Active Directory Migration from 2003 to 2012 Process Flow
We are planning to migrate from Windows Server 2003 AD to Windows server 2012 Server for 6000 Users,
Can any one suggest on Following .
1)What is the Best and Safe Way to do Migration
2) What are the Precautions should take,
3) How much downtime it will take,
4) If migration Failed how we can revert to Earlier
5) How to do Migration Step by Step
Current Environment:
Domain Having One PDC(server 2003 R2) and 8 ADC(Server 2003 R2) in Different Locations
PDC having All FSMO Roles and Global Catalog
Exchange server 2007 was integrated to Active Directory
And some Application are integrated to Active Directory
1) I would recommend you first run a test of the steps in test before you do this in production. Otherwise your production becomes test.
2) By doing in test, you have taken a large amount of the risk out of the upgrade since, in test you should be able to look for any unforseen issues. The easiest way to test is to build a virtual fence from production and clone the DC's and member
servers that you want to test against (This is assuming you are running in a virtual environment). Ensure that you production environment is error free.
http://blogs.dirteam.com/blogs/paulbergson/archive/2009/01/26/troubleshooting-active-directory-issues.aspx
3) There should be no downtime at all, you can just extend the schema and then promote a new 2012 DC (I would recommend R2 if you can).
4) Before you do the schema extension you should take 2 backups on two different DC's. Taking two gives you less of a chance of a problem if one of the backups fails.
5)
Take a backup
Extend the schema
Join the 2012 R2 servers to the domain
Add the ADDS role to the 2012 R2 member servers
Promote the 2012 R2 DC's
Transfer the FSMO roles to the 2012 R2 DC's (Not required but recommended)
If you want to retire the 2003 DC's, then you will need to make sure that any clients pointing to the 2003 DC's for DNS are pointing to other DC's.
If you do retire the 2003 then you can think about updating the DFL and FFL of the domain and forest.
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security, BS CSci
2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
Please no e-mails, any questions should be posted in the NewsGroup.
This posting is provided AS IS with no warranties, and confers no rights.
Similar Messages
-
Windows Migration from 2003 to 2012
Hi,
When I try to complile my vb6 code, it gives me "ActiveX component cannot create object" in half way of compiling. Advice me to get over the error.Hi,
Did you have any migration issue during migration from 2003 to 2012?
There are several causes, for example
The class isn't registered.
A DLL required by the object can't be used, either because it can't be found, or it was found but was corrupted.
For more detail information, you could refer to this article:
http://msdn.microsoft.com/en-us/library/aa231060(v=vs.60).aspx
Meanwhile, the issue is more related to VB6 code issue, so i suggest that you may ask in vb forums for more support:
https://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=vbgeneral
Regards.
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
PKI Migration from 2003 to 2012
Hi,
I need to migrate PKI win 2003 setup to 2012 setup. Currently, I have one Root CA ( w2003) and 2 SubCA (2003) and one Sub CA(2008) and future scenario would be one root (2012) and two Sub CA(2012). PLease let me know how shall we proceed with migration and
key points to look for. I would like to know how to make sure of successful template replication; also how autoenrolled certificates will be migrated. Please suggest.
Also, since there is no enterprise version availabe in 2012, datacentre version will work for me for SUb CA, right ?
ThanksHi
Migrate CA from 2003 to 2012 is almost is the same as to 2012, we can refer the following step by step article first:
How to migrate CA from Server 2003 to Server 2008 R2 – Part III Restore CA on Destination Server
http://blogs.technet.com/b/csstwplatform/archive/2012/04/30/how-to-migrate-ca-from-server-2003-to-server-2008-r2-part-iii-restore-ca-on-destination-server.aspx
More related KB:
AD CS Migration: Preparing to Migrate
http://technet.microsoft.com/en-us/library/ee126102(v=ws.10).aspx
AD CS Migration: Migrating the Certification Authority
http://technet.microsoft.com/en-us/library/ee126140(v=ws.10).aspx
Active Directory Certificate Services Migration Guide
http://technet.microsoft.com/en-us/library/ee126170(v=ws.10).aspx
I’m glad to be of help to you!
