Migrate a Windows Server 2000 to 2012

All replies

• 

  

  1

  Sign in to vote

  Hi,

  "as the minimum functional level is Windows server 2003 there is no direct upgrade possible from Windows 2000 anymore".

  See this thread:
  Upgrade Windows 2000, 2003, 2008 & R2 Active Directory to 2012
  http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/caf4c5e8-28fd-461a-8f9c-190a0b6ef7b0

  You would require to move file shares using File server migration tool (FSMT). However, if you follow the below steps you would not require to join the computers to the domain.

  you can proceed like the following:

  1. Upgrade to AD DS 2008 / 2008 R2: http://www.microsoft.com/en-us/download/details.aspx?id=6170
  2. Introduce a new DC / DNS / GC server running Windows Server 2008 or Windows Server 2008 R2 as OS
  3. Transfer FSMO roles to the new DC: http://support.microsoft.com/kb/255690/
  4. If possible, add another DC / DNS / GC server running Windows Server 2008 or Windows Server 2008 R2 as OS
  5. Use dcdiag and repadmin to check the health of your DCs and the AD replication status. If everything is fine then decommission the old Windows Server 2000 DCs
  6. Raise your DFL and FFL to Windows Server 2003 or higher:http://support.microsoft.com/kb/322692
  7. Upgrade to AD DS 2012: http://www.windowsitpro.com/article/scripting-tools-and-products/windows-server-2012-simplifies-active-directory-upgrades-deployments-143654
  8. Introduce your new servers running Windows Server 2012 and make them DC / DNS / GC servers
  9. Transfer FSMO roles to one of the new DCs
  10. Demote the transition DCs after checking the DCs health and the AD replication status

  Steps Ref: http://social.technet.microsoft.com/Forums/windowsserver/en-US/db8156af-1985-4500-965a-32d4632a3843/migration-from-2000-ad-to-2012

  ---

  Best regards,
  
  Abhijit Waikar.
  MCSA | MCSA:Messaging | MCITP:SA | MCC:2012
  Blog: http://abhijitw.wordpress.com
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

  • Proposed as answer by Christoffer Andersson Tuesday, July 23, 2013 6:12 PM
  • Marked as answer by Vivian_Wang Monday, July 29, 2013 2:11 AM

  Tuesday, July 23, 2013 5:40 PM
• 

  

  1

  Sign in to vote

  Hello,

  as WIndows server 2012 require a minimum functional level of Windows Server 2003 you are NOT able to a direct upgrade to a Windows server 2012 domain. You have first to change to at least Windows server 2003. Depending on the software you will use see the following articles for the domain upgrade. I recommend to go to Windows server 2008 R2.

  Be aware that other software MUST be compatible with Windows server 2012, so contact the vendors BEFORE starting!!!

  2000 to 2008 R2 http://msmvps.com/blogs/mweber/archive/2010/02/06/upgrading-an-active-directory-domain-from-windows-server-2000-to-windows-server-2008-or-windows-server-2008-r2.aspx

  2000 to 2003 R2 http://msmvps.com/blogs/mweber/archive/2010/02/13/upgrading-an-active-directory-domain-from-windows-server-2000-to-windows-server-2003-or-windows-server-2003-r2.aspx

  2003 R2 to 2012 http://msmvps.com/blogs/mweber/archive/2012/07/30/upgrading-an-active-directory-domain-from-windows-server-2003-or-windows-server-2003-r2-to-windows-server-2012.aspx

  2008 R2 to 2012 http://msmvps.com/blogs/mweber/archive/2012/07/27/upgrading-an-active-directory-domain-from-windows-server-2008-or-windows-server-2008-r2-to-windows-server-2012.aspx

  ---

  Best regards

  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://msmvps.com/blogs/mweber/

  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

  • Marked as answer by Vivian_Wang Monday, July 29, 2013 2:11 AM

  Wednesday, July 24, 2013 7:09 AM
• 

  

  0

  Sign in to vote

  Thank you all.  First I should mention that I cannot upgrade the current server.  It has a 12Gb system drive with 2 Gb left on it and 1 Gb of memory.

