2000 to 2003 Migration Question

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hello Everyone,
So we're finally upgrading to a windows 2003 domain here at my company, so naturally I have some questions since this is my first domain migration.

We have 2 domains within the same forest here (production domain and corporate domain)
The Corporate domain controllers are the ones I'm migrating (2)
The main corporate DC holds the PDC, RID and IM.
The Schema Master and Domain Naming Master on the other hand are on a DC on the production domain (I'm guessing this was the first DC created in our forest)

My question is, where do I run adprep /forestprep and adprep /domainprep
Should they be run both from the production domain controll since it's the head of the forest?
Or can I run this on the master Corporate DC
Or do I need to run adprep /forestprep on the production domain, and then run adprep /domainprep on the corporate domain?

Thanks guys!

 

Thanks wagnerk, you're right you can't be too safe doing something like this. I'll give all of these a read.

 

Wonderful thank you
I have a guide that makes the process seem pretty straight forward. But it leaves out some details I would like to see (like the info you just presented)

Link

I will definitely go over everything you've posted as well. Thanks!

 

Aside from what has already been said I will say that you should definitely make sure you back up everything and ensure the backups work.

You never know what nasty surprises could pop-up so make sure you have the facility to roll back to the original production state just in case the worst does happen.

If you have the hardware available it may be worth having a clone of your PDC ready to be put online in case it looks like the DC's are going to be offline for a considerable amount of time.

HTH

 

Brand new hardware. The old Boxes are a PII and PIII systems.

I've taken Windows Backups of both, as well as Acronis Backups which are great due to their Universal Restore capability.

Looks like I'll need to take a full backup of the production domain's DC as well since it's the chief of the forest, I probably would of overlooked this and just focused on the two corporate domain controllers if I didn't ask my question here

 

Hey Sparky,
My manager is in charge of the production domain.
We are on Exchange 2000, and all DCs are GCs.

Tip 15 from The Common Mistakes Article says:
If you have a multidomain hierarchy, upgrade frist the forest root domain, and only after this upgrade is complete, the rest of the forest.

Our Corporate domain is not a child domain, it's a seperate domain within the same forest.
Based on this tip, would running the ADprep on the forest root domain be enough? Or does the forest root domain controller (Production DC) need to be the first to be migrated to a 2003 server?

 

Hey Sparky,
I guess I wasn't really that clear in my orginal Post. Ah netdom makes things easy, I checked the manual way before lol.

Here goes:
Production Domain

Schema Owner: Production01.productiondomain.com
Domain Role Owner: Production01.productionomain.com
PDC Role: Production01.productionomain.com
RID Pool manager: Production01.productionomain.com
Infrastructure Ower: Production01.productionomain.com

Corporate Domain

Schema Owner: Production01.productiondomain.com
Domain Role Owner: Production01.productionomain.com
PDC Role: Corporate01.corporatedomain.com
RID Pool manager: Corporate01.corporatedomain.com
Infrastructure Ower: Corporate01.corporatedomain.com

 

Well after doing some more reading I presented some info to my manager. Specifically:
"The follwing computers must be amoung the first domain controllers that run Windows Server 2003 in the forest in each domain:
The domain naming master in the forest so that you can create default DNS program partitions.

The primary domain controller of the forest root domain so that the enterprise-wide security prinicipals that Windows Server 2003's forestprep adds become visible in the ACL editor.

So with that my new question is, how do I put corporatedomain.com into it's own forest?
Also would creating a trust relationship after it's in its own forest produce the same results as when it had a default trust from being in the same forest as productiondomain.com? - I can't remember if the results are the same or not.

Oh man I need to do lots more reading. Help is much appreciated guys.

 

Isn't there always a mandatory default trust (one that you don't have to configure) between domains within the same forest?

 

Hey Sparky,
What worries me is this:

The following computers must be among the first domain controllers that run Windows Server 2003 in the forest in each domain:
• The domain naming master in the forest so that you can create default DNS program partitions.
• The primary domain controller of the forest root domain so that the enterprise-wide security principals that Windows Server 2003's forestprep adds become visible in the ACL editor.
• The primary domain controller in each non-root domain so that you can create new domain-specific Windows 2003 security principals.
To do so, use WINNT32 to upgrade existing domain controllers that host the operational role you want. Or, transfer the role to a newly-promoted Windows Server 2003 domain controller. Perform the following steps for each Windows 2000 domain controller that you upgrade to Windows Server 2003 with WINNT32 and for each Windows Server 2003 workgroup or member computer that you promote:

To me this says that production01, or at least the Roles that Production01 hold, must be the first to be on a Server 2003 DC, either by an inplace upgrade of the Server that holds the schema, and domain naming master. Or by transfering those roles to a Server 2003 DC.

So Is just doing the adprep on production01 and then moving onto corporate01 as the first migration safe and fine? Or do I actually have to migrate production01 first, THEN move on to corporate01?

 

Thanks Sparky, I originally had no intention of migrating the production domain and was trying to find out if I could do the corporate one without touching production, but looks like that's not possible with my setup.
Only way would be to create a new corporate domain in its own forest and migrate everything over. *sigh*