1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AD 2003 To 2008 Migration Question

Discussion in 'Software' started by Methodman85, Jul 20, 2010.

  1. Methodman85

    Methodman85 Byte Poster

    244
    6
    32
    Hey Guys,

    I was just wondering if it's safe to take a DC offline before running ADprep on it to ensure that it runs without error before putting it back on the network and letting the changes replicate.

    I plan on transferring the FSMO roles to a Virtual DC, taking a snapshot, then taking it off the network, and running ADprep. That way if anything goes wrong I can just revert to the snapshot and add it back to the network.

    Thoughts?
     
    Certifications: MCTS, MCSE, MCSA:M, CCNA, MCDST, N+
    WIP: 70-680
  2. LukeP

    LukeP Gigabyte Poster

    1,194
    41
    90
    You can take DC offline and run adprep on it but the part with taking a snapshot and restoring it can cause some damage. Read on USN rollbacks to see what I mean.
    I would take the DC offline, captured System State, ran ADPREP, check if it's fine.
    If it is, stick it back on the network and let the changes replicate if it's not restore system state and stick it back on the network and it will pull down any changes done to AD in the meantime from other DCs.

    Generally I would be careful with any backup solution that is not AD aware when backing up AD. This is because AD is a real dog to fix when something goes wrong.
     
    Last edited: Jul 20, 2010
    WIP: Uhmm... not sure
  3. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    I agree with LukeP... snapshots don't work that well with AD... thing is if something goes wrong, you will need to do a non-authoritative restore on the domain controller using the system state backup... Also preferably use the same backup utility you used to do the backup of the system state although not always necessary.
     
    Last edited: Jul 20, 2010
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  4. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,190
    296
    319
    Perhaps image the main DC with FSMO roles and put it into an isolated virtual environment. Then test upgrading.

    Upgrading the DCs is only part of the task though. Is there anything on the LAN that might not like the new DCs?
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  5. Methodman85

    Methodman85 Byte Poster

    244
    6
    32
    Hey Guys,

    I will take your advice on the snapshots. I like the system state backup with the network disconnect. The need for an authoritative restore is what I'm trying to avoid.

    Sparky I also considered what you suggested. If I cloned a non FSMO holder DC, and then seized the roles, would I then have to do a meta data cleanup to clear up all the "Orphaned" DCs, or do you think ADprep would just run without issue. The reason I'd clone a non FSMO DC is because I have a virtual one. Or maybe I'll transfer the roles first to the virtual DC then power it down and clone it.
     
    Certifications: MCTS, MCSE, MCSA:M, CCNA, MCDST, N+
    WIP: 70-680
  6. LukeP

    LukeP Gigabyte Poster

    1,194
    41
    90
    Adprep will run with no problems. It extends the schema and doesn't change what's already in there (for backward compatibility).
     
    WIP: Uhmm... not sure
  7. Methodman85

    Methodman85 Byte Poster

    244
    6
    32
    Sounds good, I will give it a try.
    I'm sure I could just run it and everything will be fine, but I don't want to take any chances.
    Thanks guys.
     
    Certifications: MCTS, MCSE, MCSA:M, CCNA, MCDST, N+
    WIP: 70-680
  8. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,190
    296
    319
    Sounds a bit messy tbh mate and that wont be a true representation of your live environment.

    How are your FSMO roles setup just now? Could you P2V a DC which holds all FMSO roles and then test that first before upgrading the live network?
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  9. Methodman85

    Methodman85 Byte Poster

    244
    6
    32
    All the FSMO's are on one DC, it's a single domain forest. You think loading VMware Converter on the Physical FSMO server and converting it is better than transferring the FSMOs to my existing Virtual DC?
     
    Certifications: MCTS, MCSE, MCSA:M, CCNA, MCDST, N+
    WIP: 70-680
  10. Methodman85

    Methodman85 Byte Poster

    244
    6
    32
    Hrm now that I think about it, you're probably right.
     
    Certifications: MCTS, MCSE, MCSA:M, CCNA, MCDST, N+
    WIP: 70-680
  11. Methodman85

    Methodman85 Byte Poster

    244
    6
    32
    Last edited: Jul 20, 2010
    Certifications: MCTS, MCSE, MCSA:M, CCNA, MCDST, N+
    WIP: 70-680
  12. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,190
    296
    319
    Ahh, that does look like hassle.

    For every single DC upgrade I have done (and I have done one or two) I have checked the event logs and resolved any issues on the DCs before upgrading. I’ve also checked the backups etc. so if something does go wrong then I can roll back the main DC(s) with FSMO roles which are the most important ones to worry about.

    No problems to report so far.
     
    Last edited: Jul 20, 2010
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  13. Methodman85

    Methodman85 Byte Poster

    244
    6
    32
    True, I hear ya.
    I've done a few 2000 > 2003 but this is my first to 2k8, and it's a new company so I want it to go as smoothly as possible.
    This was the article that got me thinking about ADPREP actually failing.

    http://searchwindowsserver.techtarg...2&ad=776115&asrc=EM_NLT_12051379&uid=10038802

    So if I could just run a quick ADPrep on a copy of the schema it would put my mind at ease. I think I'll give the Virtual DC a try, since there should be no hardware conflicts since it will be cloned on the same host.
     
    Certifications: MCTS, MCSE, MCSA:M, CCNA, MCDST, N+
    WIP: 70-680
  14. SimonD

    SimonD Terabyte Poster Moderator

    3,463
    397
    199
    If I were you I would create a 2nd (virtual) DC, transfer all the roles to it, isolate it. Power off, clone it. Power it on and try the ADPrep, if it's successful you can power on the original DC, transfer the FSMO roles back over, decommission the virtual DC and be off with it.

    I have to admit that I haven't had any issues with running ADPrep before however (I have done it a few times now). Infact I haven't had any issues with Schema updates in a while (Exchange, SCCM, ADPrep etc).
     
    Certifications: CNA | CNE | CCNA | MCP | MCP+I | MCSE NT4 | MCSA 2003 | Security+ | MCSA:S 2003 | MCSE:S 2003 | MCTS:SCCM 2007 | MCTS:Win 7 | MCITP:EDA7 | MCITP:SA | MCITP:EA | MCTS:Hyper-V | VCP 4 | ITIL v3 Foundation | VCP 5 DCV | VCP 5 Cloud | VCP6 NV | VCP6 DCV | VCAP 5.5 DCA
    WIP: VCP6-CMA, VCAP-DCD and Linux + (and possibly VCIX-NV).
  15. Methodman85

    Methodman85 Byte Poster

    244
    6
    32
    Indeed that's what I will do, but I had planned on just using the existing virtual DC that I have, do you think a 2nd is necessary?

    I haven't had any issues in the past with ADPREP either, but I'm always paranoid, I picture ADPREP displaying an error in my head; scary.
     
    Certifications: MCTS, MCSE, MCSA:M, CCNA, MCDST, N+
    WIP: 70-680
  16. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    I hear ya... I am about to install SCCM in out production environment and before doing that, I need to extend the AD Schema so it's a little nerver wracking but it has to be done!
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  17. Methodman85

    Methodman85 Byte Poster

    244
    6
    32
    So everything worked out great.

    - I transferred the FSMO rules to an existing VM DC
    - I then powered it down and cloned it
    - Removed the Virtual NIC for safety before powering the clone up
    - Launched Sites and Services and removed all of the other DCs (Necessary step)
    - Ran ADprep

    Thanks for the help!
     
    Certifications: MCTS, MCSE, MCSA:M, CCNA, MCDST, N+
    WIP: 70-680

Share This Page

Loading...