  So, I need to do this by somehow migrating over to the new box which is running 2012, and I have a VM on it of 2008 R2.  Let me talk a little about the old box.  

  It is serving up about 36 Gb of file share

  It has 25 user directories.

  It is not sharing printers

  It is hosting a Quickbooks Db

  It is the DHCP Server

  It is the DNS Server, but with an odd configuration as it does not point to itself:

  Connection-specific DNS Suffix  . : 
  Description . . . . . . . . . . . : Intel(R) PRO/1000 XT Network Connection
  Physical Address. . . . . . . . . : 00-0B-DB-93-32-4E
  
  DHCP Enabled. . . . . . . . . . . : No
  
  IP Address. . . . . . . . . . . . : 192.168.187.55
  
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  
  Default Gateway . . . . . . . . . : 192.168.187.1
  
  DNS Servers . . . . . . . . . . . : 75.75.75.75
                                     75.75.76.76

  It is the only server/DC on the network

  Now, I'm thinking I could migrate first to a 2003 VM, then to the 2008 VM, then to the main server if I can't go directly to the 2008 VM.

  Alternatively I could just install the machine, copy the data over, and manually add the 25 users and recreate the groups (there might be 5 security groups) and the 2 shared directories.  Then just setup the DHCP scope and walk around and join each computer in the office to the new domain.  I mean what would I lose by doing it this way?

  Jim

  ---

  -Jim

  Saturday, August 10, 2013 4:07 PM
• 

  

  0

  Sign in to vote

  Hello,

  first, please do NOT use public DNS Servers on Domain Controllers, you WILL run into trouble with this at least at the moment you install the second DC. You should even now have problems with slow startup/logons and GPOs may not be applied correct.

  In a domain DNS is the most important server role and as the external ISPs do NOT know what you run internally with your private ip range 192.168.x.x they are NOT able to resolve your used domain name.

  So use ONLY the internal domain DNS server, in your case the DC itself, on ALL domain computers. To have internet access from the domain and correct name resolution the DNS server has to be enabled the FORWARDERS in the DNS server properties in the DNS management console.

  So before adding the new OS DC please change the internal DNS servers and add the FORWARDERS with the public ip addresses 75.x.x.x. After the change run ipconfig /flushdns and ipconfig /registerdns and restart the netlogon service on the DC and reboot ALL other domain machines.

  In your case use my mentioned option "2000 to 2008 R2" and then "2008 R2 to 2012". There is NO need to go over Windows Server 2003.

  Of course you can built a new forest domain and add all user accounts, security groups, GPOs etc. and data to it. BUT keep in mind that all user profiles locally are NEW created and all profiles must be either copied from the other profile to have most settings available again. Also user will have a new password and data shares must be set with new NTFS/SHARE permissions for the new created security groups.

  If you can live with the pitfalls then a new domain is also an option. This decision has to be made from yourself. And also for the new domain, if you built it the DNS part as above is the same. DO NOT USE external DNS servers for your internal name resolution.

  ---

  Best regards

  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://msmvps.com/blogs/mweber/

  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

  Saturday, August 10, 2013 5:58 PM
• 

  

  0

  Sign in to vote

  Meinolf,

  You put it very well.  Yes, I'm aware of all the DNS issues.  I had no idea that this is how the old server was set up, I didn't build it. I was amazed that things were running so well this way when I just saw it.  Rest assured, I will build the new one the way you speak of.

  I  will look at your 2000-->2008 instructions again.

  I will be going from the 2000 server to a 2008 R2 server I built in a VM on the physical 2012 server we just purchased.  What would you recommend to migrate from the VM to the physical box?  Your instructions in your 4th link are for an upgrade.

