PDA

View Full Version : What is the best way to migrate Server 2003 to 2008?


Majestic
09-23-2011, 08:01 PM
I've got a server running Windows server 2003. We are going to bring in a new Server running Windows Server 2008 standard. The plan is to make 2003 a member server running an active directory backup as well as a printer server role. Exchange is not involved.

The current server has 600 gigs of data with various folder permissions. It also has a Kixstart script for synchronization.

I'm not sure if we have to a) Reinstall the 2003 server fresh? (a lot more hours and time and $$$ for the client) b) Can we synchronize Server 2003 to 2008 easily? C) Can we just copy the 600 gigs to an external drive then recopy all data to the new server while retaining proper permissions?

What are some issues I might come across?

Can I just copy the data from 2003 to 2008 then wipe it off the first server. Can we JUST synchronize AD or Does Active directory have to be recreated on 2008? Does it carry over problems?

Any help would be greatly appreciated.

Thanks

Majestic

seedubya
09-23-2011, 08:30 PM
Invest in a migration kit from SBSMigration.com - Jeff Middleton's site. You will not regret it. It's expensive but bloody brilliant. I would not attempt such a migration without his tools. I do them so seldom that I need the support.

Frank
09-23-2011, 10:14 PM
Just google Windows Server 2003 to 2008 migration. There are straight forward guides out there. I've done plenty without any problems.

NETWizz
09-23-2011, 11:06 PM
I've got a server running Windows server 2003. We are going to bring in a new Server running Windows Server 2008 standard. The plan is to make 2003 a member server running an active directory backup as well as a printer server role. Exchange is not involved.

The current server has 600 gigs of data with various folder permissions. It also has a Kixstart script for synchronization.

I'm not sure if we have to a) Reinstall the 2003 server fresh? (a lot more hours and time and $$$ for the client) b) Can we synchronize Server 2003 to 2008 easily? C) Can we just copy the 600 gigs to an external drive then recopy all data to the new server while retaining proper permissions?

What are some issues I might come across?

Can I just copy the data from 2003 to 2008 then wipe it off the first server. Can we JUST synchronize AD or Does Active directory have to be recreated on 2008? Does it carry over problems?

Any help would be greatly appreciated.

Thanks

Majestic


Asking these questions means you should probably learn a lot more before attempting this work as it has the potential to create a great deal of down-time.


1. It is not best-practice to make your Active Directory Domain Controllers file servers. Yeah; I know they host a special SYSVOL share... but it is not good to have it doing other tasks.

2. Avoid Server 2008 Standard and go with Server 2008 R2 Standard unless you can't run 64-bit in which case, you wouldn't be able to run Server 2008 R2.

3. Never used KIXSTART, but that seems crazy to me as it is NOT an industry standard. I would personally ONLY use VB Script (i.e. wscript) or now PowerShell. This doesn't mean there is anything wrong with KIXSTART though... just that I don't know enough about it to help you, and I currently have no interest in finding out more about it.

** If you can tell me exactly what this script does, I could probably find you a comparable VBScript to do the exact same thing.

4. Active Directory is (easy peasey... piece of cake)... DO take a System-State backup, but you will not need it if you do things right. :D Whatever you do, DO NOT Backup/Restore it! Instead, just
1.) Install Server 2008 R2
2.) Set a Static IP Address (in the proper subnet, OUTSIDE the DHCP Scopes)
Obviously, you should set: IP, Subnet Mask, Gateway, DNS1, DNS2..., & the DNS Suffix, too! You had best select "Register this connection's addresses in DNS" This will probably happen when you join the domain anyway. :D
3.) Pre-stage the computer object for it in DOMAIN\Domain Controllers (optional)... then join it to the Active Directory domain as a member server.
4.) Verify the Object by ensuring the OS fields and DNS Name populated indicating both the server & Active Directory agree this new server has joined the domain.
5.) If you didn't pre-stage the object, then move the object from DOMAIN\Computers to DOMAIN\Domain Controllers
6.) Check your existing DNS server(s) to ensure they are using Active Directory Integrated Zones... If not, migrate the zones.
7.) Check that the reverse zones are setup and working too! i.e. nslookup [ip_address] should give you the name.
8.) Look in Active Directory Site's and Services to verify the Active Directory SITE the current Domain Controller(s) is/are in. I.e. Make Certain the IP Address sub-nets are configured correctly for the current network, so the computers know which Domain Controller(s) are close. Make sure you don't have any broken/abandoned Domain Controllers while you are in there.... if you do, clean them up.

