none
Adding a 2008 R2 Domain Controller to 2003 Environment, then remove the 2003 server

    Question

  • Hi all. We have a 2003 server that is our DC. We do not run Exchange, or any other types of specialized things on it. It is strictly used for authenticating users and sharing files.

    A couple of weekends ago, we attempted to migrate the server  to a new 2008 R2 box and wanted to make that the new DC and get rid of the 2003 server. We were going to use the 3.2 migration tool, but ran into several problems when we attempted it at first. 

    The main reason we wanted to use the migration tool to move the user and computer accounts so that all of the user profiles would work seamlessly (or close to). However, it seems that the 2003 DC is set up for 2000 Native Active Directory.  According to the 3.2 migration manual, it needs to be at least up to 2003. We ran into problems trying to raise the level as it appears there was another DC on the network at some point that is no longer there (I'm assuming that they just shut it off and got rid of it and didn't follow the proper steps). I'm pretty sure that is why it will not let us raise the level. So with that being stuck, I'm not sure that a migration is possible.

    With that being said, I'm wondering if it would be possible to add the new 2008 box as a new DC under the existing one, transfer the roles to the 2003 box, then get rid of the 2003 DC?  I can manually copy the data from one server to the other and recreate the shares and mapped drives, etc., on the workstations, so that is not an issue. My main concern is the user profiles on the workstations working the same and keeping all the the data and settings, but just logging onto the new server.

    I hope that makes sense and that I didn't leave anything out. All help is appreciated. Thank you very much.

    Monday, September 12, 2011 2:32 AM

Answers

All replies

  • What error message did you receive when you try to raise the functional level?

    >>appears there was another DC on the network at some point that is no longer there

    You can perform metadata cleanup to remove the DC reference from the database - http://technet.microsoft.com/en-us/library/cc736378(WS.10).aspx

    >>With that being said, I'm wondering if it would be possible to add the new 2008 box as a new DC under the existing one, transfer the roles to the 2003 box, then get rid of the 2003 DC?

    Yes.  Here are the step-by-step instructions - http://social.technet.microsoft.com/wiki/contents/articles/2903.aspx

    Btw, what are you trying to accomplish? Just an upgrade or new domain and a migration using ADMT?


    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+| Houston, TX
    Blogs - http://blogs.sivarajan.com/

    FaceBook Twitter LinkedIn SS Tech Forum

    This posting is provided AS IS with no warranties,and confers no rights.
    Monday, September 12, 2011 3:06 AM
  • Hi,

    It sound like you need to cleanup metadata.

    Refer the below article to perform metadata cleanup & remove the traces, if metadata cleanup is already performed.

    Metadata Cleanup of a Domain controller

    http://awinish.wordpress.com/2011/05/08/metadata-cleanup-of-a-domain-controller/

    Also Check the schema Version Before addition of 2008 R2 DC(It Should be 47).

    How to check schema version

    http://support.microsoft.com/kb/556086

    Then You install 2008 R2 DC and Transfer Fsmo roles to this DC . Then retire old 2003 Server.


    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, September 12, 2011 3:19 AM
  • Thank you for the quick response. It is actually perfect since I was actually doing some testing on it right now.

    We would like to retire the existing 2003 server and work completely off of the new 2008 server which is much faster and has a lot more storage on it. That is the ultimate goal. It doesn't matter to me if we use the migration tool, or somehow add this DC in and retire the old one. As long as the user accounts work when the users log in and all of their settings are the same.

    When I try to raise the functional level of the AD, I get a "The functional level could not be raised. The error is: The directory service is busy."

    I did a little research on this, and ran the replmon from the existing server and got 3 errors that the RPC server is unavailable, 2 The remote system is not available, and the last entry says (with the old server name): Error: Server Unreachable.

    Thanks again for your help.

     

    Monday, September 12, 2011 3:21 AM
  • Another quick followup, I just ran netdom query fsmo on the existing server, and the Schema Owner and Domain Role Owner point to the server that is no longer there. Everything else points to the existing server that is still online. I hope that helps.

    I will check tomorrow if the old server is still available somewhere in the building. There is a slight chance that it is there.

    Monday, September 12, 2011 3:27 AM
  • Hi,

    when you would seize the fsmo roles to the new server, please follow the following manuals:

    http://support.microsoft.com/kb/255504/en-us

    http://www.petri.co.il/seizing_fsmo_roles.htm

    But keep in mind, when you seize the fsmo roles the old dc must not go online again.


