DC, DNS, DHCP, WINS 2003 move to 2008

[bankajac]

OK, so I have a server 2003 enterprise running AD, DNS, DHCP and WINS. I just got a new server running server 2008 enterprise and would like to move or migrate everything to that server. Where do I start? Do I migrate AD first or last? Any good guides or advice?

[IrfanL]

If you are just running AD, DHCP and WINS then you can migrate quickly without any complications.

- Install AD service on new Windows 2008 server join it same domain/sub-domain as your 2003 server. This will create appropriate records in AD and DNS. From now on you will be using both servers for your domain.

- For moving DHCP there are two or more ways.

-- First >> Create exact replica of scope in 2008 server as in 2003 server but do not enable it, until you have removed the 2003 server from the network. Dont forget to enable Conflict Detection on 2008 server DHCP.

-- Second >> Creat exact replica of scope in 2008 server as in 2003 server. And exclude first half the scope address from 2003 server and exclude second half of the scope address from 2008 server. Enable Conflict Detection on both 2003 and 2008 DHCP servers. This way you can use both dhcp servers at the same time and when you remove the 2003 server the clients will automatically shift to the new 2008 server.

- For WINS just install and setup the WINS service in 2008 server, and in the active DHCP scopes put 2009 server IP as the WINS server and remove 2003 server IP.

- Once you are confortable with the new 2008 DC, use dcpromo on 2003 server to demote it from AD-DC role.

[Cyber Nemesis]

Extend the 2003 AD schema for 2008 using adprep from the 2008 CD.

Join the 2008 server to the domain, doing this first before dcpromo will help identify any connectivity issue or configuration issues with the existing domain before you run into them in the middle of dcpromo.

DCPromo the 2008 server. this will install the AD DS role, assuming your DNS is AD integrated, install DNS as part of the DCPromo process. **Before you demote your 2003 DC be sure to point the 2008 DC TCP/IP DNS setting to itself**

Move the FSMO roles from 2003 to 2008

DHCP: migrate IPv4 scopes from Windows Server 2003 to Windows Server 2008

1. On the Windows Server 2003 DHCP server, go to a command prompt

2. Type the following: netsh dhcp server \\yourserver export C:\dhcp all

3. Move this file to the new Windows Server 2008 server

4. Type the following: netsh dhcp server \\yourserver import C:\dhcp all

5. Restart DHCP and verify the database has moved over properly

You can refer to KB325473 directly to migrate DHCP database.

http://support.microsoft.com/default.aspx/kb/325473

You seem to imply your environment is a single server, but if you have more than one once you have completed all your 2003 DCs to 2008 DCs migrations consider switching the forest to "Windows Server 2008" mode and migrate to DFS-R replication for sysvol.

[bankajac]

Forgot to add that the Server 2003 is also running DNS.

[Joel]

Extend the 2003 AD schema for 2008 using adprep from the 2008 CD.

Join the 2008 server to the domain, doing this first before dcpromo will help identify any connectivity issue or configuration issues with the existing domain before you run into them in the middle of dcpromo.

DCPromo the 2008 server. this will install the AD DS role, assuming your DNS is AD integrated, install DNS as part of the DCPromo process. **Before you demote your 2003 DC be sure to point the 2008 DC TCP/IP DNS setting to itself**

Move the FSMO roles from 2003 to 2008

DHCP: migrate IPv4 scopes from Windows Server 2003 to Windows Server 2008

1. On the Windows Server 2003 DHCP server, go to a command prompt

2. Type the following: netsh dhcp server \\yourserver export C:\dhcp all

3. Move this file to the new Windows Server 2008 server

4. Type the following: netsh dhcp server \\yourserver import C:\dhcp all

5. Restart DHCP and verify the database has moved over properly

You can refer to KB325473 directly to migrate DHCP database.

http://support.microsoft.com/default.aspx/kb/325473

You seem to imply your environment is a single server, but if you have more than one once you have completed all your 2003 DCs to 2008 DCs migrations consider switching the forest to "Windows Server 2008" mode and migrate to DFS-R replication for sysvol.

You're supposed to use the local admin account, which you can't do once you've promoted your server, unless you use AD Recovery mode.

[bankajac]

I have one DC. Do I need to run all 3 commands on it? adprep /forestprep, adprep /domainprep, adprep /domainprep /gpprep

[bankajac]

Since I don;t have a forest, I am assuming not the first command but the last two? Should I run all three anyways?

[bobbba]

Since I don;t have a forest, I am assuming not the first command but the last two? Should I run all three anyways?

There's always a forest even if there's only one domain there's a forest.

Check your backup and run all 3 commands, you're unlikely to have a problem.

[bankajac]

OK, so I did everything but demote the original DC (did not remove anything yet). How do I know that everything is working properly? For example, the clients still show the old IP for the DNS server and the DHCP server. Will that change once I remove those roles from the old DC? Did I do something wrong since the IP addresses have not been updated to the new server?

[Joel]

You needed to reduce the DHCP lease from the default 8 days to something like 4 hours at least 8 days before making the switch. This way, there is a much shorter time between clients looking to renew/get their settings from your setup. Once the lease time is shortened and they're all on a 4 hour lease, make your change by authorising the new server's DHCP and deauthorising the old one.

[bankajac]

Yes, I was planning on doing that but when I installed DHCP on the new server it installed and authorized. When I right click I can only unauthorize. What should I do now?

Edit: Seems to be working after I unauthorized the old server.

Edited April 30, 2009 by bankajac

[bankajac]

Lastly, I have terminal licensing running on the old server and also on a terminal server 2008. I wanted to have all the licensing on the new domain controller so I deactivated the 2003 open licenses and installed on the new server. I did the same with the 2008 retail licenses but with those I had to contact Microsoft as I could not activate. Did I have this issue because the 2003 licenses were open and the 2008 retail? Just my curiosity at this point as it all works now.

[bankajac]

I get this error when I try to demote the old server:

"The directory service was unable to transfer ownership of one or more floating single-master operation roles to other servers."

I transfered all the FSMO roles and double checked them again. Any ideas?

OOPS, waited a while and I was able to demote. Maybe it was still replicating.

Edited May 2, 2009 by bankajac