9. From a Client Computer in the Domain, or your just added member server, at the command prompt type: c:\blah blah blah>set L It will display LOGONSERVER=\\SERVERNAME That should be a Domain Controller in the current Active Directory Site.

You can make a VB Script like this (saved as a .vbs):
Set objADSysInfo = CreateObject("ADSystemInfo")
WScript.echo objADSysInfo.SiteName

It WILL display the Active Directory SITENAME the server is in. Obviously, it has best be in a SITE that the Domain Controller(s) on the local LAN service. If it is all screwed up, you could be authenticating against a Domain Controller on the other side of the world instead of the one 5 feet away in the same room! :D

10. Check Replication with REPLMON

**** If you have ANY problems with Active Directory, fix them with ntdsutil before proceeding. If you have any Domain Controllers that were not properly demoted or failed, this utility MUST be used clean up any broken domain controllers to remove all their links and connections... (until you get to 2008 where this functionality for deleting failed Domain Controllers is built in)


Make sure you have the Latest Service Pack installed (also on all pre-exiting Domain Controllers). You should run Windows/Microsoft Update, too!

***********************************************

11. Install Active Directory on the new, Member Server. DO NOT take Active Directory off the current, running Domain Controller Yet! or you WILL have a very angry customer!!!

** Terminology: Once you Install Active Directory, your Member Server now is called a Domain Controller. It is no longer serving the role of Member Server.

Installation of Active Directory:
12. You want to select "An additional Domain Controller for an existing Domain." DO NOT select "Domain Controller for New Domain"...Your customer doesn't want a new domain, child domain, or a new forest.:D

13. Now, you enter the username, password, and domain of someone who has enough rights to install a Domain Controller. Obviously, this person must be a Domain Admin. If you were doing something else like creating a new Domain, you would need to be an Enterprise Admin. :D *If it says wrong password, that is obvious. If it says "The Domain Controller Cannot be Contacted" you typed the domain wrong. Another possibility is that it could not locate an SRV record for _ldap._tcp.dc._msdcs.customerdomain.com. You MUST specify DNS servers that host Active Directory Integrated Zones when configuring the network adapter above... A caching DNS server i.e. Cisco ASA firewall would NOT have the appropriate SRV records, so this would fail.

14. Now, you are going to be asked to browse for the Domain... Yeah; I know you just typed it... but click browse and click it with a your mouse.

15. Do NOT change the Database or Logs folder where it will install the Active Directory Database... it will usually default to C:\WINDOWS\SYSVOL (Perfect)

16. Confirm the location of SYSVOL and DO NOT even think about messing with its rights, or share settings if you want Active Directory Replication to work. I.e. Just click Next (don't touch anything and you will be fine).

17. Set the Active Directory Restore Password...

*********************************************

18. Verification... Verify ntds.dit was created in the C:\Windows\SYSVOL folder on the Domain Controller.

19. Verify the NETLOGON & SYSVOL shares exist on the Domain Controller

20. Verify the presence of the SRV records, so it is discoverable by client computers.

21. Open Active Directory Sites and Services and make sure this Domain Controller IS in the proper SITE & that it has NTDS Settings. :D

22. Make sure you check "Global Catalog" if you actually want this Domain Controller to have its own copy of the Active Directory Database.

23. Check Replication with REPLMON (the Active Directory Replication Monitor). You can force replication right in Active Directory Sites and Services by Right-Clicking on the NTDS Settings of the newly promoted Domain Controller and selecting "Replicate Now."

24. Now, Open Active Directory Users and Computers and specifically connect the console to your other Domain Controller. It should show ALL the objects. Any changes you make to either Domain Controller should replicate to all other Domain Controllers in the Domain. You can simply connect to another one and keep refreshing then checking the properties of an object you change if you want. Eventually, you WILL see your change.


********************************
DO NOT DEMOTE or REMOVE the EXISTING DOMAIN CONTROLLER(s) YET
********************************

25 Where are the computers getting their DNS servers from? If that is the ONLY DNS server, you would really mess up the network.

26. You can easily setup your new Domain Controller as a DNS server... just check the DNS box and tell it to use an Active Directory Integrated Zone... It should automatically replicate ALL the DNS information from the other DNS servers.

27. Okay, so you have at least two (2) DNS servers... If not, you made your new server a DNS server... Great! How will the work stations know?
A: You must configure DHCP to push out your other DNS server(s). If it is only pushing one (1) DNS server IP address to the workstations, then you take down that DNS server... they are going to hate you when everything quits working! Simply put, setup DHCP to push out your new server's DNS info...