    Martin Forch
    Monday, September 12, 2011 4:11 AM
  • Your post is actually confusing to me, are you performing migration or transition/upgrade of current windows 2003 to 2008 R2 domain. Looking at your scenario it is actually transition not migration. ADMT tool is only required when you want to migrate object from one domain to another, it can be domain in same forest or another forest.

    When raising the DFL/FFL, DC holding the FSMO role must be contactable. Either FSMO role is down or can't be reachable due to connectivity issues.

    Is all your domain DC's are running with windows 2003 or 2008 to raise the FFL to windows 2003 or 2008. To raise the DFL to windows 2008, all the DC has to be on windows 2008 & to raise the forest functional level all the domain has to be at appropriate level of highest OS in domain.

    FYI: Domain member can run on any OS, DFL/FFL doesn't depends on OS on member server but on DC.

    http://technet.microsoft.com/en-us/library/cc787290%28WS.10%29.aspx

    RPC error are due to blocking or ports or connectivity issue, you can use port query tool & make sure all the DC's are communicable.

    http://blogs.technet.com/b/abizerh/archive/2009/06/11/troubleshooting-rpc-server-is-unavailable-error-reported-in-failing-ad-replication-scenario.aspx

    Read the below article, how to upgrade the current AD infrasturtcure to introduce windows 2008 R2 as an additonal domain controller in windows 2003 domain & later, you can transfer FSMO role to windows 2008 R2 DC & can get rid of windows 2003 DC, but not before making sure replication has taken place between windows 2003 & 2008. If there is issue in adding windows 2008 DC in windows 2003 environment that means your AD is not healthy or there issues in the infra.

    Upgrade from Windows 2000/2003 to 2008/2008 R2 Domain Controllers

    http://awinish.wordpress.com/2011/03/04/upgrade-from-windows-2003-to-20082008-r2-domain-controllers/ 

    If you don't understand, please explain your domain environment.

     

    Regards


    Awinish Vishwakarma

    MY BLOG:  http://awinish.wordpress.com


    This posting is provided AS-IS with no warranties/guarantees and confers no rights.
    Monday, September 12, 2011 6:37 AM
    Moderator
  • Hi,

    Check the server if it is there bring it online(Hope you have not cleared the metadata already and it was not offline for more than tumbstone life cycle.)

    However you can always seize the Roles to 2003 server.


    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, September 12, 2011 7:25 AM
  • Awinish: Sorry if this is a little confusing. This is all a little new to me. As I mentioned above, the ultimate goal is to get this new 2008 server on the network as the main DC, and to get rid of the 2003 box. I originally thought that the correct way to do it was with a migration (which is why I mentioned it), but after reading the above answers, I see that is not the correct way. It looks like I should be adding the 2008 box in as a additional DC, transferring all of the roles to the 2008 box, and then demote the existing 2003 box. Now that I know what you're looking for, here is another quick description on what is currently in place: There is a 2003 server that is the current DC. It appears that there was another DC on the network at some point, but it is no longer there. We would like to put the new 2008 server in and make it the main DC and remove the 2003 server. Currently there is only the one server on the network (2003), and when we are finished we would only like to have one server (2008). I hope that makes sense.

    Tanmoy: I will check tomorrow to see if the original server is still available. I'm thinking it is not, but there is a chance it is. But I am almost 100% sure that it has been offline for many months. If the server isn't available, I guess I should go ahead and proceed with the Metadata cleanup as you suggested? 

    From what it sounds like everyone is saying, it looks like I am going to need to do the following to accomplish what I am trying to do. Please feel free to correct me if I am wrong:

    - Perform the Metadata cleanup as Tanmoy and Santhosh mentioned on the existing server.
    - Follow Santhosh's directions in the link he provided with the step by step instructions on how to add the 2008 box into the network and to remove the 2003 box.

    We are hoping to have this finished by next Saturday, so I will be working on this during the week (mostly at night when the servers aren't being used). I'm sure I will have more questions, and I really appreciate everyone's input.

    Thanks again. Bill

    Monday, September 12, 2011 8:40 AM
  • Bill, thanks for clearing it out. Your first task should be get rid off another DC traces from the AD & its database, you can refer below article to perform the metadata cleanup or if metadata cleanup has already been performed, just delete the references from the location listed in below article.

    http://awinish.wordpress.com/2011/05/08/metadata-cleanup-of-a-domain-controller/ 

    You can add new box with windows 2008 SP2 as well as latest SP & patches loaded, point this box to existing windows 2003 DC in their NIC & use local admin account on the windows 2008 box to run dcpromo. Refer earlier posted article to upgrade the schema for windows 2008.