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
ADMT 3.2 migration from 2003 to 2012 R2
Hello,
The latest update of ADMT supports AD 2012 (and R2), and I succeed the following migration with ADMT 3.2 :
2003 -> 2008 R2
then
2008 R2 -> 2012 R2
I would like to know if the migration from an AD 2003 to AD 2012 R2 is possible in one step and if someone did that (that means without the 2008 R2 transition's step).
ThanksMigration from an AD 2003 to AD 2012 R2 is possible:
http://technet.microsoft.com/en-us/library/active-directory-migration-tool-versions-and-supported-environments(v=ws.10).aspx
##EDIT###
By the way, as mention in the link above, the updated tool is available to download
here or
here.
Please take a moment to Vote as Helpful and/or Mark as Answer where applicable. Thanks. -
DNS EventID 4015 on PDC since Domain Migration from 2003 R2 = 2012
Hi,
following problem here:
2 Domain Controllers with AD Integrated DNS Zone, migrated from 2003 R2 to 2012. One Single Root Forest.
The Primary Domain Controller shows every 2, 3 or 4 hours the DNS EventID 4015. No further error is available: (which is may emty) "".
Only on the Details pane you can find this Information:
======================================
- System
- Provider
[ Name] Microsoft-Windows-DNS-Server-Service
[ Guid] {71A551F5-C893-4849-886B-B5EC8502641E}
[ EventSourceName] DNS
- EventID 4015
[ Qualifiers] 49152
Version 0
Level 2
Task 0
Opcode 0
Keywords 0x80000000000000
- TimeCreated
[ SystemTime] 2013-12-10T19:48:17.000000000Z
EventRecordID 2456
Correlation
- Execution
[ ProcessID] 0
[ ThreadID] 0
======================================
The Migration was made by the following steps:
Bring Up the first 2012 MigrationDC as 3rd DC to the Domain.
Move the FSMO Roles to the 2012 MigrationDC
DHCP Data migrated with Server Migration Tools, IAS Data with iasmigrader.exe exported
DCPromo DC1 (2003 R2) and Format C:
Install a fresh 2012 Installation on old DC1 an rename it again with the original Name DC1
DHCP Data migrated with Server Migration Tools, IAS Data with iasmigrader.exe exported
DCPromo DC2 (2003 R2) and Format C:
Install a fresh 2012 Installation on old DC2 an rename it again with the original Name DC2
Move Back the FSMO Roles to DC1
DCPromo the first 2012 MigrationDC
Metadata Cleanup for MigrationDC
DCDIAG /V /C Shows no Errors, all works good, the funny Thing is, that only DC1 Shows the DNS EventId 4015 in production evironment. The only exception is, that if you reboot DC1 (i.e. for maintenance, upates etc) than the error appears on DC2. Exactly on
that time, if DC1 is temporarily not availble and DC2 is under "load". If DC1 is back again, the Event 4015 Ends on DC2 and Comes back to DC1!!!
I backupped and restored DC1 and DC2 in an lab Environment, the funny Thing is that the EventID 4015 doesnt appear in lab Environment. The difference between prod and lab is: prod is bare metal with 2 teamed nics, lab is hyper-v vm's with 2 virtual teamed
nics. same IP's etc... DNS NIC Settings are the same.
It Looks like you can only produce the error in the production lab if you have the DC under "load".
This Event was discussed here more than one time in the Forum, but the issues doesnt match 100% to my Problem. No RODC is available in my prod Environment, the EventID 4015 has no further Errors "" in the Eventlog like in other Posts.
Ace Fekays blog :" Using ADSI Edit to resolve conflicting or duplicate AD Integrated Zones" was helpful for metadata cleanup, but it could not fix the EventId 4015 away. Because we had no Problems with disappearing zones...
Maybe Enabling NTDS Verbose Logging in the registry is helpful, but i dont know for what i have to Keep an eye out?