28. At a client/workstation IPCONFIG /RELEASE then IPCONFIG /RENEW... (maybe just the renew). It had better pickup the IP Address of your other DNS server and show that when you do IPCONFIG /ALL

29. Verify NSLOOKUP queries to the new DNS server(s) work. If the computers can't find DNS, nothing will work.

Note: You really should have the box checked for Dynamic DNS, so DHCP updates DNS with each computer's IP address and DNS Name automatically & dynamically! You should probably also setup DNS Scavenging. :D


30. Where is your DHCP server? If you take down the existing Domain Controller and it provided DHCP... As soon as you leave and they reboot a computer they will all start getting 169.254... auto_ip addresses and not work for anything! If this is your DHCP server... You will need to set that up on another server and check the DHCP scopes...


31. Now, if you want to take down the Other Domain Controller, you MUST make sure it is not hosting any Operations Masters (i.e. FSMO roles). You can run c:\> netdom query fsmo.

It will tell you which domain controller hosts the PDC Emulator Role (needed for time sync, to logon, by Kerberos, for security, etc.); it will tell you which Domain Controller hosts the RID Master (Needed to create groups etc. This is responsible for assigning GUIDs to objects... Without it, you won't be able to create things like groups!). It will tell you which server hosts the Domain Naming Master (needed to add/remove Domain Controllers and/or Domains)... The Infrastructure Master compares objects... This should actually reside on a Domain Controller that doesn't have a Global Catalog unless ALL Domain Controllers have a Global Catalog. The Schema Master is needed to extend schema... etc.

The point I am making is that there are Operations Masters on the old Domain Controller, you MUST transfer them before removing the old Domain Controller! (yeah, you can SEIZE the masters, but you don't want to have to do that emergency procedure)...

Just read this:
http://support.microsoft.com/kb/324801


Now that your original Domain Controller server is not needed to do DHCP, it is not the only locatable DNS server, it is not the only server with a Global Catalog, it does not have ANY Operations Masters, you can remove it. BUT DON'T JUST YANK IT.

You must remove Active Directory Domain Services from it.. I.e. Start > Run > DCPROMO on the 2003 box and tell it you wish to Uninstall Active Directory. It will remove its mess from LDAP, DNS etc... and tidy up. Before you do this, shut it down and make sure EVERYTHING works!

****************************************
Now that you succeeded in replacing the Active Directory Domain Controller with No Downtime or Hickups:
****************************************


Your new 2008 R2 Domain Controller is STILL running in Mixed-Mode with a 2003 Function Level.

In Active Directory Users and Computers, do a search for ALL Domain Controllers! Make sure they are ALL running the SAME OS i.e. Server 2008 R2.

Raise the function Level from 2003 to 2008 Function Level... Change it to operate in Native Mode. After you do this, you will NEVER be able to add another 2003 Domain Controller to this domain again! But you get the new, fancy features.:D

Majestic
09-26-2011, 03:17 PM
NetWizz: Thank you SO much for taking the time to give me these instructions. As for what the kix script does, it basically maps all necessary shares, the nas and printers, and pushes a system scheduler event on logon. On logoff it backups the desktop, all email, favourites, documents and other settings to the server in the users particular profile.

I will be reading your instructions over very carefully and try in a test situation before doing it live for my client.

The environment by the way is 1 server running 2003, and about 20 workstations. I was referring to 2008 Server Standard R2 as well. The server at the moment takes care of dns, dhcp, active directory and is a file server as well. It is working quite well, but now is time to upgrade and create some redundancy.

Regards,

Majestic



Asking these questions means you should probably learn a lot more before attempting this work as it has the potential to create a great deal of down-time.


1. It is not best-practice to make your Active Directory Domain Controllers file servers. Yeah; I know they host a special SYSVOL share... but it is not good to have it doing other tasks.

2. Avoid Server 2008 Standard and go with Server 2008 R2 Standard unless you can't run 64-bit in which case, you wouldn't be able to run Server 2008 R2.

3. Never used KIXSTART, but that seems crazy to me as it is NOT an industry standard. I would personally ONLY use VB Script (i.e. wscript) or now PowerShell. This doesn't mean there is anything wrong with KIXSTART though... just that I don't know enough about it to help you, and I currently have no interest in finding out more about it.

** If you can tell me exactly what this script does, I could probably find you a comparable VBScript to do the exact same thing.