    Once replication is completed from windows 2003 to 2008 DC(also make sure windows 2008 is DNS & GC), point the new DC to itself for DNS in the NIC properties, change the DNS on all the client machine as well as server to new windows 2008 DC for DNS in their NIC.

    On verifying everything is in place, transfer the FSMO role to new DC. http://www.petri.co.il/transferring_fsmo_roles.htm

    For DHCP refer the article http://blogs.technet.com/b/teamdhcp/archive/2009/02/18/migration-of-dhcp-server-from-windows-server-2003-to-windows-server-2008.aspx

    Also, make sure to make new DC holding PDC FSMO role to time server too which requires port 123 UDP needs to be opened on firewall.

    How to configure authoritative time server http://support.microsoft.com/kb/816042

    If, DNS is AD-Integrated, you don't need to anything, just install DNS on new DC & you are done.

    You can demote the DC which is existing on windows 2003 by graceful or forceremoval, force removal requires additional step i.e. metadata cleanup.

    Since, to raise the DFL/FFL all the DC/Domain needs to be windows 2008, make sure you remove the references of all the removed DC as well as going to be demoted windows 2003 DC, else it will not allow you to raise the DFL/FFL to 2008.

    if its possible use latest OS like windows 2008 R2 for better features comparing to windows 2008.


    Regards


    Awinish Vishwakarma

    MY BLOG:  awinish.wordpress.com


    This posting is provided AS-IS with no warranties/guarantees and confers no rights.
    Monday, September 12, 2011 8:55 AM
    Moderator
  • Awinish: Sorry if this is a little confusing. This is all a little new to me. As I mentioned above, the ultimate goal is to get this new 2008 server on the network as the main DC, and to get rid of the 2003 box. I originally thought that the correct way to do it was with a migration (which is why I mentioned it), but after reading the above answers, I see that is not the correct way. It looks like I should be adding the 2008 box in as a additional DC, transferring all of the roles to the 2008 box, and then demote the existing 2003 box. Now that I know what you're looking for, here is another quick description on what is currently in place: There is a 2003 server that is the current DC. It appears that there was another DC on the network at some point, but it is no longer there. We would like to put the new 2008 server in and make it the main DC and remove the 2003 server. Currently there is only the one server on the network (2003), and when we are finished we would only like to have one server (2008). I hope that makes sense.

    Tanmoy: I will check tomorrow to see if the original server is still available. I'm thinking it is not, but there is a chance it is. But I am almost 100% sure that it has been offline for many months. If the server isn't available, I guess I should go ahead and proceed with the Metadata cleanup as you suggested? 

    From what it sounds like everyone is saying, it looks like I am going to need to do the following to accomplish what I am trying to do. Please feel free to correct me if I am wrong:

    - Perform the Metadata cleanup as Tanmoy and Santhosh mentioned on the existing server.
    - Follow Santhosh's directions in the link he provided with the step by step instructions on how to add the 2008 box into the network and to remove the 2003 box.

    We are hoping to have this finished by next Saturday, so I will be working on this during the week (mostly at night when the servers aren't being used). I'm sure I will have more questions, and I really appreciate everyone's input.

    Thanks again. Bill

    Hi

    DO NOT BRING THE OLD SERVER ONLINE .
    You Are going in the right track. Please let us know in case you face any issue.


    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, September 12, 2011 11:08 AM
  • If Schema Master and Domain Naming Master is not online, move/seize them to another DC - http://support.microsoft.com/kb/255504

    Then perform metadata cleanup to remove old DC reference from AD database - http://technet.microsoft.com/en-us/library/cc736378(WS.10).aspx

    Then you can upgrade the AD using this procedure - http://social.technet.microsoft.com/wiki/contents/articles/2903.aspx


    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+| Houston, TX
    Blogs - http://blogs.sivarajan.com/

    FaceBook Twitter LinkedIn SS Tech Forum

    This posting is provided AS IS with no warranties,and confers no rights.
    Monday, September 12, 2011 2:39 PM
  • Thank you to all that have helped out so far. I can't tell you how much I appreciate it. I will begin working on this tonight as it appears I now have the correct steps to get me to where I need to be.

