Migrate AD users from 2003 to 2008

Fri, 22 Feb 2008 11:25:04 Z

Hi.

I've never migrated users from one domain controller to another. Now i'm about to move users from an existing pcd on windows 2003 to another that will we running as pcd on windows 2008 i need help. What's the best way? How can I migrate all DNS info, user, computers etc.. to the new machine that will replace the existing pcd?

Migrate AD users from 2003 to 2008

Fri, 22 Feb 2008 13:33:59 Z

In your scenario the best way to replace your current Windows Server 2003 Active Directory Domain Controller with a spanking new Windows Server 2008 Domain Controller is to transition your domain.

In a transition scenario you prepare your current domain for Windows Server 2008 Domain Controllers and then implement the new server as an extra Domain Controller for your domain. After transferring the roles you can get rid of the initial Domain Controller. The higl level steps are below:

Provide a static IP address to the Windows Server 2008 box you intend to use as Domain Controller
Prepare your Active Directory environment for the first Windows Server 2008 Domain Controller by running adprep.exe with the needed switches.
Make the Windows Server 2008 box an extra Domain Controller for your existing domain by running dcpromo.exe
Make the new server a Global Catalog server
When your Windows Server 2003 Domain Controller is the only DNS Server, convert your DNS zone into an Active Directory Integrated Zone. Install DNS on the new server and it will automatically be populated. If another server is your DNS Server you need not do anything with DNS
Migrate any data you'd want to migrate to the new Windows Server 2008 box (except for the SYSVOL and NETLOGON shares, these will be copied automatically)
Migrate any Server roles you'd want to migrate to the new Windows Server 2008 box (think about Certificate services, DHCP, Print Server and any business specific application at this moment)
Transfer all the FSMO roles from the Windows Server 2003 Active Directory Domain Controller to the Windows Server 2008 Domain Controller.
Get rid of your Windows Server 2003 box as a Domain Controller by demoting is using dcpromo.exe
Optional: (see step 4) When your current Domain Controller is DNS Server and you don't want it to be anymore be sure to change this information on your clients (change DHCP option, when DHCP is available) and reconfigure your DNS zones not to include the old server anymore.
Remote the Windows Server 2003 box from the domain and delete its computer account from Active Directory.
Get rid of your Windows Server 2003 box.

Note:

If you want to keep your Windows Server 2003 box, except for its Domain Controller role, you can leave behind steps 5-7 and 9-12.

Transitioning your Active Directory will not require you to configure anything on the desktops of your users and your users can start using the server right away, since each Active Directory Domain Controller stores a copy of the Active Directory information, like users, computers, etc. and the NETLOGON and SYSVOL shares.

When done right your colleagues might not even suspect a thing! The downside is you need to know exactly what you're doing, because things can go wrong pretty fast.

Migrate AD users from 2003 to 2008

Fri, 22 Feb 2008 19:26:42 Z

Hi,

Also if you are interested, you can have an in place .

Read the article : In-Place Upgrade from W2K3 DC to Windows Server 2008

_____________________________

Tarek Majdalani
Computer Engineer, CIW, MCSA: Security 2000/2003, TS: Windows Vista
MVP -- ISA Firewalls
Website : http://www.elmajdal.net/Win2k8

Migrate AD users from 2003 to 2008

Fri, 22 Feb 2008 22:00:07 Z

Im not interessted of an inplace upgrade atm. This upgrade is due to machine upgrade and so i'm also upgrade the OS.

Seems like replicating the accounts would be easier. Joining the new DC into the existing forest and let it copy everything.

Also what i am worried about is the exchange upgrade. I know 2007 separates mailboxes and the AD accounts. Should I prep the current AD somehow?

Migrate AD users from 2003 to 2008

Sat, 23 Feb 2008 08:09:05 Z

wizzler wrote:

Also what i am worried about is the exchange upgrade. I know 2007 separates mailboxes and the AD accounts. Should I prep the current AD somehow?