4. Active Directory is (easy peasey... piece of cake)... DO take a System-State backup, but you will not need it if you do things right. :D Whatever you do, DO NOT Backup/Restore it! Instead, just
1.) Install Server 2008 R2
2.) Set a Static IP Address (in the proper subnet, OUTSIDE the DHCP Scopes)
Obviously, you should set: IP, Subnet Mask, Gateway, DNS1, DNS2..., & the DNS Suffix, too! You had best select "Register this connection's addresses in DNS" This will probably happen when you join the domain anyway. :D
3.) Pre-stage the computer object for it in DOMAIN\Domain Controllers (optional)... then join it to the Active Directory domain as a member server.
4.) Verify the Object by ensuring the OS fields and DNS Name populated indicating both the server & Active Directory agree this new server has joined the domain.
5.) If you didn't pre-stage the object, then move the object from DOMAIN\Computers to DOMAIN\Domain Controllers
6.) Check your existing DNS server(s) to ensure they are using Active Directory Integrated Zones... If not, migrate the zones.
7.) Check that the reverse zones are setup and working too! i.e. nslookup [ip_address] should give you the name.
8.) Look in Active Directory Site's and Services to verify the Active Directory SITE the current Domain Controller(s) is/are in. I.e. Make Certain the IP Address sub-nets are configured correctly for the current network, so the computers know which Domain Controller(s) are close. Make sure you don't have any broken/abandoned Domain Controllers while you are in there.... if you do, clean them up.

9. From a Client Computer in the Domain, or your just added member server, at the command prompt type: c:\blah blah blah>set L It will display LOGONSERVER=\\SERVERNAME That should be a Domain Controller in the current Active Directory Site.

You can make a VB Script like this (saved as a .vbs):
Set objADSysInfo = CreateObject("ADSystemInfo")
WScript.echo objADSysInfo.SiteName

It WILL display the Active Directory SITENAME the server is in. Obviously, it has best be in a SITE that the Domain Controller(s) on the local LAN service. If it is all screwed up, you could be authenticating against a Domain Controller on the other side of the world instead of the one 5 feet away in the same room! :D

10. Check Replication with REPLMON

**** If you have ANY problems with Active Directory, fix them with ntdsutil before proceeding. If you have any Domain Controllers that were not properly demoted or failed, this utility MUST be used clean up any broken domain controllers to remove all their links and connections... (until you get to 2008 where this functionality for deleting failed Domain Controllers is built in)


Make sure you have the Latest Service Pack installed (also on all pre-exiting Domain Controllers). You should run Windows/Microsoft Update, too!

***********************************************

11. Install Active Directory on the new, Member Server. DO NOT take Active Directory off the current, running Domain Controller Yet! or you WILL have a very angry customer!!!

** Terminology: Once you Install Active Directory, your Member Server now is called a Domain Controller. It is no longer serving the role of Member Server.

Installation of Active Directory:
12. You want to select "An additional Domain Controller for an existing Domain." DO NOT select "Domain Controller for New Domain"...Your customer doesn't want a new domain, child domain, or a new forest.:D

13. Now, you enter the username, password, and domain of someone who has enough rights to install a Domain Controller. Obviously, this person must be a Domain Admin. If you were doing something else like creating a new Domain, you would need to be an Enterprise Admin. :D *If it says wrong password, that is obvious. If it says "The Domain Controller Cannot be Contacted" you typed the domain wrong. Another possibility is that it could not locate an SRV record for _ldap._tcp.dc._msdcs.customerdomain.com. You MUST specify DNS servers that host Active Directory Integrated Zones when configuring the network adapter above... A caching DNS server i.e. Cisco ASA firewall would NOT have the appropriate SRV records, so this would fail.

14. Now, you are going to be asked to browse for the Domain... Yeah; I know you just typed it... but click browse and click it with a your mouse.

15. Do NOT change the Database or Logs folder where it will install the Active Directory Database... it will usually default to C:\WINDOWS\SYSVOL (Perfect)

16. Confirm the location of SYSVOL and DO NOT even think about messing with its rights, or share settings if you want Active Directory Replication to work. I.e. Just click Next (don't touch anything and you will be fine).

17. Set the Active Directory Restore Password...

*********************************************

18. Verification... Verify ntds.dit was created in the C:\Windows\SYSVOL folder on the Domain Controller.

19. Verify the NETLOGON & SYSVOL shares exist on the Domain Controller

20. Verify the presence of the SRV records, so it is discoverable by client computers.

21. Open Active Directory Sites and Services and make sure this Domain Controller IS in the proper SITE & that it has NTDS Settings. :D

22. Make sure you check "Global Catalog" if you actually want this Domain Controller to have its own copy of the Active Directory Database.

23. Check Replication with REPLMON (the Active Directory Replication Monitor). You can force replication right in Active Directory Sites and Services by Right-Clicking on the NTDS Settings of the newly promoted Domain Controller and selecting "Replicate Now."

