Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Installing New Server

  • 13-03-2006 2:43pm
    #1
    Registered Users, Registered Users 2 Posts: 29,088 ✭✭✭✭


    Hey all,

    Currently in work we have a single HP server running 2000 Server (it's a small place :)). Now, in the next week or so I hope to buy a new IBM X-Series box and load 2003 onto it and eventually run both together to share the workload.

    So what I was hoping to do is setup the new machine as an additional DC, let it replicate the account settings etc from the original server, copy all the data and install the apps, and then I can wipe that first machine (as it was originally upgraded from NT so badly needs it) and set it back up as a mail/print server only.

    My question so is whether 2003 will correctly replicate from 2000, or if there's anything I've missed in the above plan.

    Thanks in advance


Comments

  • Registered Users, Registered Users 2 Posts: 816 ✭✭✭Cryos


    Kaiser2000 wrote:
    Hey all,

    Currently in work we have a single HP server running 2000 Server (it's a small place :)). Now, in the next week or so I hope to buy a new IBM X-Series box and load 2003 onto it and eventually run both together to share the workload.

    So what I was hoping to do is setup the new machine as an additional DC, let it replicate the account settings etc from the original server, copy all the data and install the apps, and then I can wipe that first machine (as it was originally upgraded from NT so badly needs it) and set it back up as a mail/print server only.

    My question so is whether 2003 will correctly replicate from 2000, or if there's anything I've missed in the above plan.

    Thanks in advance

    Just make sure when you set your second 2003 dc as an additional domain controler for your domain (presuming you running active directory) that the mode does support Windows 2000 towers (Mixed mode i think ? or is that NT PDCS/BDCS ?)

    one way to test if your replication has worked properly is to turn off the 2000 box, and see if people can log in and get their loginscripts/drive mappings off the new box, if so hey presto its worked. Wipe your 2000 machine install your stuff yada yada....

    If your going with 2003 on your hp server change your dc's mode to the highest mode (if your running 2003 servers and xp clients).


  • Registered Users, Registered Users 2 Posts: 11,987 ✭✭✭✭zAbbo


    Nice little project to cut your teeth with. I done something similar around 2 years back, My advice - read and re-read as much info on the install as possible and doucment every setting you make. It means you have a handy log book of the new DC setup.

    There are various tools that let you see what roles the old server is playing in the domain.

    Best of luck


  • Closed Accounts Posts: 60 ✭✭EasyFold


    Yes, I think I can't agree more with the previous post. You have to determine all task being done by the current server before anything is wiped. I assume you'll have a cooldown period for the swing server before you wipe it. You know, but remember to make sure you also transfer the FSMO roles to the new server.

    Are you going to use Director for the RAID config etc?


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,559 Mod ✭✭✭✭Capt'n Midnight


    Other options - you'd need to ask others about the pros and cons

    Another approach would be to install 2000 on the new server. When it can support the domain by itself you can upgrade it to 2003.

    Setup 2003 on a seperate domain.
    Use CSVDE to export the old domain to a CVS (text file) edit it in Excel with new domain settings and re-import. You'd have to recreate the groups and shares and printers and shares again. If you've tweaked ADS a lot then not really an option, more for when your 2000 setup is a bit flakey and you don't want to inherit any dodgy stuff.


  • Registered Users, Registered Users 2 Posts: 816 ✭✭✭Cryos


    Other options - you'd need to ask others about the pros and cons

    Another approach would be to install 2000 on the new server. When it can support the domain by itself you can upgrade it to 2003.

    Setup 2003 on a seperate domain.
    Use CSVDE to export the old domain to a CVS (text file) edit it in Excel with new domain settings and re-import. You'd have to recreate the groups and shares and printers and shares again. If you've tweaked ADS a lot then not really an option, more for when your 2000 setup is a bit flakey and you don't want to inherit any dodgy stuff.

    Once again capt'n midnight you have outdone yourself :) However i suspect that our budding server admin may not be ready for playing with csv files.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 29,088 ✭✭✭✭_Kaiser_


    Thought I'd just post an update... might be useful to someone :)

    After finally getting the new server, I tried adding it as an additional DC without success. The errors (and a bit of reading) told me I'd need to prepare the 2000-based Forest/Domain first using the "adprep" command from the 2003 SP1 disc.