The thread
http://social.technet.microsoft.com/Forums/windowsserver/en-US/c0d3adb4-67d2-470c-97fc-a0a364b1f854/dns-server-error-event-id-4015-after-replacing-domain-controller-with-another-using-same-name?forum=winserverDS seems to match to my Problem, but also no
soulution available...
Any ideas what causes this "ugly" Event without noticable consequences?Zonenname
Typ
Speicher
Eigens
chaf
ten
Cache
AD-Domain
_msdcs.our-domain-name.com
Primary
AD-Forest
Secure
0.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
1.1.10.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
1.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
1.18.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
10.10.10.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
10.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
11.10.10.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
11.18.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
11.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
11.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
11.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
11.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
128.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
13.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
13.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
13.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
13.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
130.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
15.18.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
15.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
15.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
15.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
15.29.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
15.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
16.10.10.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
16.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
16.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
17.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
17.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
17.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
17.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
17.29.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
17.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
19.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
19.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
19.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
196.169.193.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
2.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
20.10.in-addr.arpa
Primary
AD-Domain
Secure
Rev
20.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
200.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
21.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
21.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
21.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
23.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
23.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
23.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
23.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
239.24.217.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
25.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
25.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
25.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
25.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
252.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
252.22.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
252.23.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
252.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
252.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
252.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
253.18.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
253.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
253.22.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
253.23.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
253.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
253.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
253.26.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
253.29.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
253.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
254.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
254.18.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
254.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
254.22.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
254.23.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
254.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
254.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
254.29.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
254.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
255.10.10.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
27.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
27.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
27.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
29.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
29.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
3.18.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
3.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
3.22.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
3.23.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
3.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
3.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
3.26.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
3.29.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
3.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
31.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
31.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
32.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
33.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
35.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
37.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
39.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
41.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
43.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
45.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
47.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
49.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
5.18.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
5.19.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
5.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
5.22.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
5.23.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
5.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
5.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
5.29.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
5.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
50.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
51.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
52.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
53.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
54.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
55.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
60.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
62.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
64.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
7.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
7.18.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
7.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
7.22.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
7.23.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
7.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
7.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
7.29.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
7.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
70.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
80.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
88.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
9.18.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
9.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
9.22.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
9.23.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
9.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
9.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
9.29.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
9.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
our-domain-name.com
Primary
AD-Domain
Secure
Agi
ng
TrustAnchors
Primary
AD-Forest -
Active Directory migration from domain X to Y
Hey Guys
Planning to migrate Child domain to another child domain inter forest with ADMT
we do have a small environment with Active directory integrated DNS, I do have a rough knowledge of migrating domains but still if there is any checklist kind of thing on priority (i.e migrate users first then do groups then computers then GPO) and let me
know how much time it will take for 500 users 800 machines and 400 groups approximately .
We do not have techinical Architecture guys to plan up , Please list out any excel sheets for migration if any
Went through n number of blogs but still did not get any proper info about this , Thank you in advance1) I would recommend you first run a test of the steps in test before you do this in production. Otherwise your production becomes test.
2) By doing in test, you have taken a large amount of the risk out of the upgrade since, in test you should be able to look for any unforseen issues. The easiest way to test is to build a virtual fence from production and clone the DC's and member
servers that you want to test against (This is assuming you are running in a virtual environment). Ensure that you production environment is error free.
http://blogs.dirteam.com/blogs/paulbergson/archive/2009/01/26/troubleshooting-active-directory-issues.aspx
3) There should be no downtime at all, you can just extend the schema and then promote a new 2012 DC (I would recommend R2 if you can).
4) Before you do the schema extension you should take 2 backups on two different DC's. Taking two gives you less of a chance of a problem if one of the backups fails.
5)
Take a backup
Extend the schema
Join the 2012 R2 servers to the domain
Add the ADDS role to the 2012 R2 member servers
Promote the 2012 R2 DC's
Transfer the FSMO roles to the 2012 R2 DC's (Not required but recommended)
If you want to retire the 2003 DC's, then you will need to make sure that any clients pointing to the 2003 DC's for DNS are pointing to other DC's.
