Migrazione di un server DC Windows 2000 a Windows 2003
Si deve migrare un server Win2k (marserver) su un'altra macchina fiscia su cui è stato installato Win2k3 Sp1 (marsrv01)come member server.
Controllo aggiornamenti e funzionalità Win2k
Microsoft recommends that all the Windows 2000 domain controllers run the Windows 2000 Service Pack 4 (SP4) or later operating systems.
If you cannot fully deploy Windows 2000 SP4 or later, all the Windows 2000 domain controllers must have an
- $WINDIR%system32\\Ntdsa.dll
file whose date stamp and version is later than
- June 4th, 2001
and
- 5.0.2195.3673
Scaricare ed installare DCDIAG su Win2k:
cd %ProgramFiles%\Support Tools DCDIAG /test:FSMOCHECK
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\MARSERVER
Starting test: Connectivity
......................... MARSERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\MARSERVER
Running enterprise tests on : marzotto.priv
Starting test: FsmoCheck
......................... marzotto.priv passed test FsmoCheck
- Se il test dà un errore riguardo la risoluzione di GUID DNS, sistemare la configurazione DNS come spiegato in Impossibile fare il join di un Dominio da Windows 2003 (DNS error 0x0000232b)
- Scaricare ed installare Windows 2000 SP4 Support Tools (10.3mb)
- Verificare che le eventuali repliche funzionino:
cd %ProgramFiles%\Support Tools REPADMIN /SHOWREPS
Default-First-Site-Name\MARSERVER DSA Options : IS_GC objectGuid : 170131db-58f0-4c35-9f93-fb9e92bbb396 invocationID: 170131db-58f0-4c35-9f93-fb9e92bbb396 ==== INBOUND NEIGHBORS ====================================== ==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============
- Verificare che ci sia spazio libero pari almeno al 20% delal dimesnione del maggiore dei file:
dir %WINDIR%\System32\Ntds.dit
dir %WiNDIR%\NTDS\Ntds.dit
Aggiornamento dello schema Active Directory su Win2k
ATTENZIONE: DISATTIVARE MCAFEE, ALTRIMENTI SI SOTTIENE L'ERROR(101) E NON SI RIESCE AD AGGIORNARE LO SCHEMA.
ATTENZIONE: USARE POSSIBILMENTE L'ULTIMA VERSIONE DISPONIBILE DI ADPREP.EXE INVECE DI QUELLA SUL CD (VEDI INSTALL\TOOLS) oppure scaricarla da
X:\tmp\ADPREP\adprep.exe /forestprep
ADPREP WARNING: Before running adprep, all Windows 2000 domain controllers in the forest should be upgraded to Windows 2000 Service Pack 1 (SP1) with QFE 265089, or to Windows 2000 SP2 (or later). QFE 265089 (included in Windows 2000 SP2 and later) is required to prevent poten tial domain controller corruption. For more information about preparing your forest and domain see KB article Q3311 61 at http://support.microsoft.com. [User Action] If ALL your existing Windows 2000 domain controllers meet this requirement, type C and then press ENTER to continue. Otherwise, type any other key and press ENT ER to quit. c Opened Connection to MARSERVER SSPI Bind succeeded Current Schema Version is 13 Upgrading schema to version 30 Connecting to "MARSERVER" Logging in as current user using SSPI Importing directory from file "C:\WINNT\system32\sch14.ldf" Loading entries................................................................. ............................................... 111 entries modified successfully. The command has completed successfully Connecting to "MARSERVER" Logging in as current user using SSPI Importing directory from file "C:\WINNT\system32\sch15.ldf" Loading entries................................................................. .... 68 entries modified successfully. The command has completed successfully Connecting to "MARSERVER" Logging in as current user using SSPI Importing directory from file "C:\WINNT\system32\sch16.ldf" Loading entries.................................. 33 entries modified successfully. The command has completed successfully Connecting to "MARSERVER" Logging in as current user using SSPI Importing directory from file "C:\WINNT\system32\sch17.ldf" Loading entries...................... 21 entries modified successfully. The command has completed successfully CUT CUT Connecting to "MARSERVER" Logging in as current user using SSPI Importing directory from file "C:\WINNT\system32\sch29.ldf" Loading entries....... 6 entries modified successfully. The command has completed successfully Connecting to "MARSERVER" Logging in as current user using SSPI Importing directory from file "C:\WINNT\system32\sch30.ldf" Loading entries................ 15 entries modified successfully. The command has completed successfully ................................................................................ ................................................................................ ................................................................................ ................................................................................ ................................................................................ ................................................................................ ................................................................................ ................................................................................ ................................................................................ ................................................................................ ............................................................................ ........................................... Adprep successfully updated the forest-wide information.
- Ora fare il domainprep
X:\tmp\ADPREP\adprep.exe /domainprep
Running domainprep ... Adprep successfully updated the domain-wide information. The new cross domain planning functionality for Group Policy, RSOP Planning Mode, requires file system and Active Directory permissions to be updated for existing Group Policy Objects (GPOs). You can enable this functionality at any time by running "adprep.exe /domainprep /gpprep" on the DC that holds the infrastructure operations master role. This operation will cause all GPOs located in the policies folder of the SYSVOL to be replicated once between the domain controllers in this domain. Microsoft recommends reading KB Q324392, particularly if you have a large number of Group policy Objects.
