PKI migration from 2003 to greenfield 2008 R2 plan-of-approach

Hi,
I've done a lot of reading here already but I'm on a dead end. Here's my scenario:
I have 1 Stand-alone root CA plus 2 Enterprise issuing CA's, all running Windows Server 2003. I'm trying to move all servers to a new OS platform: Server 2008 R2. The way I'm seeing this is I have to migrate the Root CA first, then all issuing CA's, so my
first question is:
1. Is this correct?
I followed this procedure:
http://technet.microsoft.com/en-us/library/cc742388(v=ws.10).aspx. At "To set up a CA on a computer running Windows Server 2008" I specified the backup I made earlier and specified the private key from the 2003 stand-alone root CA. After
the wizard finishes, I am able to succesfully start the CA on the 2008 server. Next chapter is "Restoring the database and configuration on the target computer". It prompts to shut down the CA service, which I allow, it restores the DB (which
I point to as part of the wizard), when it finishes restoring, it prompts to start the CA service again. This is where the headache starts; it throws an ADCS error "0xc8000220 (ESE: -544)" and it fails to start.
The application log on the target server throws the following errors (in chronological order) :
[source: ESENT - EventID: 916] certsrv.exe attempted to attach database 'C:\windows\system32\certlog\<CANAME> but it is a database restored from a backup set on which hard recovery was not started or did not complete successfully'
[source: CertificationAuthority - EventID: 17] "Active Directory Certificate Services did not start: Unable to initialize the database connection for <CANAME>. Error: 0xc8000220 (ESE: -544).
I have no idea as to what this means so my next Obvious question would be:
2. Please advice in my next step?
Cheers!
Check out my blog you-n-it.net

Kurt,
Thanks for your reply.
Unfortunately I'm still not able to migrate an out-of-the-box stand-alone root CA 2003 to a 2008 server. Using the same or another host name. I'm at a dead end. One thing I noticed is:
When running esentutl /g on the running CA DB (in a lab) things are ok. Running it on the back-upped version of the db, it says it's corrupted. esentutl /r does NOT repair it. esentutl /p does, and afterwards it's verifiable using esentutl /g but it's still
not possible to bring it online. I've followed
http://technet.microsoft.com/en-us/library/cc742388(v=ws.10).aspx to the letter and I've read other sites as a comparison (not doubting, merely looking for success stories based on this procedure) and it seems like I'm the only one in the world that's unable
to perform a successful restore! :( Anywhere I can dig deeper?
This error is my nemesis: [ESENT: 412] certsrv.exe (2824) Restore0001: Unable to read the header of logfile C:\Windows\system32\CertLog\edb00003.log. Error -546.
Cheers!
Check out my blog you-n-it.net

Similar Messages

Stuck at restoring print queues while migrating from 2003 X86 to 2008 R2

i am trying to migrate from 2003 to 2008 R2 but i am stuck where it says restoring print queues and is tuckat 84% there is no error and it has not completed from pas 3 hrs now.. i have 6 print queues on it and is it normal that this willtake such long for
these 7 queues

we are getting the following error.
Log Name: Application Source: Microsoft-Windows-PrintBRM Date: 1/23/2014 5:27:15 PM Event ID: 30 Task Category: (5) Level: Error Keywords: Classic User: N/A Computer: MARPRINTPC01N1.bsci.bossci.com Description: The language monitors in the backup file
are for a different processor architecture than the destination computer. Printbrm.exe (the Printer Migration Wizard or the command-line tool) will not migrate any language monitors. Source architecture: Windows NT x86. Destination architecture: Windows x64.
Event Xml: <event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><system></system><provider EventSourceName="PrintBrm" Guid="{CF3F502E-B40D-4071-996F-00981EDF938E}" Name="Microsoft-Windows-PrintBRM"></provider><eventid Qualifiers="49154"></eventid>30</eventid><//eventid>
<version></version>0</version><//version> <level></level>2</level><//level> <task></task>5</task><//task> <opcode></opcode>0</opcode><//opcode> <keywords></keywords>0x80000000000000</keywords><//keywords> <timecreated SystemTime="2014-01-23T22:27:15.000000000Z"></timecreated><eventrecordid></eventrecordid>4174</eventrecordid><//eventrecordid>
<correlation></correlation><execution ProcessID="0" ThreadID="0"></execution><channel></channel>Application</channel><//channel> <computer></computer>MARPRINTPC01N1.bsci.bossci.com</computer><//computer> <security></security></system><//system><eventdata></eventdata><data
Name="param1"></data>Windows NT x86</data><//data> <data Name="param2"></data>Windows x64</data><//data> </eventdata><//eventdata></event>