  Thanks,

  Jim

  ---

  -Jim

  Sunday, August 11, 2013 1:36 PM
• 

  

  0

  Sign in to vote

  Hello,

  all articles about adding a new OS DC to an existing domain so NOT an upgrade on one machine.

  If you use VMs or physical machines doesn't matter, steps are the same, just you need the correct drivers for the OS.

  ---

  Best regards

  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://msmvps.com/blogs/mweber/

  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

  Sunday, August 11, 2013 4:58 PM
• 

  

  0

  Sign in to vote

  Meinolf,

  Thanks, I am following your procedure to do this and am now at the adprep phase.  My question is if I am doing this a bit at a time as my schedule permits, can I run this against the Windows 2000 server while it is still serving as their only server or will it do anything to AD to prevent them from using it until I can proceed further?

  -Jim

  ---

  -Jim

  Saturday, August 17, 2013 5:27 PM
• 

  

  0

  Sign in to vote

  Hello,

  adprep commands can be run of course on a single DC. Just insert the Windows server 2008 R2 disk into the DC and use the adprep32.exe.

  Be aware that on Windows 2000 DCs there was not always schema change enabled in the registry, check with http://support.microsoft.com/kb/216060/en-us

  ---

  Best regards

  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://msmvps.com/blogs/mweber/

  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

  Sunday, August 18, 2013 10:11 AM
• 

  

  0

  Sign in to vote

  Ok, thanks.  I won't be available to help them until the end of the week so I  didn't want to run this now and then not have them be able to log in or use Quickbooks  tomorrow.

  
  

  ---

  -Jim

  
  

  • Edited by jtpryan Sunday, August 18, 2013 8:41 PM

  Sunday, August 18, 2013 8:35 PM
• 

  

  0

  Sign in to vote

  OK, just for my own education.  Why could I not use a tool such as this to simply export/import all my users and groups, then backup the shared files directory and restore it on the new server?  Just want to understand what I would be missing.

  -Jim

  ---

  -Jim

  Monday, August 19, 2013 1:48 PM
• 

  

  0

  Sign in to vote

  Hello,

  there are limits when importing accounts from textfiles, you can also use ldifde as described in http://support.microsoft.com/kb/237677/en-us but see the limits.

  ---

  Best regards

  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://msmvps.com/blogs/mweber/

  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

  Monday, August 19, 2013 6:33 PM
• 

  

  0

  Sign in to vote

  OK, I'm proceeding with your procedure above.  Adprep /forestprep went fine but when I tried to run Adprep /domainprep I got:
  
  
  D:\upgrade\adprep>adprep32 /domainprep
  Running domainprep ...
  
  
  Adprep detected that the domain is not in native mode
  [Status/Consequence]
  Adprep has stopped without making changes.
  [User Action]
  Configure the domain to run in native mode and re-run domainprep
  
  Not sure what exactly this is referring to.  Do I have do demote it before running this?
  
  -Jim

  ---

  -Jim

  Saturday, August 24, 2013 12:07 AM
• 

  

  0

  Sign in to vote

  Got it figured out.  Thanks

  -Jim

  ---

  -Jim

  Saturday, August 24, 2013 12:08 PM
• 

  

  0

  Sign in to vote

  Meinolf,

  I seem to have run into a major obstacle, or perhaps not one at all.  I posted this in the hyper-v forum:

  I have a 2012 server with a 2008 R2 VM running on it.  I staged this at home and all was fine.  I then changed the IP's to static and moved it to the client site.  Once there for some reason I can no longer browse the web from within the VM.  I gat back "cannot display page" errors.

  Tracert to a site goes all the way through

  Cannot get to a site by IP or name.

  The host can still browse the web fine.

