Windows 2000 server to windows 2008

[unrealism]

ok so I thought I was going to just start ground up with the new 2008 server, but it is going to be too complicated. I know there is some sort of way to add the 2008 server to the 2000 server and then demote/promote etc. Can someone give me instructions or point me in the right direction to add a windows 2008 to a windows 2000 server and make my 2008 a PDC instead of my 2000.

Thanks, sorry for all the Q's.

[sc302 Veteran]

follow these papers

give the 2008 a static ip address

in the 2000 server in the dns go to zone transfers on all ad forward zones and reverse zones and add the ip address of the 2008 server

in the 2008 server enable the dns server

in the 2008 server make secondary dns servers all point to the 2000 server with all forward and reverse zones

in the 2008 server make the primary dns server the 2000 server and the secondary itself

in the 2000 server add the 2008 server as the secondary dns server

follow this to ad prep and forest prep a 2000 domain http://www.petri.co.il/windows-server-2008-adprep.htm

dcpromo the 2008 server onto the existing 2000 domain

follow this to transfer all fsmo roles, this can be done from either server http://support.microsoft.com/kb/255690

dcpromo the old 2000 server to transfer all metadata and dns over to 2008 server and to remove active directory off the 2000 server.

forgive me, I didn't want to type all that out for the fsmo and adprep/forestprep when there are decent enough instructions out there, saves me some typing.

[unrealism]

follow these papers

give the 2008 a static ip address

in the 2000 server in the dns go to zone transfers on all ad forward zones and reverse zones and add the ip address of the 2008 server

in the 2008 server enable the dns server

in the 2008 server make secondary dns servers all point to the 2000 server with all forward and reverse zones

in the 2008 server make the primary dns server the 2000 server and the secondary itself

in the 2000 server add the 2008 server as the secondary dns server

follow this to ad prep and forest prep a 2000 domain http://www.petri.co.il/windows-server-2008-adprep.htm

dcpromo the 2008 server onto the existing 2000 domain

follow this to transfer all fsmo roles, this can be done from either server http://support.microsoft.com/kb/255690

dcpromo the old 2000 server to transfer all metadata and dns over to 2008 server and to remove active directory off the 2000 server.

forgive me, I didn't want to type all that out for the fsmo and adprep/forestprep when there are decent enough instructions out there, saves me some typing.

Thanks big help. I do want to clarify though... the "infrastructure master" is going to be my windows 2008 box correct? I ran adprep /forest prep on my 2000 server and things look good so far.

[sc302 Veteran]

yep, when everything is said and done everything will be on the 2008 server.

[Joel]

Why 2 threads for this?

[sc302 Veteran]

because chicken is good?

[unrealism]

because chicken is good?

Mainly cause I am ignorant and SC302 has been a big help!

I did see a article though that it said that I should run adprep /domainprep /gpprep on the windows 2000 server box and just add the 2008 box to that controller. soo...

Windows 2000 server is my current PDC, I am wanting to add the windows 2008 to it and then promote it. So I ran the adprep /forestprep on the 2000 box... where do I run the /domainprep /gpprep? Just want to make sure. hehe

[sc302 Veteran]

2000 server, you are preparing Active Directory to accept the 2008 server. without it 2008 will not become a dc on the 2000 network. hope that helps you understand a bit better.

follow the directions in the petri article i posted.

[unrealism]

2000 server, you are preparing Active Directory to accept the 2008 server. without it 2008 will not become a dc on the 2000 network. hope that helps you understand a bit better.

follow the directions in the petri article i posted.

ok did all that on my 2000 box, things seem to be looking up except for when I ran the adprep /domainprep /gpprep I got this error... any suggestions?

[sc302 Veteran]

Running domainprep...

Domain-wide information has already been updated.

------------------------------

and your problem is???

[unrealism]

Running domainprep...

Domain-wide information has already been updated.

------------------------------

and your problem is???

oh sorry, i got that error the first time that adprep was unable to complete. I just reran the command again after rebooting, and it still came up. I assume it was trying to run the /gpprep part of it and failed.

[sc302 Veteran]

check the log file to verify.

c:\winnt\debug\adprep\logs\2009blahblahblah\adprep.log

edit: also i just quickly read your other post. I would reinstall 2008 server without the AD on it and use that server as the AD server. if you just dcpromo active directory off of it and join it to the existing 2000 domain you will get event errors that will be near impossible to clear out (take a long time and lots of research). if you are already starting with a fresh 2008 server that did not have active directory prior to this carry on and ignore this edit.

[unrealism]

check the log file to verify.

c:\winnt\debug\adprep\logs\2009blahblahblah\adprep.log

edit: also i just quickly read your other post. I would reinstall 2008 server without the AD on it and use that server as the AD server. if you just dcpromo active directory off of it and join it to the existing 2000 domain you will get event errors that will be near impossible to clear out (take a long time and lots of research). if you are already starting with a fresh 2008 server that did not have active directory prior to this carry on and ignore this edit.

Its a VM box, so I blew it away and started fresh (no AD installed). I ran everything through your list, I got this error and went ahead and clicked yes. Did I miss a step somewhere?