PKI Migration from 2003 to 2012

Hi,
I need to migrate PKI win 2003 setup to 2012 setup. Currently, I have one Root CA ( w2003) and 2 SubCA (2003) and one Sub CA(2008) and future scenario would be one root (2012) and two Sub CA(2012). PLease let me know how shall we proceed with migration and
key points to look for. I would like to know how to make sure of successful template replication; also how autoenrolled certificates will be migrated. Please suggest.
Also, since there is no enterprise version availabe in 2012, datacentre version will work for me for SUb CA, right ?
Thanks

Hi
Migrate CA from 2003 to 2012 is almost is the same as to 2012, we can refer the following step by step article first:
How to migrate CA from Server 2003 to Server 2008 R2 – Part III Restore CA on Destination Server
http://blogs.technet.com/b/csstwplatform/archive/2012/04/30/how-to-migrate-ca-from-server-2003-to-server-2008-r2-part-iii-restore-ca-on-destination-server.aspx
More related KB:
AD CS Migration: Preparing to Migrate
http://technet.microsoft.com/en-us/library/ee126102(v=ws.10).aspx
AD CS Migration: Migrating the Certification Authority
http://technet.microsoft.com/en-us/library/ee126140(v=ws.10).aspx
Active Directory Certificate Services Migration Guide
http://technet.microsoft.com/en-us/library/ee126170(v=ws.10).aspx
I’m glad to be of help to you!
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

CA Server Migration from 2003 R2 to 2008 R2

What would be the best path to upgrade the Certification Authority (CA) server for a domain that is currently running off Windows Server 2003 R2?
1. In-place upgrade to 2008
2. Backup existing configuration, decommission server from domain, bring a 2008 R2 server online to the domain with the same name and then restore configuration

Hello,
is that a single server domain? So everything is installed on a single DC?
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://blogs.msmvps.com/MWeber
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Twitter:

Migrating from 2003 DC to 2008

I have been working on cleaning up a network that I inherited. Currently we are running at a 2003 function level and I want to bump that up to 2008.
At our main site I have 3 Domain Controllers, 2 are 2008 and 1 is 2003. I have one 2008 DC at a secondary site.
The 2003 domain controller is also running Exchange 2007. We have a new server running Exchange 2010 but we have kept that old 2007 running because it does call recording and we have not been able to migrate that off yet.
A consulting company told me not to DCPROMO the 2003 server down until we were able to remove Exchange 2007.
I want to DCPROMO down the 2003 server and raise the domain function level but was a little nervous after they told me that.
However, I can't really understand why Exchange would make a difference whether the server is a domain controller. Really Exchange should have never been put on a domain controller anyway.
One more thing, the 2003 server is also the DHCP server, have not migrated that yet either.
Any thoughts/tips?
Thanks,

Hi,
Installing Exchange on a domain controller is not recommended, if we have install Exchange on DC, and then change DC to member server may lose functionality in Exchange, here is an article talked about Exchange Server 2003 and Domain Controllers, it
should also apply for Exchange 2007, please go through it:
http://theessentialexchange.com/blogs/michael/archive/2007/11/13/exchange-server-2003-and-domain-controllers-a-summary.aspx
Regards,
Yan Li
Regards, Yan Li

FSMO Migration from 2003 to 2008 R2

I am prepping for FSMO migration from 2003 to 2008 R2 this weekend. I was going through the steps and found a issue that is concerning me. On the 2008 server which is a DC and going to hold all FSMO roles. When I right click on Schema to change Schema
Master the "Change field" does not reflect the new 2008 R2 server? Is this by design...As in will this reflect the 2008 R2 server once I do step 1 Change Domain Controller? Single domain simple AD topology. I am an enterprise admin, domain
admin, and schema admin. The current FSMO is 2003 R2 and it follows to current 2003 R2 and 2008 R2. Will I have to seize the role?
All other FSMO moves show the new server ma-file1. Any help appreciated.
Dave Santel

All AD commands show that I have healthy replication, DNS, ect. No errors. Issue as stated above is when I goto "Change Schema Master" on ma-file1 it only gives the option to change to 2003 existing FSMO ma-file. Not sure if I should proceed with
FSMO migratio using NTDSUTIL to manually transfer? Or if anyone has any advice on how to proceed?
C:\>netdom query fsmo
Schema master               ma-file.ccc.local
Domain naming master        ma-file.ccc.local
PDC                         ma-file.ccc.local
RID pool manager            ma-file.ccc.local
Infrastructure master       ma-file.ccc.local
The command completed successfully.
C:\>netdom query dc
List of domain controllers with accounts in the domain:
MA-FILE
MA-FILE1
MA-UTILITY
The command completed successfully.
Dave Santel