If you do retire the 2003 then you can think about updating the DFL and FFL of the domain and forest.
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security, BS CSci
2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
Please no e-mails, any questions should be posted in the NewsGroup.
This posting is provided AS IS with no warranties, and confers no rights. -
Hello
I am in the process of writing up the project plan for our company's upcoming migration off of our current Windows 2003 fileserver and on to Windows 2012. This is going to be a basic print/file server attached to a domain, with no real special requirements
beyond perhaps dfs. There will be a large number of department directories as well as individual user folders that will need to be moved and I want to, as much as possible, guard against permissions being scrambled in the transition. Here are my questions
- 1) Is there a good guide to such a migration somewhere to utilize as a reference, 2) what are best practices for keeping permissions intact through such a migration?
Thanks for any input!Hi,
Agree with SMFX you can use migration tool, here providing the link to download Migrating Tools and link for Server 2012. Please go through beneath link.
1. Install, Use, and Remove Windows Server Migration Tools
2. Migrate File and Storage Services to Windows Server 2012
Hope it helps!
Thanks. -
External DNS server not replicating records to secondary after migration from 2003 to 2012
Hi
I have a query relating to 2012 Server and DNS.
Last week we de-commissioned our primary external DNS server (Windows 2003 Server) and moved the role over to a new Windows 2012 server.
Since this point replication to our secondary server (3rd party hosted) does not seem to occur and our DNS records seem to have expired on the secondary server as we cannot look these up via nslookup.
I cannot see any failures in the event log of the server; I have checked our external firewall logs and nothing is being blocked inbound/ outbound as far as I can see. And the server’s local firewall has been disabled.
The server is a standalone server in a workgroup with a standard filebased primary zone, with no AD integration and recursion disabled.
When I created the zone I copied the .dns file from the old server and selected this in the interface during the creation of the zone on the new server. The new server has the same internal and external IP as the old server and the old server is off-line.
I have also manually increased the serial number of the zone and still no joy.
One thing that I have noticed is when I open the zones properties/Name Servers and click edit on the external nameserver I get the infamous "The server with this IP address is not authoritative for the required zone" error.
Any help Would be appreciated, thanks in advanceNice to hear that you are close in finding the problem. So in short:
You have enabled Zone transfers in DNS management console for the applicable zone
You have verified that your DNS is listening to the correct interfaces
You have enabled firewall rules to accept TCP and UDP traffic to port 53
You have checked if "BIND secondaries" option is applicable to your case
You have initiated a zone transfer from the secondary server
Lefteris Karafilis
MCSE, MCTS, SEC+
LinkedIn: http://www.linkedin.com/in/lkarafilis
Mail: [email protected]
Blog: http://www.karafilis.net -
when migrate from 2003 to 2012 server all user and ou in activedirectiry go to server 2012 or not
can upgrade from 2003 to 2008 to 2012 or notYes, you can add a 2012 server as a domain controller in your 2003 R2 functional level Active Directory. All AD information will replicate to the 2012 DC.
http://blogs.technet.com/b/canitpro/archive/2013/05/27/step-by-step-active-directory-migration-from-windows-server-2003-to-windows-server-2012.aspx
. : | : . : | : . tim -
DFS New Setup migrating from 2003 R2 file server to 2012 Server STD
We currently have a 2003 R2 flat file server with multiple layers of nested network shares with over 2.5TB of data. We want to migrate to DFS on 2012 Server standard version with deduplication enabled. We have never worked with DFS and deduplication and
any white paper on DFS and deduplication would be greatly appreciated. Not finding anything on DFS step by step for 2012 and in particular migrating from 2003 file share to 2012 server DFS.Thank you for the URL to your DFS write up. This was very helpful in my research of DFS. I have a couple of questions. Do I have to start DFS with two servers? I completely understand why you should have more than one server in the DFS pool (high
availability) but is it necessary? Also after setting up the two 2012 Servers with DFS, namespaces, and new shares managed by DFS manager, how do we migrate (move or copy) the existing shares to new server without losing the permissions? From what I've read
in your write-up all end users with have read and write permissions and admins have full. Also is there a best practice on how nested the shares should be setup within DFS? From looking at your write up the shares are one folder deep only. At this
company I'm migrating from a file server with shares 3-8 layers deep build up over the last 20 years. -
How to migrate DNS, DHCP Server from 2003 to 2012
Hi all,
I have one old server running server 2003, and i need to migrate the dns and dhcp server to server 2012.