24. Now, Open Active Directory Users and Computers and specifically connect the console to your other Domain Controller. It should show ALL the objects. Any changes you make to either Domain Controller should replicate to all other Domain Controllers in the Domain. You can simply connect to another one and keep refreshing then checking the properties of an object you change if you want. Eventually, you WILL see your change.


********************************
DO NOT DEMOTE or REMOVE the EXISTING DOMAIN CONTROLLER(s) YET
********************************

25 Where are the computers getting their DNS servers from? If that is the ONLY DNS server, you would really mess up the network.

26. You can easily setup your new Domain Controller as a DNS server... just check the DNS box and tell it to use an Active Directory Integrated Zone... It should automatically replicate ALL the DNS information from the other DNS servers.

27. Okay, so you have at least two (2) DNS servers... If not, you made your new server a DNS server... Great! How will the work stations know?
A: You must configure DHCP to push out your other DNS server(s). If it is only pushing one (1) DNS server IP address to the workstations, then you take down that DNS server... they are going to hate you when everything quits working! Simply put, setup DHCP to push out your new server's DNS info...

28. At a client/workstation IPCONFIG /RELEASE then IPCONFIG /RENEW... (maybe just the renew). It had better pickup the IP Address of your other DNS server and show that when you do IPCONFIG /ALL

29. Verify NSLOOKUP queries to the new DNS server(s) work. If the computers can't find DNS, nothing will work.

Note: You really should have the box checked for Dynamic DNS, so DHCP updates DNS with each computer's IP address and DNS Name automatically & dynamically! You should probably also setup DNS Scavenging. :D


30. Where is your DHCP server? If you take down the existing Domain Controller and it provided DHCP... As soon as you leave and they reboot a computer they will all start getting 169.254... auto_ip addresses and not work for anything! If this is your DHCP server... You will need to set that up on another server and check the DHCP scopes...


31. Now, if you want to take down the Other Domain Controller, you MUST make sure it is not hosting any Operations Masters (i.e. FSMO roles). You can run c:\> netdom query fsmo.

It will tell you which domain controller hosts the PDC Emulator Role (needed for time sync, to logon, by Kerberos, for security, etc.); it will tell you which Domain Controller hosts the RID Master (Needed to create groups etc. This is responsible for assigning GUIDs to objects... Without it, you won't be able to create things like groups!). It will tell you which server hosts the Domain Naming Master (needed to add/remove Domain Controllers and/or Domains)... The Infrastructure Master compares objects... This should actually reside on a Domain Controller that doesn't have a Global Catalog unless ALL Domain Controllers have a Global Catalog. The Schema Master is needed to extend schema... etc.

The point I am making is that there are Operations Masters on the old Domain Controller, you MUST transfer them before removing the old Domain Controller! (yeah, you can SEIZE the masters, but you don't want to have to do that emergency procedure)...

Just read this:
http://support.microsoft.com/kb/324801


Now that your original Domain Controller server is not needed to do DHCP, it is not the only locatable DNS server, it is not the only server with a Global Catalog, it does not have ANY Operations Masters, you can remove it. BUT DON'T JUST YANK IT.

You must remove Active Directory Domain Services from it.. I.e. Start > Run > DCPROMO on the 2003 box and tell it you wish to Uninstall Active Directory. It will remove its mess from LDAP, DNS etc... and tidy up. Before you do this, shut it down and make sure EVERYTHING works!

****************************************
Now that you succeeded in replacing the Active Directory Domain Controller with No Downtime or Hickups:
****************************************


Your new 2008 R2 Domain Controller is STILL running in Mixed-Mode with a 2003 Function Level.

In Active Directory Users and Computers, do a search for ALL Domain Controllers! Make sure they are ALL running the SAME OS i.e. Server 2008 R2.

Raise the function Level from 2003 to 2008 Function Level... Change it to operate in Native Mode. After you do this, you will NEVER be able to add another 2003 Domain Controller to this domain again! But you get the new, fancy features.:D

Majestic
09-26-2011, 03:18 PM
Invest in a migration kit from SBSMigration.com - Jeff Middleton's site. You will not regret it. It's expensive but bloody brilliant. I would not attempt such a migration without his tools. I do them so seldom that I need the support.

It is a bit pricy. I could hire a tech with experience doing this for the same kind of money I'm thinking, but it is a consideration.

Thanks for the tip I'll think about that.

Majestic

NETWizz
09-26-2011, 05:29 PM
Nah... This is simple stuff. The only time-consuming part should be the file copy.