Promozione del DC Win2k3
Ora si può cominciare con la macchina win2k3
Riferimenti:
- Windows 2000 Resource Kit Tools per le operazioni amministrative
- Download Windows 2000 SP4 Support Tools:
- Su win2k3 lanciare:
dcpromo
Selezionare
- Additional domain controller for an existing domain
Se si ottiene un errore relativo al DNS, vedi Impossibile fare il join di un Dominio da Windows 2003 (DNS error 0x0000232b)
Spostamento DNS
- Su Win2k3 Installare DNS da aggiungi componenti di windows
- Manage, SErvices, DNS, .. tasto destro , configure DNS
- Solo root hints.
- Sulla Win2k controllare che la zona sia AD integrated, altrimenti non verrà replicata sul nuovo server.
- Tasto DX Type [change]
- Sincronizzare AD (Print - Forcing AD Replication:)
- su win2k:
repadmin /syncall marserver
- Su Win2k3
- Scaricare i Support Tools, ed installarli.
- Lanciare
cd %PROGRAMFILES%\Support Tools repadmin /syncall marsrv01
- Riavviare entrambi i dns server, chiudere e riaprire mmc, aspettare ... al massimo fare notify dalmaster, sinchè non si vedono apparire le zone nel win2k3.
- Fermare e disabilitare il DNS su Win2k
- Cambiare ip DNS in configurazione LAn su Win2k e Win2k3.
- Se si usano dei forwarders, impostarli su Win2k3.
- Impostare il nuovo DNS nelle Opzioni del Server DHCP e riavviare il server DHCP
Spostamento DHCP
Riferimento: How to move a DHCP database from one server to another in Windows NT 4.0 and in Windows 2000 o meglio How to move a DHCP database from a computer that is running Windows NT Server 4.0, Windows 2000, or Windows Server 2003 to a computer that is running Windows Server 2003 e anche WindowsIS : Using DHCPEXIM and netsh to migrate DHCP scopes to a Windows 2003 Server DHCP server: e anche DHCPexim will export DHCP data for NT 4 and 2000 but will not import for 2003 - Aaron Tiensivu's Blog:
- Sul win2k, installa dhcpexim(richiede convalida windows) o dhcpexim
- Fermare DHCP:
net stop dhcpserver
- Fare il pack del database:
cd %systemroot%\system32\dhcp jetpack dhcp.mdb temp.mdb
- Esportare il database nel file dhcpdb.txt (è un file binario):
cd %programfiles%\resource kit Dhcpexim.exe
- Fermare e disabilitare il servizio DHCP su win2k.
- Copiare il file dhcpdb.txt su win2k3.
- Installare DHCP su Win2k3
- Importare il file precedentemente importato:
netsh dhcp server import c:\temp\dhcpdb.txt all
- Authorizzare il server DHCP
- Cambiare la DHCP option del DNS
Copia dei files
- Ricreare le condivisioni con i diritti adeguati.
- Controlalre che lo script di logon user.cmd sia presente su entrambi i server e modificare nomi server nei net use.
- Installare Robocopy su win2k3.
cd %programfiles%\Windows Resource Kits\Tools
- Simulare la copia:
robocopy /SEC /S /L \\marserver\Dati D:\Dati
- Se va bene, lanciare la copia
robocopy /SEC /S \\marserver\Dati D:\Dati
Eliminazione vecchio DC e Trasferimento dei Ruoli FSMO e Global Catalog
Seguire le istruzioni riportate in Q313994: How to create or move a global catalog in Windows Server 2003, Windows 2000, or Small Business Server 2000:
- On the domain controller where you want the new global catalog, start the Active Directory Sites and Services snap-in.
%WINDIR%\system32\dssite.msc
- In the console tree, double-click
Sites
- and then double-click
Defaul-First-Sitename
- Double-click
Servers
click your new (where you want to move the GC)
DomainControllerName
right-click
NTDS Settings
and then click
Properties.
- On the
General tab, click to select the Global catalog check box
to assign the role of global catalog to this server.
- Remove the checkbox from the other domain controller
- Restart the domain controllers and check where the GC is stored now.
Riferimento: How to promote and demote domain controllers in Windows 2000
Rif: (Win2003) Rimuovere un Domain Controller da Active Directory:
Rif: Win2003: Trasferire i ruoli FSMO da un Domain Controller ad un'altro:
Rif: How do I change the Domain Naming Master FSMO?:
"NOTE: When a domain controller is demoted, if it is not the last domain controller in the domain, it performs a final replication and then transfers the roles to another domain controller. As part of the demotion process, the Dcpromo utility removes the configuration data for the domain controller from Active Directory. This data takes the form of an NTDS Settings object, which exists as a child to the server object in Active Directory Sites and Services Manager. After the domain controller is demoted it no longer has Active Directory information available, and uses the Security Accounts Manager (SAM) database for local database information. If the domain controller is a global catalog, that role is not transferred to another domain controller. In this case, you must manually select the check box in Active Directory Sites and Services Manager for another domain controller to take over the role. "
- Sul server da rimuovere, lanciare
dcpromo
per trasformarlo in "member server". Riavviare.
- Sul server da rimuovere, dalle proprietà di rete, rimuoverlo dal dominio e metterlo in workgroup. riavviare.
- Ora è possibile spegnere il vecchio server.
Riferimenti
http://www.microsoft.com/windowsserver2003/evaluation/whyupgrade/win2k/w2ktows03-2.mspx
http://download.microsoft.com/download/9/9/6/996f17f2-e008-4581-a26f-9098f87690e2/Upgwin2k.doc