I found all the articles, there are only migrate from 2003 to 2008 or 2008 to 2012.
Is there anyway to migrate it?
Thanks.Really confused why the "answer" to this thread states it can't be done, when clearly it can. This is the official approach (article dated Oct 2013):
Migrate DHCP Server to Windows Server 2012 R2
Within, you'll see that it says:
This guide provides instructions for migration of a DHCP server from a server that is running Windows Server 2003 or a later operating system to a server running Windows Server 2012 R2. Supported operating systems are listed in the following table.
Mike Crowley | MVP
My Blog --
Planet Technologies -
Migration from 2003 - 2010, OAB errors on client, and OAB virtual directory does not contain any files.
Hi,
Please re-create the Outlook profile to have a try. If the issue persists, we can do the further checks in Exchange server.
Please make sure you have changed the OAB generation server to Exchange 2010 and enable Web distribution on the Exchange 2010 Client Access server:
Move-OfflineAddressBook "Default Offline Address List" -Server <MBX2010>
If all configurations are correct, please check whether there is any folder in the following path in Exchange sever 2010:
a. OAB generation in Mailbox:
\\Program Files\Microsoft\Exchange Server\V14\ExchangeOAB
b. OAB distribution in Client Access:
\\Program Files\Microsoft\Exchange Server\V14\ClientAccess\OAB
Thanks,
Winnie Liang
TechNet Community Support -
Event properties – Event 91, Level Error, Event ID 91, Date and time 5/10/2012 11:29:48AM, Service CertificationAuthority
General:
Could not connect to the Active Directory.
Active Directory Certificate Services will retry when processing requires Active Directory access.
We have a Windows 2008 Server Enterprise with AD . I would like to enable the service "Certificate Services" that
allow me to enable radius to authenticate users wireless with the active directory.Hi,
Can you please check this forum or someone from Microsoft, as we have post here dating back from October that are not being answered.
Everything for us is exactly the same as szucsati and Racom
NMNM,
Please give us an answer on this as the link provided is absolutely useless.
Thank you. -
Upgrading AD from 2003 to 2012 R2
Hi All, I am hoping that someone could perhaps provide some insight on this topic as I apparently can't seem to google the best answer.
I have recently acquired an AD domain that is running on a 2003 domain controller. I have been tasked with upgrading our existing domain structure with 2012 R2 domain controllers for our main office and remote offices.
The domain name is company.mynetwork.com, and it is the default first site name. We have multiple offices throughout the US with their own domain controllers (i.e. FL.mynetwork.com, NY.mynetwork.com, DC.mynetwork.com, etc.).
Our main office, and default first site has one domain controller (mynetdc1) running Server 2003 R2. It is also our only DNS server for the main office. It also has an additional domain controller called mynetmaster3 which is running Server 2003.
Both mynetdc1 & mynetmaster3 NTDS settings show them as global catalogs under AD Sites & Services. Both servers are also in the AD Domain Controllers OU, along with all of the other satellite office domain controllers.
Additionally, our main office is running Exchange 2010 with the latest service pack. My questions are:
Can we demote and retire mynetmaster3, then replace mynetdc1 with a newly promoted 2012 R2 global catalog domain controller without harming anything in the domain tree and interrupting connectivity to the other offices (this of course goes without
saying after a 4 hour maintenance window to get the task completed has passed)?
Should we upgrade the satellite offices first after raising the functional level for mynetdc1, or should we do the opposite (upgrade main office, then satellite offices)?
Exchange 2010 is heavily dependent on AD, what effect will this entire project have on our email server? What steps should we take beforehand to ensure email continuity?
