to enter the server with F8 to repair something.

Next to start joining the domain as DC.

We waited a few minutes…

Finalized, Everything is already well replicated.

A restart of server02 is required for the changes to be reflected.

Once server02 is restarted, the DNS complement must be installed so that it is also the server that resolves the names on the client PCs. If what we are going to do is simply join it to the domain without taking out server01, you don't need to continue with the procedure. Well, to install the DNS plug-in > Beginning > Configuration > Control Panel > Add or remove programs > “Add or remove Windows components”.

Seek “Network Services” and press the “Details…”

We dial with a check “Domain Name System (DNS)” and Accept

It will ask us for the MS Windows CD to continue installing it, Hope…

End,

We open the console and check that the DNS is already configured by the other DNS server (server01) has made a zone transfer automatically. To do this Home > Programmes > Administrative Tools > DNS. Nothing needs to be done.

Once the DNS seems to be working fine on server02, we perform a reconfiguration on the server02's IP network, since the DNS is working perfectly, we will make the name resolution requests ourselves. To do this, in Home > Configuration > Panel de Control > Network connections > Properties of “Local Area Connection” > Properties of the “TCP/IP Internet Protocol”.

What we're going to do now is make it “Global Catalog” (CG) to server02, this must be done WHENEVER we have two domain controllers. Global catalog is a server that responds to login requests from a user or PC; When someone does CTR + ALT + SUP to log in from your PC where you will check that you have entered the password correctly, The interesting thing is if we drop a domain controller, since the DA is up because we have another DC that is also in charge of admitting that they log in. To do so: Beginning > Programmes > Administrative Tools > Active Directory Sites and Services. We move to “Sites” > “Default-first-site name” > Servers > server02. And in NTDS Settings we enter with right click > properties.

Simply select the “Global Catalog” on the General tab.

To migrate the functions of the DA theme, must be done from the AD Users and Teams console (Beginning > Programmes > Administrative Tools), About the domain, right button and “Operations Master…”

It's as simple as going tab by tab by changing the features. Now we're logged in where always, on server02; so it shows us who the domain's Operations Master is; If we want to change that works to server02.dominio.com it's as simple as clicking on “Change…”

Yes

And we accept, confirms that server02 has been set as the operations master and no longer serve01.

What remains is to enter the other two tabs and do the same, both in the “Domain Principal Controller” how in the “Infrastructure”, we click on Change…

Yes

Ok

On the Infrastructure tab, to Change…

Yes

Ok.

Schema Master,

Now, We close the console of “AD Users and Teams, and we open a window of MSDOS, Write “regsvr32 schmmgmt.dll” To migrate the schema server, when you give the “Enter” We will get confirmation, We accept it.

Click on “File” > “Add or remove add-in…”

In the complements we look for the “Active Directory Schema” and click on “Add” and then on “Close” and “Accept”

This shows us what the current schema server is, In this case “Server01”, How do I want to migrate it to another server (SERVER02) First I have to connect to it, for this, Right click on “Active Directory Schema” and we choose “Change the domain controller…”

We type the name of the server we want to migrate to and accept.

To change the server hosting the schema, right-click on “Active Directory Schema” and select “Operations Master…”

Same as before, shows us the current server of “Schema Master”, to migrate it from one to the other (in this case from SERVER01 to SERVER02) Click on “Change…”

With this we have already finished passing all the functions from server01 to server2, Now what's left (If you are interested) is to remove server01 cleanly from our network, for when we want to migrate the domain it does not give us problems or so that it does not get silly.

All this already from server01, We depromote you from the domain like this: Beginning > Execute > Dcpromo.

Following

It warns us that if we remove from a global catalog users may not be able to log in again, but since we have made a global catalog to server02 before, nothing happens.

We do NOT mark the check, since it is not the last server and Next

Following

We check to remove absolutely everything from the old domain and the next one.

A password for the local administrator, since from now on we do not belong to any domain…

Following

Ticking..

End

We reboot and we have the domain completely migrated to server02 and server01 without any function.


Recommended Posts

Implementing Windows LAPS
Read
Implementing FSSOs to integrate Fortigate with Active Directory
Read
SmartCard logins to Active Directory
Read
VPN with Citrix NetScaler III - Authentication with certificates
Read

Author

by Héctor Herrero 
nheobug@bujarra.com
Autor del blog Bujarra.com Cualquier necesidad que tengas, Do not hesitate to contact me, I will try to help you whenever I can, Sharing is living ;) . Enjoy documents!!!

Migrating a Windows NT File Server to Windows 2000 o Windows 2003

21 de October de 2008

Migrate the IAS server - Internet Authentication Server or RADIUS on a Windows 2000 to Windows 2003

21 de October de 2008