You can use something like this for free:
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=10268

You could simply use RoboCopy on all the shares.

Just make sure when you are done the file server has the same name (tough it is is a Domain Controller), the same shared names, the same shared permissions...

Then RoboCopy the data to preserve the NTFS rights:

For example:
Source: \\previousserver\sharename\
Dest: D:\sharename

Then, I use these options /V /S /E /COPYALL /ZB /NP /R:10 /W:30 via RoboCopy Gui.

NETWizz
09-26-2011, 05:34 PM
As for the Kix Start script, I would get rid of it.

Instead, consider using Folder Redirection or Roaming User Profiles. If you are going to do backup, try something like Microsoft's Data Protection Manager - you can always install the agent on ALL 20 workstations.

For the printers, you can use Document and Print Services. Heck, you can even push them out with Group Policy Preferences and setup WSUS while you are there... to get the client installed on all the computers & keep them up to date.

Majestic
09-26-2011, 05:36 PM
Looks like I will definitely use robocopy for this. The file server and the domain controller are the same machine, so therefore the same name. Since we would be changing the role of DC to the new machine, should I leave the old original name on the old server? (i.e. DC1?) and then just call the new server DC2? It'd get confusing I'm thinking...


How long would you guestimate in terms of labour would this take? I was thinking about 26 hours, am I off here? This is for 600 gigs of data and Active Directory with only 20 users, AND the synchronization of all the machines to the new server....

Majestic


Nah... This is simple stuff. The only time-consuming part should be the file copy.

You can use something like this for free:
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=10268

You could simply use RoboCopy on all the shares.

Just make sure when you are done the file server has the same name (tough it is is a Domain Controller), the same shared names, the same shared permissions...

Then RoboCopy the data to preserve the NTFS rights:

For example:
Source: \\previousserver\sharename\
Dest: D:\sharename

Then, I use these options /V /S /E /COPYALL /ZB /NP /R:10 /W:30 via RoboCopy Gui.

NETWizz
09-26-2011, 10:09 PM
Looks like I will definitely use robocopy for this. The file server and the domain controller are the same machine, so therefore the same name. Since we would be changing the role of DC to the new machine, should I leave the old original name on the old server? (i.e. DC1?) and then just call the new server DC2? It'd get confusing I'm thinking...


How long would you guestimate in terms of labour would this take? I was thinking about 26 hours, am I off here? This is for 600 gigs of data and Active Directory with only 20 users, AND the synchronization of all the machines to the new server....

Majestic

I am thinking it will take less than 3 hours to do a direct migration without setting up new stuff like folder redirection, re-doing the logon scripts, etc. That said the file-copy will probably be the slow part doing about 1 Gigabyte per minute between Server 2003 and Server 2008 R2 (SMB1 NOT SMB2 will be used)... IF you have Gigabit networking. (If you don't, use a cross-over cable between the two servers Gigabit is about 6x faster than 100 meg in practice 10x better on paper). Even if the file copy takes 8 hours to transfer 600 Gig (possible if they are small files or slow network/servers), and problems happen... It would NEVER exceed 12 hours... even if you billed for the file copy time (You will probably want to leave and have dinner with the family instead of wait doing nothing)... You could also leave the files on the old server... and use it as a file-server. If they are on another volume, you could simply NOT reformat that volume... :-)

Here are some numbers I got (in the log file from a RoboCopy):

Total Copied Skipped Mismatch FAILED Extras
Dirs : 19209 19208 1 0 0 0
Files : 272888 272885 0 0 3 0
Bytes : 107.413 g 107.412 g 0 0 182.6 k 0
Times : 1:06:59 1:04:11 0:00:00 0:02:48


Speed : 29949023 Bytes/sec.
Speed : 1713.696 MegaBytes/min.


RoboCopy won't display a progress indicator. You simply have to watch it on Task Manager (highlight it) and let it finish... then it drops out of there. You can look at the logs and see the progress if you want. Heck, you can use Trace32 and look at the TAIL of the log and see everything scroll by if it is soothing to you.


Yeah, it would be fine to name the new Domain Controller DC2.

You can leave the old one or change it; it doesn't matter. The thing to watch-out for is share names. i.e. If they were \\dc1\sharename\someapp\apps.exe or something like that and now you have it named different (or a different sharename), you may need to fix all broken shortcuts, drive mappings, or whatever they use.


You won't really need to run the Replication Monitor before you begin because there is only one AD Domain Controller.

I forgot earlier to mention ADPrep. It is in the Support folder on your 2008 R2 media. You should find a KB on how to run AD Prep to extend the schema before promoting your first 2008 R2 Domain Controller!