  --end of other post

  Ok, so the bottom line is the 2008 VM cannot browse the web but everybody else can.  I tried both IE and Chrome.  Same thing.  Yes, I did make the DNS changes you talked about on the original 2000 server that is still the DC/DNS/DHCP server.  I am at the point of your procedure where I am to run dcpromo.  But my concern is that this might be a real problem if I do that before finding a solution to the web browsing issue as something is clearly wrong

  If you don't know the solution to this do you think I need to solve it?  I mean in the end the 2008 server will go away as the final path is to the 2012 host server.

  Thank you so much for any help, gotta get this done this weekend.

  ---

  -Jim

  
  

  • Edited by jtpryan Saturday, August 24, 2013 3:48 PM

  Saturday, August 24, 2013 3:47 PM
• 

  

  0

  Sign in to vote

  I finally gave up and built a new 2008 R2 VM.  This is working fine.  However, I got the following error running dcpromo:

  There is currently 1 DNS server that is registered as an authoritative name server for this domain.
  
  A domain controller running Windows Server 2008 or Windows Server 2008 R2 could not be located in this domain. To install a read-only domain controller, the domain must have a domain controller running Windows Server 2008 or Windows Server 2008 R2.
  
  The forest functional level is Windows 2000. To install a read-only domain controller, the forest functional level must be Windows Server 2003 or higher.

  I hit next and got a dialog box with:

  A delegation for this DNS server cannot be created because the authoritative parent zone cannot be found or it does not run windows DNS server.  If you are integrating with an existing DNS infrastructure, you should manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain "domain name".  Otherwise, no action is required.

  Do you want to continue?

  I went ahead and things appear to have gone well from what I can see

  Everything passed in DCDiag on the new server except:

           A warning event occurred.  EventID: 0x00000018
              Time Generated: 08/24/2013   15:54:32
              Event String:
              Time Provider NtpClient: No valid response has been received from do
  main controller BE2600.BostonEnv.local after 8 attempts to contact it. This doma
  in controller will be discarded as a time source and NtpClient will attempt to d
  iscover a new domain controller from which to synchronize. The error was: The cl
  ient fails authenticating a response with netlogon failure.
           An error event occurred.  EventID: 0x00000456
              Time Generated: 08/24/2013   15:57:52
              Event String:
              The processing of Group Policy failed. Windows could not determine i
  f the user and computer accounts are in the same forest. Ensure the user domain
  name matches the name of a trusted domain that resides in the same forest as the
   computer account.

  ---

  -Jim

  Saturday, August 24, 2013 8:26 PM
• 

  

  0

  Sign in to vote

  Hello,

  please post an unedited ipconfig /all from the new machine and ALL existing DC/DNS servers in the domain.

  ---

  Best regards

  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://msmvps.com/blogs/mweber/

  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

  Sunday, August 25, 2013 1:47 PM
• 

  

  0

  Sign in to vote

  OK, here is the new 2008 R2 server:

  
  Windows IP Configuration
  
     Host Name . . . . . . . . . . . . : BE20081
     Primary Dns Suffix  . . . . . . . : BostonEnv.local
     Node Type . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . : No
     WINS Proxy Enabled. . . . . . . . : No
     DNS Suffix Search List. . . . . . : BostonEnv.local
  
  Ethernet adapter Local Area Connection:
  
     Connection-specific DNS Suffix  . : 
     Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Adapter
     Physical Address. . . . . . . . . : 00-15-5D-01-71-01
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     Link-local IPv6 Address . . . . . : fe80::e90f:409e:ab97:9b1b%11(Preferred) 
     IPv4 Address. . . . . . . . . . . : 192.168.187.3(Preferred) 
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 192.168.187.1
     DHCPv6 IAID . . . . . . . . . . . : 234886493
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-AA-D1-E2-00-15-5D-01-71-01
     DNS Servers . . . . . . . . . . . : ::1
                                         192.168.187.3
                                         192.168.187.55
     NetBIOS over Tcpip. . . . . . . . : Enabled
  