Migrating from 2003 domain/forest level to 2008R2 with all DC's at 2008R2 and 2 other Domain External and Forest Trusts

Is there anything that needs to be done or considered when migrating from 2003 domain/forest level to 2008R2 with all DC's at 2008R2 with 2 other 2003 separate Domain incoming
and outgoing Trusts, one Trust that is a Forest Trust and the other is an External Trust? Is there any chance or risks that doing this upgrade will break either one of these Trust relationships? Some of the user accounts with SID history have been migrated
from both Domain Trusts to our domain. Any chance that this upgrade will break these relationships for users that are using SID history for access to folders and files in their old Domains? If so what can be done to protect these trusts and SID history, prior
to moving the Domain to 2008R2

Hi,
Based on my knowledge,
the Upgrade of the function level do not affect the trust relationship.
Besides, before you upgrade the Functional Level,
verify that all DCs in the domain are, at a minimum, at the OS version to which you will raise the functional level.
Once the Functional Level has been upgraded, new DCs on running on downlevel versions of Windows Server cannot be added to the domain or forest.
For more information about function level, we can refer to following links:
Understanding Active Directory Domain Services (AD DS) Functional Levels
http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels(v=ws.10).aspx
What is the Impact of Upgrading the Domain or Forest Functional Level?
http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx
Best Regards,
Erin

DNS EventID 4015 on PDC since Domain Migration from 2003 R2 = 2012

Hi,
following problem here:
2 Domain Controllers with AD Integrated DNS Zone, migrated from 2003 R2 to 2012. One Single Root Forest.
The Primary Domain Controller shows every 2, 3 or 4 hours the DNS EventID 4015. No further error is available: (which is may emty) "".
Only on the Details pane you can find this Information:
======================================
- System
- Provider
   [ Name] Microsoft-Windows-DNS-Server-Service
   [ Guid] {71A551F5-C893-4849-886B-B5EC8502641E}
   [ EventSourceName] DNS
- EventID 4015
   [ Qualifiers] 49152
   Version 0
   Level 2
   Task 0
   Opcode 0
   Keywords 0x80000000000000
- TimeCreated
   [ SystemTime] 2013-12-10T19:48:17.000000000Z
   EventRecordID 2456
   Correlation
- Execution
   [ ProcessID] 0
   [ ThreadID] 0
======================================
The Migration was made by the following steps:
Bring Up the first 2012 MigrationDC as 3rd DC to the Domain.
Move the FSMO Roles to the 2012 MigrationDC
DHCP Data migrated with Server Migration Tools, IAS Data with iasmigrader.exe exported
DCPromo DC1 (2003 R2) and Format C:
Install a fresh 2012 Installation on old DC1 an rename it again with the original Name DC1
DHCP Data migrated with Server Migration Tools, IAS Data with iasmigrader.exe exported
DCPromo DC2 (2003 R2) and Format C:
Install a fresh 2012 Installation on old DC2 an rename it again with the original Name DC2
Move Back the FSMO Roles to DC1
DCPromo the first 2012 MigrationDC
Metadata Cleanup for MigrationDC
DCDIAG /V /C Shows no Errors, all works good, the funny Thing is, that only DC1 Shows the DNS EventId 4015 in production evironment. The only exception is, that if you reboot DC1 (i.e. for maintenance, upates etc) than the error appears on DC2. Exactly on
that time, if DC1 is temporarily not availble and DC2 is under "load". If DC1 is back again, the Event 4015 Ends on DC2 and Comes back to DC1!!!
I backupped and restored DC1 and DC2 in an lab Environment, the funny Thing is that the EventID 4015 doesnt appear in lab Environment. The difference between prod and lab is: prod is bare metal with 2 teamed nics, lab is hyper-v vm's with 2 virtual teamed
nics. same IP's etc... DNS NIC Settings are the same.
It Looks like you can only produce the error in the production lab if you have the DC under "load".
This Event was discussed here more than one time in the Forum, but the issues doesnt match 100% to my Problem. No RODC is available in my prod Environment, the EventID 4015 has no further Errors "" in the Eventlog like in other Posts.
Ace Fekays blog :" Using ADSI Edit to resolve conflicting or duplicate AD Integrated Zones" was helpful for metadata cleanup, but it could not fix the EventId 4015 away. Because we had no Problems with disappearing zones...
Maybe Enabling NTDS Verbose Logging in the registry is helpful, but i dont know for what i have to Keep an eye out?
The thread
http://social.technet.microsoft.com/Forums/windowsserver/en-US/c0d3adb4-67d2-470c-97fc-a0a364b1f854/dns-server-error-event-id-4015-after-replacing-domain-controller-with-another-using-same-name?forum=winserverDS seems to match to my Problem, but also no
soulution available...
Any ideas what causes this "ugly" Event without noticable consequences?