I'll assume you're currently running Exchange Server 2003 and want to move your users' mailboxes over to Exchange Server 2007.

Preparing Active Directory

You're right in asking yourself whether you need to prepare the Active Directory for Exchange Server 2007. You need to prepare the domain. The Microsoft Exchange 2007 Setup has the tool to prepare your Active Directory built-in.

As described here you need to perform the following four commands before installing your first Exchange Server 2007 box:

setup /PrepareLegacyExchangePermissions

setup /PrepareSchema

setup /PrepareAD

setup /PrepareDomain or setup /PrepareAllDomains

Note:

Microsoft Exchange communicates with Active Directory through Global Catalogs using MAPI. Although the Active Directory Sites and Services MMC Snap-in doesn't ask for it you need to restart a Domain Controller at least one time after making it a Global Catalog before it starts talking MAPI.

Microsoft recommends running these steps on the Domain Controller holding the Schema master FSMO role. When this server is a 32bit box, download the 32bit (trial) version of Exchange Server 2007 to prepare the Active Directory.

Other requirements apply to Exchange Server 2007. The setup program checks (most) of these and will provide you warnings and errors on these conditions, as well as guidance to correct any conditions.

Common pitfalls when migrating Exchange

Read Common Mistakes When Upgrading Exchange 2000/2003 To a Exchange 2007 (twice)

In addition to this invaluable Microsoft Knowledge Base article you might avoid common pitfalls when migrating your Exchange environment by taking a look at the following tips:

While thinking about the dimensions for the new Exchange server, think about placing the Exchange database and Exchange Transaction Logs on different partitions (or volumes) than your Operating System.

While determining the size of your current Exchange database keep in mind your users will likely be changing their behavior to common standards, which might mean they will want to store 3 times more mail in the 4 years to come.

(Make someone) communicate to your end users their Exchange experience is about to change.

Educate your end users (especially when you want to upgrade Outlook as well)

Document your firewall settings and mail flow before you begin.

Drink something to keep you awake before your begin.

Update your previous Exchange servers to the latest patchlevel (use MBSA)

Eliminate any smarthost settings at the host level. Apply these settings per routing group

Ensure proper communication is possible on the required ports for all Exchange Servers and Active Directory Domain Controllers

Ensure replication between Domain Controllers is working flawlessly

Before you put your Exchange Server into production make sure you configured anti-virus, anti-spam, anti-malware, backup, disclaimers, outlook web access, public folder replication, and the offline address book settings. You don't want to need to reboot your Exchange Server 2007 box when users are already working on it and you want to test everything in advance.

Test everything using test accounts or by setting up a pilot with some of the most annoying end users in your environment. Don't just rely on your own instincts. (Make someone) communicate the findings of these tests to your end users when it might impact their Exchange behavior

While moving mailboxes from one server to another keep a close eye on your transaction logs.

Before you uninstall Exchange Server from the previous Exchange server make sure no mail flows through the box (change your incoming and outgoing mail flow settings, think about your firewall) and no information gets lost. The Exchange Setup wizard will check whether any mailboxes are remaining on the box (there will be some systemboxes, which aren't showstoppers)

Management separation

Managing Exchange Server 2007 is a little bit different compared to managing Exchange Server 2003. After installing the first Exchange Server 2007 box in your environment you should acquaint yourself with managing Exchange related stuff through the Exchange Management Console instead of using the Active Directory Users and Computers MMC Snap-in (dsa.msc).

When you're used to running Active Directory Users and Computers and the Exchange Server 2003 Management Console from an admin workstation, please install the (32bit or 64bit version of the) Exchange 2007 Management Console and start using it. Uninstall the Exchange Server 2003 Management Console.

Migrate AD users from 2003 to 2008

Wed, 05 Mar 2008 02:11:48 Z

Hi Sander,

I'd like to ask your expertise on this subject.I'm also on the same boat. I'm also planning to migrate my Windows 2003 server (DC and File server) to a different machine. It's a small system, with only 12 terminals attached to it.

