Posts made by garak0410

So what are some of the BPA's I can run to check to see if this last step is working? I did create a new user on the new server and it replicated back to the old one.

@Dashrender said:

Looks good.

An FYI for you. If you demote a server that has a FSMO role on it - DCPromo will push the roll to another server (at least it did for me once). But do as the documentation says, move them yourself first.

Heck, just to make sure everything is working well, I'd move all services (files/printers/av console, etc) off the old server, then after a few days to make sure that all works, I'd move the FSMO rolls then turn off the old server for a day or two. If your network continues with the old server turned off before you remove it from the domain, then you know everything has moved as needed. If when you turn the old server off, something breaks, you know you forgot something.

I may look at doing this. Moving the files over will coincide with login scripts to map the drives to the new file server. Since I cannot use the suggested CNAME option above until the old server is turned off, I'll for sure need to make sure our software code points to the new file server on selected sheets that have code that references the current file server.

These are the steps I have left in the list I've collated over the past few months:

		§ Transfer FSMO Roles to new Server 2012 R2 Domain Controller
			□ Transfer all 5 or one at a time and start demoting your old Server 2003 DC's in the next step. But the key to remember is to NOT demote any of the current domain controllers that have any of your FSMO roles on them. Be sure to transfer them off first before proceeding to DC demotion.
			□ http://blogs.technet.com/b/canitpro/archive/2013/05/27/step-by-step-active-directory-migration-from-windows-server-2003-to-windows-server-2012.aspx
		§ Demote old Server 2003 Domain Controllers
			□ Run dcpromo and follow steps.
				® Remember: Do NOT demote any domain controller that does not have FSMO roles on them.
			□ http://technet.microsoft.com/en-us/library/cc740017%28v=ws.10%29.aspx
		§ Raise Domain Functional Level
			□ Raise the functional level by opening Active Directory Domains and Trusts. Then right click on domain and trusts and select "Raise Forest Functional Level"
			□ http://technet.microsoft.com/en-us/library/cc730985.aspx
		§ Migration Complete! :)

@scottalanmiller said:

I told you about using the CNAME process at the beginning of this process

My memory is fading when I spend 2 hours trying to explain to our office manager why scanning in a 500 page project in our copier make it run out of memory and I cannot change that fact...

My RoboCopy tests have proven to be good so far. I see the domain level permissions!

@IRJ said:

@scottalanmiller said:

@IRJ said:

@garak0410 said:

Most people have said just ROBOCOPY the files from the old file server (in this case, SBS 2003) to the new one (2012 R2 Virtual Machine) and it will keep the permissions intact and echo the different server name...correct?

After you decommission the old server, just create a DNS forwarder. That will forward all requests for the Old Server name to the New Server Name

CNAME (alias) he means.

yeah exactly. Its been a long day

Heck...that makes my life easier for now. I could even complete this tonight if I didn't have to play Soccer Dad.

Most people have said just ROBOCOPY the files from the old file server (in this case, SBS 2003) to the new one (2012 R2 Virtual Machine) and it will keep the permissions intact and echo the different server name...correct?

OK, so what is really recommended next? Run off both DC's for a good while? Since my old DC was my file server as well, I am wanting to get that moved. So perhaps move on to that this Friday evening. That is where the DHCP may come into play. And changing some of our messy VBA apps code to point to new file server.

It's looking good y'all! I'm gonna buy everyone pizza or coffee when this is done!

The next step on my list is this:

•Transfer FSMO Roles to new Server 2012 R2 Domain Controller
Transfer all 5 or one at a time and start demoting your old Server 2003 DC's in the next step. But the key to remember is to NOT demote any of the current domain controllers that have any of your FSMO roles on them. Be sure to transfer them off first before proceeding to DC demotion.
http://blogs.technet.com/b/canitpro/archive/2013/05/27/step-by-step-active-directory-migration-from-windows-server-2003-to-windows-server-2012.aspx

Stick with this?

@Dashrender said:

As long as you don't have any NT servers or workstations connecting you should be good.