Zonenname
Typ
Speicher
Eigens
chaf
ten
Cache
AD-Domain
_msdcs.our-domain-name.com
Primary
AD-Forest
Secure
0.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
1.1.10.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
1.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
1.18.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
10.10.10.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
10.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
11.10.10.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
11.18.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
11.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
11.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
11.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
11.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
128.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
13.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
13.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
13.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
13.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
130.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
15.18.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
15.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
15.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
15.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
15.29.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
15.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
16.10.10.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
16.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
16.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
17.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
17.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
17.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
17.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
17.29.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
17.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
19.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
19.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
19.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
196.169.193.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
2.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
20.10.in-addr.arpa
Primary
AD-Domain
Secure
Rev
20.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
200.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
21.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
21.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
21.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
23.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
23.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
23.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
23.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
239.24.217.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
25.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
25.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
25.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
25.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
252.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
252.22.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
252.23.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
252.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
252.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
252.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
253.18.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
253.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
253.22.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
253.23.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
253.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
253.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
253.26.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
253.29.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
253.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
254.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
254.18.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
254.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
254.22.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
254.23.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
254.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
254.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
254.29.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
254.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
255.10.10.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
27.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
27.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
27.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
29.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
29.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
3.18.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
3.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
3.22.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
3.23.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
3.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
3.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
3.26.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
3.29.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
3.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
31.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
31.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
32.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
33.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
35.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
37.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
39.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
41.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
43.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
45.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
47.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
49.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
5.18.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
5.19.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
5.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
5.22.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
5.23.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
5.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
5.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
5.29.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
5.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
50.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
51.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
52.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
53.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
54.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
55.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
60.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
62.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
64.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
7.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
7.18.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
7.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
7.22.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
7.23.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
7.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
7.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
7.29.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
7.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
70.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
80.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
88.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
9.18.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
9.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
9.22.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
9.23.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
9.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
9.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
9.29.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
9.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
our-domain-name.com
Primary
AD-Domain
Secure
Agi
ng
TrustAnchors
Primary
AD-Forest

DFS New Setup migrating from 2003 R2 file server to 2012 Server STD

We currently have a 2003 R2 flat file server with multiple layers of nested network shares with over 2.5TB of data. We want to migrate to DFS on 2012 Server standard version with deduplication enabled. We have never worked with DFS and deduplication and
any white paper on DFS and deduplication would be greatly appreciated. Not finding anything on DFS step by step for 2012 and in particular migrating from 2003 file share to 2012 server DFS.

Thank you for the URL to your DFS write up. This was very helpful in my research of DFS. I have a couple of questions. Do I have to start DFS with two servers? I completely understand why you should have more than one server in the DFS pool (high
availability) but is it necessary? Also after setting up the two 2012 Servers with DFS, namespaces, and new shares managed by DFS manager, how do we migrate (move or copy) the existing shares to new server without losing the permissions? From what I've read
in your write-up all end users with have read and write permissions and admins have full. Also is there a best practice on how nested the shares should be setup within DFS? From looking at your write up the shares are one folder deep only. At this
company I'm migrating from a file server with shares 3-8 layers deep build up over the last 20 years.

Windows Migration from 2003 to 2012

Hi,
When I try to complile my vb6 code, it gives me "ActiveX component cannot create object" in half way of compiling. Advice me to get over the error.

Hi,
Did you have any migration issue during migration from 2003 to 2012?
There are several causes, for example
The class isn't registered.
A DLL required by the object can't be used, either because it can't be found, or it was found but was corrupted.
For more detail information, you could refer to this article:
http://msdn.microsoft.com/en-us/library/aa231060(v=vs.60).aspx
Meanwhile, the issue is more related to VB6 code issue, so i suggest that you may ask in vb forums for more support:
https://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=vbgeneral
Regards.
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Migration from 2003 - 2010, OAB errors on client, and OAB virtual directory does not contain any files.

Migration from 2003 - 2010, OAB errors on client, and OAB virtual directory does not contain any files.