    So, after successfully running both "adprep /forestprep" and "adprep /domainprep /gpprep" on the 2000 box, I tried agin to promote the 2003 server as an additional DC.

    This time I got an error telling me that it "failed to modify the necessary properties for the machine account - access denied", even though I was trying to do so with Domain Admin credentials.

    Microsoft's suggested fix (under Article 232070) of editing the DC OU Group policy permissions to allow the "delegation privilege" right failed to resolve it.
    Although not recommended, following the advice here and editing the Domain policy itself to allow delegation DID resolve the issue, allowing me to successfully add my shiny new 2003 SP1 server as an additional DC on our network.

    So all's well that ends well :D


  • Closed Accounts Posts: 152 ✭✭YoYOPowder


    Kaiser2000 wrote:
    Thought I'd just post an update... might be useful to someone :)

    After finally getting the new server, I tried adding it as an additional DC without success. The errors (and a bit of reading) told me I'd need to prepare the 2000-based Forest/Domain first using the "adprep" command from the 2003 SP1 disc.

    So, after successfully running both "adprep /forestprep" and "adprep /domainprep /gpprep" on the 2000 box, I tried agin to promote the 2003 server as an additional DC.

    This time I got an error telling me that it "failed to modify the necessary properties for the machine account - access denied", even though I was trying to do so with Domain Admin credentials.

    Microsoft's suggested fix (under Article 232070) of editing the DC OU Group policy permissions to allow the "delegation privilege" right failed to resolve it.
    Although not recommended, following the advice here and editing the Domain policy itself to allow delegation DID resolve the issue, allowing me to successfully add my shiny new 2003 SP1 server as an additional DC on our network.

    So all's well that ends well :D

    Well done. You probably just needed Enterprise admin rights. Just remember, and you may already know from previous posts. Make sure all FSMO roles are now moved to the newly installed Server. Make sure users can authenticate, i.e. turn off old server for a while then get them to logon, or simply go to a command prompt from some users and type 'echo %logonserver%'. Once you are sure they can logon, you must gracefully remove the old server fro AD, not simply wipe it. Do this using dcpromo on the old server ;)


  • Registered Users, Registered Users 2 Posts: 3,464 ✭✭✭jamesd


    Yep once you get dcpromo'ed and the 5 FSMO roles over your grand - Microsoft have a software utility that can copy folders/files from one server to another and also keep the shares and the rights intact for the new server so if you need that just ask and i'll locate it.


  • Registered Users, Registered Users 2 Posts: 651 ✭✭✭sirlinux


    Microsoft have a handy little printer migrator that will backup all your printers as well and restore them to another machine, share names and all. As said above your half way there, just hop over all your FSMO roles and thats it, if you want a nice clean finish run dcpromo on the 2000 server to take it back to member status then delete the computer account when you retire it, deleting a DC after it's gone is messy.


  • Registered Users, Registered Users 2 Posts: 3,464 ✭✭✭jamesd


    @sirlinux - Can you point me at the tool for the printer's backup? Sounds handy


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 651 ✭✭✭sirlinux




  • Closed Accounts Posts: 152 ✭✭YoYOPowder


    jamesd wrote:
    @sirlinux - Can you point me at the tool for the printer's backup? Sounds handy
    Use this myself, very handy. Just one thing to remember though, you need to disable Kernal mode driver blocking in your Default GP to allow a restore of the printers. It'll work a treat then, but otherwise will fail.;)


  • Registered Users, Registered Users 2 Posts: 651 ✭✭✭sirlinux


    YoYOPowder wrote:
    Use this myself, very handy. Just one thing to remember though, you need to disable Kernal mode driver blocking in your Default GP to allow a restore of the printers. It'll work a treat then, but otherwise will fail.;)


    Yep since 3.1 it tells you this when you try to migrate, It's easiest to do this in a group policy.


Advertisement