    One last question before I begin tonight, I currently have the AD on the new server already configured, although I forgot which options I selected when setting it up (I originally configured it thinking I was going to do a migration). I'm going to guess that I probably need to remove it, and then re-add and reconfigure it so that it is ready to be joined with the existing DC. Are there any specific steps I need to follow to get it configured correctly?

    Thanks again. Bill

    Monday, September 12, 2011 4:19 PM
  • Refer the below link to configure the additional domain controller. Read the links posted in this thread carefully, before you start.

    http://technet.microsoft.com/en-us/library/cc733027%28WS.10%29.aspx

    http://www.elmajdal.net/win2k8/setting_up_an_additional_domain_controller_with_windows_server_2008.aspx

     

    Regards


    Awinish Vishwakarma

    MY BLOG:  awinish.wordpress.com


    This posting is provided AS-IS with no warranties/guarantees and confers no rights.
    Monday, September 12, 2011 4:22 PM
    Moderator
  • Hello all. I just wanted to give you an update as to where I am currently at with this.

    Tonight, I seized all of the roles on to the existing server since the original server is no longer around. Everything seemed to go smoothly. I then followed the steps to clean up the server metadata and removed the old server traces from the AD. That seemed to go smoothly as well.

    So as it stands right now, all traces of the old server have been removed (I verified this by running netdom query fsmo and it only lists the existing server). I have removed the existing configuration of AD on the new server since it was configured wrong and not for what we are attempting. I am going to read up on the links that Awinish sent about how to configure the new DC so that I am ready to work on that part tomorrow night.

    I'm thinking that if things go smooth tomorrow night, and I am able to add the new box as an additional DC, and if replication occurs, then it should be safe to transfer the roles to the new server, and then decommission the old server which it outlined in the link Santhosh originally sent. At that point they will be working off of the new server and all I will have to do is copy the data to the new server and recreate the shares. Fingers crossed.

    Thank you again to everyone who has helped out and for your continued patience. I will move on to the next steps tomorrow and provide another update.

    Bill

    Tuesday, September 13, 2011 6:53 AM
  • Hi,

    Excellent work. You can use the Robocopy utility to copy all existing data folder with existing ACL . Check the guide below

    http://technet.microsoft.com/en-us/library/cc733145(WS.10).aspx


    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, September 13, 2011 7:28 AM
  • Hi all. I was just reviewing my notes for tonight and wanted to verify something first.

    If I am correct, I will need to run adprep.exe (adprep /forestprep, adprep /domainprep, and then adprep /domainprep /gpprep) on the existing DC prior to installing and configuring the additional domain controller. Is that correct?

    Please let me know your thoughts. Thanks. Bill

    Tuesday, September 13, 2011 11:06 PM
  • Yes, but make sure, if you have OS of 32bit, use adprep32.exe, it is located inside windows 2008 R2 media.More details on below link.

    http://awinish.wordpress.com/2011/03/04/upgrade-from-windows-2003-to-20082008-r2-domain-controllers/


    Regards  


    Awinish Vishwakarma

    MY BLOG:  http://awinish.wordpress.com


    This posting is provided AS-IS with no warranties/guarantees and confers no rights.
    Wednesday, September 14, 2011 5:05 AM
    Moderator
  • Just a quick update from tonight. I was able to prepare the existing DC using adprep. I then joined the new server to the existing domain, and installed and configured AD on it. Everything went smoothly and the user accounts and other info immediately replicated over.

    It looks like all that is left for me to do is to copy the data over on Friday night once everyone is done working, then on Saturday I can transfer all of the roles to the new server, decommission the old server and then take that offline. 

    One question I do have from tonight, on the new server, it shows the AD level as 2000 native still. Once the roles are transferred off of the old server and it is taken offline, should I just leave this at the 2000 level, or raise it to 2003 or 2008?

    Again, thanks to everybody for their help. I'll update one last time once everything is finished and we can close this chapter!  :)

    Bill

    Thursday, September 15, 2011 8:08 AM
  • if you don't have any DC's in windows 2000, you can raise the DFL/FFL to at least windows 2003. if all the DC's are in windows 2008, you can raise the DFL/FFL to windows 2008 to take benefits of windows 2008. member servers are not dependent on DFL/FFL only DC's are dependent.