My first question is, the current Domain Controller is using a pre-W2k domain name. The FQN of the DC is uhc_maindomain1.uhc.maindomain1.com but the pre-W2k domain is UHCMAINDOMAIN1 (notice: dot between uhc and maindomain1). When users connect to the Domain, they connect to UHCMAINDOMAIN1.

Second, The DNS is active but there are no zone entry in both Forward lookup and Reverse. Does this mean that I need to create the zone? if yes, how do I do this?

Third, In posting, item# 2:

Prepare your Active Directory environment for the first Windows Server 2008 Domain Controller by running adprep.exe with the needed switches.

Are you referring to the target machine or the original DC and what are the needed switches? Can you give an example on the switches?

Lastly, If I upgrade my DC from W2K3 to W2K8 server, would this upgrade affect the current Active Directory? Can you also give me upgrade path from W2K3 to W2K8?

I strongly agree with you, if this is not done correctly things would go wrong.

I appreciate any help you could give me. Hope to hear from you soon.

Best regards,
JB

Migrate AD users from 2003 to 2008

Wed, 05 Mar 2008 07:53:20 Z

jessb3 wrote:

the current Domain Controller is using a pre-W2k domain name. The FQN of the DC is uhc_maindomain1.uhc.maindomain1.com but the pre-W2k domain is UHCMAINDOMAIN1 (notice: dot between uhc and maindomain1). When users connect to the Domain, they connect to UHCMAINDOMAIN1.

I think your question would be whether this poses a problem.

What I think you're actually referring to as the pre-Win2k name is actually the NETBIOS name for the domain. The NETBIOS name is used in a couple of situations, for example the logon screen on your workstations. It will not pose a problem when your DNS is working properly.

jessb3 wrote:

Second, The DNS is active but there are no zone entry in both Forward lookup and Reverse. Does this mean that I need to create the zone? if yes, how do I do this?

When this DNS server is used in your environment (set as the primary DNS server in the IP configuration of your workstations) you should correct this, since your DNS is not working properly and Active Directory relies heavily on it. Please take a look at Microsoft KnowledgeBase article 260371 for troubleshooting steps.

jessb3 wrote:

Adprep. Are you referring to the target machine or the original DC and what are the needed switches? Can you give an example on the switches?

You should run adprep on your original DC before installing the new DC. I actually wrote a rather large blogpost on the subject of transitioning. It contains a lot of information, but for the switches the relevant part is below:

Command	Domain Controller
adprep.exe /forestprep	Schema Master
adprep.exe /domainprep	Infrastructure Master
adprep.exe /domainprep /gpprep	Infrastructure Master
adprep.exe /rodcprep *	Domain Naming Master

* Optional when you want to deploy Read Only Domain Controllers.

In your case all commands FSMO roles would run on your original DC.

Migrate AD users from 2003 to 2008

Tue, 11 Nov 2008 09:48:46 Z

Hi,

Two additional question related to AD migration from 2003 to 2008:

1. GPO - in the transition scenario where we keep all AD 2003 settings and users is there any way to "reset" the Group Policy to the default for AD 2008 settings? In other words to avoid inheriting/transitioning the existing Group Policy settings from the old domain.

2. Exchange 2003 - considering we transition AD to 2008 and have Exchange 2003 running on the same machine where the old AD 2003 domain controler is. Will the Exchange 2003 continue working properly? Can we demote its machine?

Best Regards,
Milko

Migrate AD users from 2003 to 2008

Fri, 12 Dec 2008 16:36:55 Z

Hi I am about to migrate my Domain controller running Windows Server 2003 to 2008. I also running Exchange Server 2003 and want to move the mailboxes to Exchange Server 2007 into the new 2008 server. Do I migrate Exhange or Domain Controller first ? Also, have you got any documentation on this ?