Basically, there is an executable that gets run with /forrestprep and also /domainprep. You can verify it went well by checking the schema versions & schema revisions of Active Directory...

Basically this changes your domain from 2003 Native Mode to 2008 R2 Mixed Mode still running at a 2003 Function level...


When you are totally done, you should query DNS for the SRV records of the new Domain Controller

Basically it should list both DCs running Kerberos, Global Catelogs, ldap, etc.:
c:\>nslookup -type=srv _kerberos._tcp
c:\>nslookup -type=srv _kerberos._tcp
c:\>nslookup -type=srv _kpasswd._tcp
c:\>nslookup -type=srv _gc._tcp
c:\>nslookup -type=srv _ldap._tcp

Essentially, these services should be ADVERTIZED in DNS. It is also real easy to look in the Forward Lookup Zone for the Domain then look under _tcp and see all these listed in the DNS console.



You MUST keep DNS up & DHCP up (& Active Directory Integrated) at all times or there will be downtime when users can't even logon or find Domain Controllers (even if they are running)... So, make sure these are hosted on the second box before taking down the first one.

You KNOW that all 5 Operations Masters ARE on DC1, which also hosts a Global Catalog being the only Domain Controller in the domain right now... so there is no guessing.

You MUST transfer all of these roles to the new Domain Controller (i.e. DC2) before you discontinue DC1.

NorCal Internet
09-26-2011, 11:38 PM
I second the recommendation (And have posted links to it before in response to similar posts) for Jeff Middleton's kits at SBSmigration.com. Very detailed step-by-step process for various scenerio's of migrations, with support if needed.

You will easily make back what the kit costs with your first migration.

Majestic
09-27-2011, 03:37 AM
I was thinking it would be faster, even though everything is already on gigabit to simply copy from the server to a Sata drive? Then to the new server. Wouldn't that make it a lot faster? Can robocopy retain permissions like that as well?

again, thanks for the help, MUCH appreciated.

Majestic

I am thinking it will take less than 3 hours to do a direct migration without setting up new stuff like folder redirection, re-doing the logon scripts, etc. That said the file-copy will probably be the slow part doing about 1 Gigabyte per minute between Server 2003 and Server 2008 R2 (SMB1 NOT SMB2 will be used)... IF you have Gigabit networking. (If you don't, use a cross-over cable between the two servers Gigabit is about 6x faster than 100 meg in practice 10x better on paper). Even if the file copy takes 8 hours to transfer 600 Gig (possible if they are small files or slow network/servers), and problems happen... It would NEVER exceed 12 hours... even if you billed for the file copy time (You will probably want to leave and have dinner with the family instead of wait doing nothing)... You could also leave the files on the old server... and use it as a file-server. If they are on another volume, you could simply NOT reformat that volume... :-)

Here are some numbers I got (in the log file from a RoboCopy):

Total Copied Skipped Mismatch FAILED Extras
Dirs : 19209 19208 1 0 0 0
Files : 272888 272885 0 0 3 0
Bytes : 107.413 g 107.412 g 0 0 182.6 k 0
Times : 1:06:59 1:04:11 0:00:00 0:02:48


Speed : 29949023 Bytes/sec.
Speed : 1713.696 MegaBytes/min.


RoboCopy won't display a progress indicator. You simply have to watch it on Task Manager (highlight it) and let it finish... then it drops out of there. You can look at the logs and see the progress if you want. Heck, you can use Trace32 and look at the TAIL of the log and see everything scroll by if it is soothing to you.


Yeah, it would be fine to name the new Domain Controller DC2.

You can leave the old one or change it; it doesn't matter. The thing to watch-out for is share names. i.e. If they were \\dc1\sharename\someapp\apps.exe or something like that and now you have it named different (or a different sharename), you may need to fix all broken shortcuts, drive mappings, or whatever they use.


You won't really need to run the Replication Monitor before you begin because there is only one AD Domain Controller.

I forgot earlier to mention ADPrep. It is in the Support folder on your 2008 R2 media. You should find a KB on how to run AD Prep to extend the schema before promoting your first 2008 R2 Domain Controller!

Basically, there is an executable that gets run with /forrestprep and also /domainprep. You can verify it went well by checking the schema versions & schema revisions of Active Directory...

Basically this changes your domain from 2003 Native Mode to 2008 R2 Mixed Mode still running at a 2003 Function level...