     

    Regards  


    Awinish Vishwakarma

    MY BLOG:  http://awinish.wordpress.com
    This posting is provided AS-IS with no warranties/guarantees and confers no rights.
    Thursday, September 15, 2011 8:20 AM
    Moderator
  • Hi,

    when you are sure that you only use domain controllers with 2008 R2 you should raise the functional level to 2008 R2. Only with this functional level you have the possibility to use the new recyclebin feature. With every functional level Microsoft implement more features or improve something (like LVR )

    More about the differences between the functional levels you find here

    http://technet.microsoft.com/en-us/library/cc787290%28WS.10%29.aspx

    http://markparris.co.uk/2010/12/07/active-directory-domain-and-forest-functional-levels-3/

     

     

     


    Martin Forch
    • Edited by Martin Forch Thursday, September 15, 2011 8:23 AM
    Thursday, September 15, 2011 8:21 AM
  • Hello all. Well, the day came and went when I was hoping to get rid of the 2003 server and have everything on the new 2008 server, but things did not work out like I had hoped. Here is a quick list of things that I did prior to going to the site on Saturday, and then a brief explanation of what happened afterwards. Hopefully somebody can figure out where things went wrong:

    1. On existing server, I seized all of the roles from the old server that was no longer on line to the existing DC. I then cleaned up the metadata to completely remove any traces of the old server.

    2. I ran adprep32 from the 2008 server disc on the 2003 DC to upgrade the schema. I verified the schema version was correct.

    3.  Joined the new server to the existing domain. Ran Dcpromo on new server and selected additional domain controller for an existing domain, pointed it to the existing domain, told it to replicate over the network, etc. The new server then showed up as a DC in the AD on both machines.

    4. I transferred all FSMO roles to the new server. I verified that all roles were pointed to the new server by running netdom query fsmo and everything pointed to the new server (including the GC, which I checked via the GUI).

    This is where the trouble started. Lucky for us, we decided to test things out on the new server before decommissioning the old server. We unplugged the old server from the network to make sure everything worked as planned. It did not. With the old server unplugged from the network, we were not able to open AD users and computers on the new server. Once we plugged the old server back in, things went back to normal. So obviously something was still pointing to the existing 2003 server. Another tech that was onsite that day suggested that we run the metadata cleanup on the new server to remove traces of the old 2003 server. This did not work, and we could still not get into AD on it.

    So what we ended up doing was to back everything out. We unplugged the new server, plugged in the old server, seized the roles back on to the old server, ran through the metadata cleanup on the old server to remove traces of the new server, and verified that the workstations could still log in, which they could. We were back to square one.

    So it appears that somewhere a step was missed, or something didn't work correctly. I retraced all of the articles and steps provided by everyone here and thought that I was all set to go. Hopefully someone here can figure out where things went wrong and I can try to correct things.

    One question I do have is, does it make a difference if you join the new server to the existing domain the traditional way, or does it have to be joined when running Dcpromo on the new server?

    I appreciate all of the help, and look forward to your replies.

    Thanks, Bill

    Monday, September 19, 2011 7:28 PM
  • hi,

    Check the Lan Properties(ncpa.cpl) 2008 server should be a DNS and it should point to itself.

    Could you please provide me ipconfig /all from both the servers(2008 / 2003)


    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, September 20, 2011 2:00 AM
  • Hi,

    can you explain your DNS Config when you did these steps.

     

    !!! And you have only perform a metadata cleanup when the demotion of the domain controller was unsuccessfull or forced via dcpromo /forceremoval (http://support.microsoft.com/kb/332199/en-us) !!!


    Martin Forch
    Tuesday, September 20, 2011 6:06 AM
  • Below are the IPconfig's for both servers. I changed the names in them to make it easier to understand. When I joined the new server to the domain, I had its primary DNS set to the old server that has the AD (10.0.0.11), and after we unplugged the existing server, I had changed the primary to itself (10.0.0.9), and that was when the trouble began. Our initial thought was that it was a DNS problem that was keeping AD from opening up on the new server once we unplugged the old one, but we couldn't figure out why. The existing server is set up as a DNS server, and obviously when I installed AD on the new server, it installed DNS and it appears that all of the records replicated to the new server. 

    I reinstalled AD on the new server this afternoon, and when I run repadmin /showreps, it shows that everything is successful and has current times from when it last attempted it. 

    One thing I did find in the event log on the existing server is id# 1126 that it can't contact the global server. I have verified that the new 2008 server is configured as a global server, and have gone through the troubleshooting steps, but haven't gotten that resolved yet. Although the error hasn't appeared now in over 9 hours. I'm not sure how often it will show up.