Finally, is there any shame for a Net Admin to suggest that we hire an implementation specialist for this task? :)
Any advice would be greatly appreciated!Hello,
for upgrading to Windows Server 2012 R2 directly see
http://blogs.msmvps.com/mweber/2012/07/30/upgrading-an-active-directory-domain-from-windows-server-2003-or-windows-server-2003-r2-to-windows-server-2012/
There are known issues with Windows Server 2003 DCs and Windows Server 2012 R2 so please see
http://blogs.technet.com/b/askds/archive/2014/07/23/it-turns-out-that-weird-things-can-happen-when-you-mix-windows-server-2003-and-windows-server-2012-r2-domain-controllers.aspx#pi145002=5 to be up to date with required patches.
I would also recommend that you first install new DCs into the existing domain and assure they work complete correct with the support tools, dcdiag, repadmin, ADREPLSTATUS and dnslint. All of them MUST be error free BEFORE you install new OS DCs and
also after every new DC is added to the domain. Do NOT start or go on if errors are listed!
I would always start on the main office machines and then go on with branch offices.
For Exchange it should work as AD is already prepared for it BUT you should also ask the experts in
http://social.technet.microsoft.com/Forums/exchange/en-US/home?forum=exchange2010
And for your last question, there is of course NO SHAME to tell your boss that an expert is required as this steps with all detailed requirement may crash the complete forest and at least this should be also a reason for your boss to think about. If you
don't talk about this and it fails is much more worse then saying that you have concerns because this is the first time you have to manage this.
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://blogs.msmvps.com/MWeber
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Twitter: -
Is there anything that needs to be done or considered when migrating from 2003 domain/forest level to 2008R2 with all DC's at 2008R2 with 2 other 2003 separate Domain incoming
and outgoing Trusts, one Trust that is a Forest Trust and the other is an External Trust? Is there any chance or risks that doing this upgrade will break either one of these Trust relationships? Some of the user accounts with SID history have been migrated
from both Domain Trusts to our domain. Any chance that this upgrade will break these relationships for users that are using SID history for access to folders and files in their old Domains? If so what can be done to protect these trusts and SID history, prior
to moving the Domain to 2008R2Hi,
Based on my knowledge,
the Upgrade of the function level do not affect the trust relationship.
Besides, before you upgrade the Functional Level,
verify that all DCs in the domain are, at a minimum, at the OS version to which you will raise the functional level.
Once the Functional Level has been upgraded, new DCs on running on downlevel versions of Windows Server cannot be added to the domain or forest.
For more information about function level, we can refer to following links:
Understanding Active Directory Domain Services (AD DS) Functional Levels
http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels(v=ws.10).aspx
What is the Impact of Upgrading the Domain or Forest Functional Level?
http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx
Best Regards,
Erin
Maybe you are looking for
-
IPod 5th Gen constantly resets and is not detected
My iPod 5th Gen erased all my music and constantly resets when plugged in. I've searched far and wide through support to no avail so I look to the community to aid my quest to load music to my iPod again. Thanks in advance for the help! Situation:
-
Trouble with Adobe Flash 11 functioning after install
After installing Adobe Flash Player 11 and receiving confirmation, it still will not function when trying to view video. Have removed previous program, followed instructions and tried install several times and still no luck.
-
CommandButton tag will not display
Hello, I'm a jsf beginner and have just tried deploying and viewing my first jsp .xhtml page (using netbeans). I am trying to display a simple command button, but for some reason, it does not get displayed in my browser -- I get a blank page. Obvious
-
Forms trouble (encoding, not nls_lang ?)
Hi! I have a trouble with Forms 6i ("thin client") on the IAS (6iserver). I receive unknown encoding on the buttons with the standard dialog "Do you want to save the changes you have made?". So the message of the dialog is correct and all other dialo
-
All po's released in a given date range:EXIT M06E0004,logic?
Hai, After lot of browsing in the forum,I came to the conclusion that to capture ALL RELEASED PO in a date range one ahs to use CDHDR/CDPOS or implement EXIT and populate ZTABLE. Now i have seen the exit M06E0004 triggers upon lot of actions(change