I was concerned that maybe my XP machines might have an issue, but there hasn't been one!

Click install.

Clicking on INSTALL. I will not be demoting the old one until Friday evening...

Ready to click FINISH

First part of results not in screen shot:

Windows Server 2012 R2 domain controllers have a default for the security setting named "Allow cryptography algorithms compatible with Windows NT 4.0" that prevents weaker cryptography algorithms when establishing security channel sessions.

For more information about this setting, see Knowledge Base article 942564 (http://go.microsoft.com/fwlink/?LinkId=104751).

OK, the paths looked good, so hitting next (masking out my actual domain and PC names)

Review Options show this:

Configure this server as an additional Active Directory domain controller for the domain "mydomain.local".

Site Name: Default-First-Site-Name

Additional Options:

Read-only domain controller: No

Global catalog: Yes

DNS Server: Yes

Update DNS Delegation: No

Source DC: domainPC.mydomain.local

Database folder: C:\Windows\NTDS

Log file folder: C:\Windows\NTDS

SYSVOL folder: C:\Windows\SYSVOL

The DNS Server service will be configured on this computer.

This computer will be configured to use this DNS server as its preferred DNS server.

So, looking good here to continue to proceed?

Will BRB...got a heavily used printer down.

@scottalanmiller said:

@garak0410 said:

@scottalanmiller said:

Yes, the first one.

OK, I realized that message was a warning so I put in my admin password and moved on...now, LOL, I get this:

LOL to the first bit.

Is your 2003 box not authoritative for its zone?

This is just like parenting. No real manual on how to do it. LOL

Well, I got to this screen (covered up the domain name but I do see my current domain in REPLICATE FROM. OK to hit next?

@scottalanmiller said:

Yes, the first one.

OK, I realized that message was a warning so I put in my admin password and moved on...now, LOL, I get this:

Let me back up to the first screen in this wizard:

Which option do I choose here for my situation, which is this new server will eventually be the new domain controller once the other one is demoted. So, I want to make sure the domain name remains the same when the new DC takes over...

Add a domain controller to an existing domain
Add new domain to an existing forest
Add a new forest

Which one of the above options are correct? I assumed the first one, right?

@scottalanmiller said:

Here is the image:

Let me break for lunch and then reboot the new DC virtual and try again.

@scottalanmiller said:

RODCs are new to 2008 and can't be supported on a 2003 Forest. An RODC also cannot be used in your project here. You need to make a normal, every day DC. Wait, why is it saying "read only"? What have you selected?

I am having problems attaching a screenshot...so I emailed to you Scott. This is after I click NEXT when adding to my existing domain...In the Wizard, it is the Domain Controller Options. READ ONLY is NOT CHECKED but when it fails, I cannot select any other options here.

@scottalanmiller said:

I feel like I did 2003 R2 to 2012 last year.

This is 32 Bit and this is why I couldn't run ADPREP...I've had one guy tell me over and over, this CAN be done.

@scottalanmiller said:

@garak0410 said:

Next Error...I got passed the forest part of the wizard. Stopped on the Domain Controller Options Wizard Where you have options for DNS, Global Catalog and such...it stops and says:

A DOMAIN CONTROLLER RUNNING WINDOWS SERVER 2008 OR LATER COULD NOT BE LOCATED ON THIS DOMAIN. TO INSTALL A READ-ONLY DOMAIN CONTROLLER, THE DOMAIN MUST HAVE A DOMAIN CONTROLLER RUNNING WINDOWS SERVER 2008 OR LATER.

Months of research said I could go from SBS 2003 to 2012 R2. Is that the problem? Or is this because I couldn't get ADPREP to run on my 32bit 2003 server?

No, not supported. You've gone too long between updates I'm afraid. Neither 2003 nor 32bit upgrades are supported.

http://technet.microsoft.com/en-us/library/hh994618.aspx#BKMK_UpgradePaths

And I would agree with you there but I've had more than a handful of people say they HAVE done this, which is why I've proceeded.