"A delegation for this DNS server

cannot be created because the authoritative parent zone cannot be found or it

does not run Windows DNS server. To enable reliable DNS name resolution from

outside the domain *FQDN*, you should create a delegation to this DNS server

manually in the parent zone. Do you want to continue?"

[sc302 Veteran]

Did you enable zone transfers to the 2008 server? And did you add secondary dns to the 2008 server?

I can pm u a chat link if that will help better.

[unrealism]

Did you enable zone transfers to the 2008 server? And did you add secondary dns to the 2008 server?

I did not add the zone transfer to the 2008 server. I did add my ips in 2008... Pri: 192.168.1.80 (win2008), and Sec: 192.168.1.209 (win2000)

[sc302 Veteran]

You need to setup a dns server on your 2008 server and you need to allow zone transfers to your 2008 server to be able to setup secondary zones

Secondary zones should be setup to allow dcpromo on the 2008 server to happen without fail.

[unrealism]

You need to setup a dns server on your 2008 server and you need to allow zone transfers to your 2008 server to be able to setup secondary zones

Secondary zones should be setup to allow dcpromo on the 2008 server to happen without fail.

sorry for all the dumb questions, hopefully I will get this figured out. 2008 is such a major difference then 2000. So I need to manually add the DNS role and setup DNS first then run dcpromo? I am used to DNS being setup while I ran dcpromo.

[sc302 Veteran]

Yes. But if you want it to fail, then no. It really isn't that bad (of course I have been through this a few hundred times at this point.)

[random_n]

I've not tried this scenario yet (Server 2003 and 2008 work pretty nicely together), but why is setting up zone transfers necessary? Set the DNS client on the 2008 box to point to the 2000 machine first to make it a member server, and after going through the AD Domain Services setup the 2008 machine should have its own DNS server complete with the AD integrated zones replicated (after a few minutes, of course).

The "A delegation for this DNS server..." message is pretty well ordinary. Just set up a couple of DNS forwarders in your DNS service when you're done. Using your ISPs DNS server for external queries will usually be faster than going from the root hints.

[unrealism]

Yes. But if you want it to fail, then no. It really isn't that bad (of course I have been through this a few hundred times at this point.)

OMG! Finally I got this silly thing to join the domain! lol. Now... just a few quick questions maybe you can answer. Obviously at some point this week I will need to demote the 2000 box. Here is the problem and concerns I have....

1. If I demote this box, what happens with the AD data? Does it wipe it out and I need to be careful with my VM box running 2008 since it will be my primary?

2. Will the 2008 carry over the GPolicies from the 2000 box?

3. Any advice on promoting the 2008 box and demoting the 2000 box?

Note: I will still need my users to access my 2000 box because of some data and things, so when I demote this box, will they still able to reach its resources ok?

Thank you so much for being patient with me, I am a little rusty at this. I been stuck with this same server for quite some time.

[sc302 Veteran]

1. You should have ran a dcpromo on the 2008 server which duplicates all of the ad onto it. You need to migrate over the FSMO roles over to the 2008 server (see my first post).

2. See above

3. See above,transfer FSMO rolls demote 2000 server.

Your data will be fine.

[sc302 Veteran]

I've not tried this scenario yet (Server 2003 and 2008 work pretty nicely together), but why is setting up zone transfers necessary? Set the DNS client on the 2008 box to point to the 2000 machine first to make it a member server, and after going through the AD Domain Services setup the 2008 machine should have its own DNS server complete with the AD integrated zones replicated (after a few minutes, of course).

The "A delegation for this DNS server..." message is pretty well ordinary. Just set up a couple of DNS forwarders in your DNS service when you're done. Using your ISPs DNS server for external queries will usually be faster than going from the root hints.

no need to make it a member server if you setup dns prior, one less reboot. DNS is already there. Doing it this way has never failed for me at all, works 100% of the time without errors. Also if there are any issues with the network doing this initial step will help you to figure them out before doing a dcpromo and watching it fail in the middle of it (been there 1 too many times). AD relies heavily on DNS functioning properly, if it is replicating properly you know that it will be smooth sailing.

[unrealism]

Now can I go ahead and also add my 2 other 2008 servers to the 2000 domain like I did this last one, and then once that is done I just promote the "main" 2008 box I want to be PDC? Then demote the 2000 server and just make it part of the domain?

[sc302 Veteran]

If the other 2 2008 servers do not need to be a dc then you can just add them to the domain and make them member servers, no need to go through all of that. At this point when you are ready, the other 2 2008 servers or not, you can transfer the FSMO rolls over to the 2008 server and demote the 2000 server, the 2000 server should demote to a member server and keep all of the shares in tact.

[unrealism]

If the other 2 2008 servers do not need to be a dc then you can just add them to the domain and make them member servers, no need to go through all of that. At this point when you are ready, the other 2 2008 servers or not, you can transfer the FSMO rolls over to the 2008 server and demote the 2000 server, the 2000 server should demote to a member server and keep all of the shares in tact.

In your opinion should I make the others DC, or not? I was taught that its better to have at least 2 DC (PDC, and a DC). That way if one goes down, users can still login. Or am I mistaking the roll of a additional DC?