When you are totally done, you should query DNS for the SRV records of the new Domain Controller

Basically it should list both DCs running Kerberos, Global Catelogs, ldap, etc.:
c:\>nslookup -type=srv _kerberos._tcp
c:\>nslookup -type=srv _kerberos._tcp
c:\>nslookup -type=srv _kpasswd._tcp
c:\>nslookup -type=srv _gc._tcp
c:\>nslookup -type=srv _ldap._tcp

Essentially, these services should be ADVERTIZED in DNS. It is also real easy to look in the Forward Lookup Zone for the Domain then look under _tcp and see all these listed in the DNS console.



You MUST keep DNS up & DHCP up (& Active Directory Integrated) at all times or there will be downtime when users can't even logon or find Domain Controllers (even if they are running)... So, make sure these are hosted on the second box before taking down the first one.

You KNOW that all 5 Operations Masters ARE on DC1, which also hosts a Global Catalog being the only Domain Controller in the domain right now... so there is no guessing.

You MUST transfer all of these roles to the new Domain Controller (i.e. DC2) before you discontinue DC1.

NETWizz
09-27-2011, 04:57 PM
It is doubtful that a Single SATA drive will be faster considering you have to do two file operations. SATA drives tend to max out at less than 60 MB/sec... some are around 100 MB/sec (sustained). That means the faster ones can probably transfer 6,000 Megabytes per minute, which is about 3x faster than Gigabit.

Something tells me (a gut feeling) that there is still a lot of over-head, so you won't achieve those speeds unless you are moving one large file. Realistically, it is probably closer to twice as fast as Gigabit... Then you still have to copy all the data to the new server loosing any advantage.

It would be much less work to copy all the data over a network cable.

Tony_Scarpelli
10-03-2011, 09:24 AM
NETwizz,

I can see why they call you NETwizz.

Good job!@#$%^&

NETWizz
10-03-2011, 12:43 PM
I should probably mention that copying data from Server 2003 (R2 or not) to Server 2008 (R2 or not) is slower than a copy from Vista/7/2008 (R2 or not) to Vista/7/2008 (R2 or not).

Simply put the protocol used by Microsoft has always been SMB. With Vista and Later (and 2008 and Later) Microsoft added SMB2, which is optimized for today's networks.

That said, obviously Windows 2000/XP/2003 machines can copy data from a Vista/2008/2008 R2/7 machine, but it will negotiate and use SMB instead of SMB2. Similarly, 2000/XP/2003 CANNOT serve data via SMB2.

In other words a 2003 to 2008 (R2 or not) transfer will be done in SMB not SMB2.

SMB is a very chatty with a lot of over-head. It is a connection-oriented network protocol. It basically breaks things up into a lot of small segments and checks them. This protocol comes from the Windows NT days with 10 mbps networks and Thin-net co-ax etc. Back in those days, networks were presumed to be very un-reliable and slow. Hence, SMB would copy a lot of small pieces and check its work on each of the pieces... There would be a LOT of checking and failures. Any failure would simply mean it needs a small amount of data resent.

SMB2 is much less chatty with very little over-head in comparison. It is also connection-oriented and checks every segment. However, there are a lot fewer segments, which are much larger containing a lot more data. If one is bad, it has to resend a LOT more data. That said, today's networks utilize TCP sliding window and nearly always slide to the max if switching equipment and structured cabling are good. Furthermore, Gigabit Ethernet (particularly) almost always supports Jumbo Frames when traffic is on that media type. Instead of having the 1518 byte per frame limit, now Ethernet can switch frames as large as 9000 bytes in the same time... Obviously, being a layer 2 protocol, either SMB or SMB2 are both going to take advantage of Jumbo Frames, but SMB sends such small sequences, they probably won't even fill a jumbo frame.


You get the idea. Suffice it to say SMB2 is much faster by a magnitude of about 4 to 6 times from what i have seen, but it requires two OSes that are Vista/7/2008/2008 R2 or later...


Obviously, a cross-over cable is very reliable and supports the features of the slowest network card.

Tony_Scarpelli
10-03-2011, 10:32 PM
I've not tried to transfer that much data between two servers while 20 clients attempt to do their normal work. What effect would that have on the 20 clients?

I wonder if the direct cable or USB to USB wouldn't be less disruptive?

NETWizz
10-03-2011, 10:49 PM
I've not tried to transfer that much data between two servers while 20 clients attempt to do their normal work. What effect would that have on the 20 clients?

I wonder if the direct cable or USB to USB wouldn't be less disruptive?

Don't do it with other people connected. It will never be fully consistent when you have some apps that put multiple files around.

Simply, change the share permissions to not allow anyone but the admin to read/write to the shares.