  Tunnel adapter isatap.{6A5474E5-01B7-4C12-901A-FBD947009D5E}:
  
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . : 
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes

  The old, Windows 2000 server:

  
  Windows 2000 IP Configuration
  
  
  
  Host Name . . . . . . . . . . . . : BE2600
  Primary DNS Suffix  . . . . . . . : BostonEnv.local
  Node Type . . . . . . . . . . . . : Hybrid
  
  IP Routing Enabled. . . . . . . . : No
  
  WINS Proxy Enabled. . . . . . . . : No
  
  DNS Suffix Search List. . . . . . : BostonEnv.local
  
  Ethernet adapter Local Area Connection:
  
  
  
  Connection-specific DNS Suffix  . : 
  Description . . . . . . . . . . . : Intel(R) PRO/1000 XT Network Connection
  Physical Address. . . . . . . . . : 00-0B-DB-93-32-4E
  
  DHCP Enabled. . . . . . . . . . . : No
  
  IP Address. . . . . . . . . . . . : 192.168.187.55
  
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  
  Default Gateway . . . . . . . . . : 192.168.187.1
  
  DNS Servers . . . . . . . . . . . : 192.168.187.55

  Hmmm I just noticed I didn't add the new server to the old servers DNS, should I have?

  Anyway, I did go to the site last night, took the old server off the network and rebooted a couple of machines and all seemed OK.  

  I transferred DHCP using this procedure.

  I am currently transferring the files using the Microsoft File Server Migration Wizard.  I then plane to start the move from 2008-->2013.

  By  the way, do you see any issues following your 2008-->2013 migration procedure with the fact the 2008 R2 server is a Hyper-v VM on the same physical box as the new 2013 server?

  ---

  -Jim

  
  
  

  • Edited by jtpryan Sunday, August 25, 2013 3:28 PM

  Sunday, August 25, 2013 3:15 PM
• 

  

  0

  Sign in to vote

  Hello,

  assuming that the new machine is NOT DNS server until now and before the promotion then DON'T use this on any NIC as DNS server. Work ONLY with the existing DC/DNS server on the NIC and NONE else.

  Also uncheck the IPv6 registration options and remove the IPv6 DNS server ::1 on the IPv6 NIC settings. Just set it to automatic instead.

  ---

  Best regards

  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://msmvps.com/blogs/mweber/

  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

  
  

  • Edited by Meinolf Weber Sunday, August 25, 2013 6:15 PM typo

  Sunday, August 25, 2013 3:39 PM
• 

  

  0

  Sign in to vote

  Meinolf,

  Sorry, I'm confused (I had asked a lot of questions).  I will have, eventually 3 servers running:

  original 2000 server BE2600 192.168.187.55

  the new 2008 R2 server BE20081 192.168.187.3 Currently running

  The new 2012 Server BE2013 192.168.187.4 

  Are you saying that I should only use one IP on each server as the DNS server and that it should be (at this point) 192.168.187.3?

  
  

  ---

  -Jim

  Sunday, August 25, 2013 4:25 PM
• 

  

  0

  Sign in to vote

  Hello,

  you should use ONLY the running and healthy DC/DNS server on ALL machines NICs and NONE else until everything is running fine.

  If all problems are solved you can go on with the use from new DNS servers.

  ---

  Best regards

  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://msmvps.com/blogs/mweber/

  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

  Sunday, August 25, 2013 6:37 PM
• 

  

  0

  Sign in to vote

  Meinolf,

  Thank you.  I will change each of the 3 machines to point to 192.168.187.3 ONLY.  So, I will have BE2600 as a CD and BE20081 as a DC.  BE2013 is a memberserver.  Both BE2600 and BE20081 are running DNS.  The NIC on BE2600 points to BE20081 as it's DNS server as does BE2013.  BE20081 points to itself.

  I have not demoted BE2600 yet.

  ---

  -Jim

  Monday, August 26, 2013 7:09 PM