Migrate AD users from 2003 to 2008
Hi.
I've never migrated users from one domain controller to another. Now i'm about to move users from an existing pcd on windows 2003 to another that will we running as pcd on windows 2008 i need help. What's the best way? How can I migrate all DNS info, user, computers etc.. to the new machine that will replace the existing pcd?
Answers
In your scenario the best way to replace your current Windows Server 2003 Active Directory Domain Controller with a spanking new Windows Server 2008 Domain Controller is to transition your domain.
In a transition scenario you prepare your current domain for Windows Server 2008 Domain Controllers and then implement the new server as an extra Domain Controller for your domain. After transferring the roles you can get rid of the initial Domain Controller. The higl level steps are below:-
Provide a static IP address to the Windows Server 2008 box you intend to use as Domain Controller
-
Prepare your Active Directory environment for the first Windows Server 2008 Domain Controller by running adprep.exe with the needed switches.
-
Make the Windows Server 2008 box an extra Domain Controller for your existing domain by running dcpromo.exe
-
Make the new server a Global Catalog server
- When your Windows Server 2003 Domain Controller is the only DNS Server, convert your DNS zone into an Active Directory Integrated Zone. Install DNS on the new server and it will automatically be populated. If another server is your DNS Server you need not do anything with DNS
-
Migrate any data you'd want to migrate to the new Windows Server 2008 box (except for the SYSVOL and NETLOGON shares, these will be copied automatically)
-
Migrate any Server roles you'd want to migrate to the new Windows Server 2008 box (think about Certificate services, DHCP, Print Server and any business specific application at this moment)
-
Transfer all the FSMO roles from the Windows Server 2003 Active Directory Domain Controller to the Windows Server 2008 Domain Controller.
-
Get rid of your Windows Server 2003 box as a Domain Controller by demoting is using dcpromo.exe
-
Optional: (see step 4) When your current Domain Controller is DNS Server and you don't want it to be anymore be sure to change this information on your clients (change DHCP option, when DHCP is available) and reconfigure your DNS zones not to include the old server anymore.
-
Remote the Windows Server 2003 box from the domain and delete its computer account from Active Directory.
-
Get rid of your Windows Server 2003 box.
Note:
If you want to keep your Windows Server 2003 box, except for its Domain Controller role, you can leave behind steps 5-7 and 9-12.
Transitioning your Active Directory will not require you to configure anything on the desktops of your users and your users can start using the server right away, since each Active Directory Domain Controller stores a copy of the Active Directory information, like users, computers, etc. and the NETLOGON and SYSVOL shares.
When done right your colleagues might not even suspect a thing! The downside is you need to know exactly what you're doing, because things can go wrong pretty fast.
-
wizzler wrote: Also what i am worried about is the exchange upgrade. I know 2007 separates mailboxes and the AD accounts. Should I prep the current AD somehow? I'll assume you're currently running Exchange Server 2003 and want to move your users' mailboxes over to Exchange Server 2007.
Preparing Active Directory
You're right in asking yourself whether you need to prepare the Active Directory for Exchange Server 2007. You need to prepare the domain. The Microsoft Exchange 2007 Setup has the tool to prepare your Active Directory built-in.
As described here you need to perform the following four commands before installing your first Exchange Server 2007 box:
setup /PrepareLegacyExchangePermissions
setup /PrepareSchema
setup /PrepareAD
setup /PrepareDomain or setup /PrepareAllDomains
Note:
Microsoft Exchange communicates with Active Directory through Global Catalogs using MAPI. Although the Active Directory Sites and Services MMC Snap-in doesn't ask for it you need to restart a Domain Controller at least one time after making it a Global Catalog before it starts talking MAPI.
Microsoft recommends running these steps on the Domain Controller holding the Schema master FSMO role. When this server is a 32bit box, download the 32bit (trial) version of Exchange Server 2007 to prepare the Active Directory.Other requirements apply to Exchange Server 2007. The setup program checks (most) of these and will provide you warnings and errors on these conditions, as well as guidance to correct any conditions.
Common pitfalls when migrating Exchange
Read Common Mistakes When Upgrading Exchange 2000/2003 To a Exchange 2007 (twice)
In addition to this invaluable Microsoft Knowledge Base article you might avoid common pitfalls when migrating your Exchange environment by taking a look at the following tips:
-
While thinking about the dimensions for the new Exchange server, think about placing the Exchange database and Exchange Transaction Logs on different partitions (or volumes) than your Operating System.
-
While determining the size of your current Exchange database keep in mind your users will likely be changing their behavior to common standards, which might mean they will want to store 3 times more mail in the 4 years to come.
-
(Make someone) communicate to your end users their Exchange experience is about to change.
-
Educate your end users (especially when you want to upgrade Outlook as well)
-
Document your firewall settings and mail flow before you begin.
-
Drink something to keep you awake before your begin.
-
Update your previous Exchange servers to the latest patchlevel (use MBSA)
-
Eliminate any smarthost settings at the host level. Apply these settings per routing group
-
Ensure proper communication is possible on the required ports for all Exchange Servers and Active Directory Domain Controllers
-
Ensure replication between Domain Controllers is working flawlessly
-
Before you put your Exchange Server into production make sure you configured anti-virus, anti-spam, anti-malware, backup, disclaimers, outlook web access, public folder replication, and the offline address book settings. You don't want to need to reboot your Exchange Server 2007 box when users are already working on it and you want to test everything in advance.
-
Test everything using test accounts or by setting up a pilot with some of the most annoying end users in your environment. Don't just rely on your own instincts. (Make someone) communicate the findings of these tests to your end users when it might impact their Exchange behavior
-
While moving mailboxes from one server to another keep a close eye on your transaction logs.
-
Before you uninstall Exchange Server from the previous Exchange server make sure no mail flows through the box (change your incoming and outgoing mail flow settings, think about your firewall) and no information gets lost. The Exchange Setup wizard will check whether any mailboxes are remaining on the box (there will be some systemboxes, which aren't showstoppers)
Management separation
Managing Exchange Server 2007 is a little bit different compared to managing Exchange Server 2003. After installing the first Exchange Server 2007 box in your environment you should acquaint yourself with managing Exchange related stuff through the Exchange Management Console instead of using the Active Directory Users and Computers MMC Snap-in (dsa.msc).
When you're used to running Active Directory Users and Computers and the Exchange Server 2003 Management Console from an admin workstation, please install the (32bit or 64bit version of the) Exchange 2007 Management Console and start using it. Uninstall the Exchange Server 2003 Management Console.
-