    Thanks for the help and time. I look forward to your responses. Bill 

    EXISTING SERVER

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : exist-server
       Primary Dns Suffix  . . . . . . . : hq.existdomain.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : hq.existdomain.com
                                           existdomain.com

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom NetXtreme 5751 Gigabit Controller
       Physical Address. . . . . . . . . : 00-13-20-0A-12-3A
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 10.0.0.11
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 10.0.0.1
       DNS Servers . . . . . . . . . . . : 10.0.0.11
                                           10.0.0.9
                                           64.105.166.122
       Primary WINS Server . . . . . . . : 10.0.0.11

    NEW SERVER

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : new-server
       Primary Dns Suffix  . . . . . . . : hq.existdomain.com
       Node Type . . . . . . . . . . . . : Broadcast
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : hq.existdomain.com

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :   
    Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client) #9
       Physical Address. . . . . . . . . : 78-2B-CB-31-09-E8
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::4cc4:fa25:feba:61%11(Preferred)
       IPv4 Address. . . . . . . . . . . : 10.0.0.9(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 10.0.0.1
       DHCPv6 IAID . . . . . . . . . . . : 242756555
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-D4-D0-59-78-2B-CB-31-09-E8
       DNS Servers . . . . . . . . . . . : ::1
                                           10.0.0.11
                                           10.0.0.9
                                           127.0.0.1

       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.{9D9F5192-CC1B-4BB2-9958-84EAB00DD500}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 12:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tuesday, September 20, 2011 7:26 AM
  • Hi,

    Wait for some more time . The login to new server open dsa.msc and check which server it is connecting.

    http://technet.microsoft.com/en-us/library/cc756476(WS.10).aspx


    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, September 20, 2011 7:31 AM
  • I think I finally got things cleared up. Even though it looked to me that replication was working correctly (when I would type repadmin /showreps, everything said it completed successfully), I did find some events in the File Replication event logs that pointed to a communication problem between the servers. On the new server, I was getting:

    event ID 13508: The File Replication Service is having trouble enabling replication from OLDSERVER to NEWSERVER for c:\windows\sysvol\domain using the DNS name oldserver.hq.domainname.com. FRS will keep retrying. 

    Also, on the new server, when I typed net share to view the shares, the SYSVOL directory was not showing up as a share. After doing some research, I reset the FRS BurFlags on both servers (D4 on existing, D2 on new), and when I restarted FRS, I now get:

    event ID 13516: The File Replication Service is no longer preventing the computer NEWSERVER from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL. Type "net share" to check for the SYSVOL share.

    And now when I type net share on the new server, it shows the scripts directory and the SYSVOL directories are shared.

    I'm going to monitor the event logs on both server for the next day or so to see if anything else out of the ordinary pops up, but I'm feeling really good right now that I should be able to transfer the rolls to the new server and decommission the old server with no issues.

    I'm interested if anybody has any other insights or does it look like I'm good to go at this point?

    Thanks, Bill

    Thursday, September 22, 2011 4:13 AM
  • Sysvol and netlogon share contains scripts and GPO's, so it is mandatory for the DC to have sysvol and netlogon share without sysvol and netlogon share DC will not advertise itself as an DC.

    You can monitor everything and once all is fine demote the windows 2003 DC using dcpromo or dcpromo /forceremoval followed by metadata cleanup.

    Metadata Cleanup of a Domain controller

    http://awinish.wordpress.com/2011/05/08/metadata-cleanup-of-a-domain-controller/

     

    Regards  


    Awinish Vishwakarma

    MY BLOG:  awinish.wordpress.com


    This posting is provided AS-IS with no warranties/guarantees and confers no rights.
    Thursday, September 22, 2011 8:37 AM
    Moderator
  • Awinish,

    Thanks for the reply. That's kind of what I had just figured out. So my question is, now that the SYSVOL is finally shared on the new server, do you think that when I transfer all of the FSMO roles to it, and shut down the existing server as a test (before I demote it), that I should not have the problems that I had before (see post from the other day) which was that when the existing server was shut down, I could not get into AD on the new server.

    Thanks, Bill

    Thursday, September 22, 2011 4:32 PM
  • No, you should not have problem shutting down 2003 server, make sure client who has been pointed to windows 2003 server for DNS should be pointed to new DC and you are good to go now.

     

    Regards  


    Awinish Vishwakarma

    MY BLOG:  http://awinish.wordpress.com
    This posting is provided AS-IS with no warranties/guarantees and confers no rights.
    Friday, September 23, 2011 5:33 AM
    Moderator