Hi,
Please re-create the Outlook profile to have a try. If the issue persists, we can do the further checks in Exchange server.
Please make sure you have changed the OAB generation server to Exchange 2010 and enable Web distribution on the Exchange 2010 Client Access server:
Move-OfflineAddressBook "Default Offline Address List" -Server <MBX2010>
If all configurations are correct, please check whether there is any folder in the following path in Exchange sever 2010:
a. OAB generation in Mailbox:
\\Program Files\Microsoft\Exchange Server\V14\ExchangeOAB
b. OAB distribution in Client Access:
\\Program Files\Microsoft\Exchange Server\V14\ClientAccess\OAB
Thanks,
Winnie Liang
TechNet Community Support

Roaming profiles migration from 2003 to 2008

Hi everyone,
I need to know if there is a tool from Microsoft or a procedure for TS profile migration settings from 2003 to 2008 R2 like network links, connected printers ...
for data migration I see that I can use this link http://support2.microsoft.com/kb/947025/en-us?wa=wsignin1.0
I heard about some tools like Profile Migrator or Forensit,
but I want to do it cleanly with Microsoft recommandation
Any help will be very appreciated,
Thanks

Hi Sam,
Thank you for posting in Windows Server Forum.
Yes, agree with link provided by Milos. As it’s incompatible but we can use USMT tools and need to migrate the user profile based on the following situations.
Roaming Profile: The following KB article is helpful in this scenario:
Support guidelines for migrating roaming user profiles data to Windows Vista or to Windows Server 2008
http://support.microsoft.com/default.aspx?scid=kb;EN-US;947025
Local Profile: There is no out-of-box way to support the automatic migration based on my experience. You may need to manually migrate the data into the new profile locations.
Hope it helps!
Thanks.
Dharmesh Solanki
TechNet Community Support

Active Directory Migration from 2003 to 2012 Process Flow

We are planning to migrate from Windows Server 2003 AD to Windows server 2012 Server for 6000 Users,
Can any one suggest on Following .
1)What is the Best and Safe Way to do Migration
2) What are the Precautions should take,
3) How much downtime it will take,
4) If migration Failed how we can revert to Earlier
5) How to do Migration Step by Step
Current Environment:
Domain Having One PDC(server 2003 R2) and 8 ADC(Server 2003 R2) in Different Locations
PDC having All FSMO Roles and Global Catalog
Exchange server 2007 was integrated to Active Directory
And some Application are integrated to Active Directory

1) I would recommend you first run a test of the steps in test before you do this in production. Otherwise your production becomes test.
2) By doing in test, you have taken a large amount of the risk out of the upgrade since, in test you should be able to look for any unforseen issues. The easiest way to test is to build a virtual fence from production and clone the DC's and member
servers that you want to test against (This is assuming you are running in a virtual environment). Ensure that you production environment is error free.
http://blogs.dirteam.com/blogs/paulbergson/archive/2009/01/26/troubleshooting-active-directory-issues.aspx
3) There should be no downtime at all, you can just extend the schema and then promote a new 2012 DC (I would recommend R2 if you can).
4) Before you do the schema extension you should take 2 backups on two different DC's. Taking two gives you less of a chance of a problem if one of the backups fails.
5)
Take a backup
Extend the schema
Join the 2012 R2 servers to the domain
Add the ADDS role to the 2012 R2 member servers
Promote the 2012 R2 DC's
Transfer the FSMO roles to the 2012 R2 DC's (Not required but recommended)
If you want to retire the 2003 DC's, then you will need to make sure that any clients pointing to the 2003 DC's for DNS are pointing to other DC's.
If you do retire the 2003 then you can think about updating the DFL and FFL of the domain and forest.
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security, BS CSci
2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
Please no e-mails, any questions should be posted in the NewsGroup.
This posting is provided AS IS with no warranties, and confers no rights.

ADMT 3.2 migration from 2003 to 2012 R2

Hello,
The latest update of ADMT supports AD 2012 (and R2), and I succeed the following migration with ADMT 3.2 :
2003 -> 2008 R2
then
2008 R2 -> 2012 R2
I would like to know if the migration from an AD 2003 to AD 2012 R2 is possible in one step and if someone did that (that means without the 2008 R2 transition's step).
Thanks

Migration from an AD 2003 to AD 2012 R2 is possible:
http://technet.microsoft.com/en-us/library/active-directory-migration-tool-versions-and-supported-environments(v=ws.10).aspx
##EDIT###
By the way, as mention in the link above, the updated tool is available to download
here or
here.
Please take a moment to Vote as Helpful and/or Mark as Answer where applicable. Thanks.

Check Stored Procedures after Migration from MS SQL Server 2008 to Oracle11

I successfully migrated my application database (azteca) from MS SQL Server 2008 to Oracle 11g R2. After migration, I found there are few stored procedures are not valid. How do I check these invalid stored procedures and find what is wrong with them by using SQL Developer? Thanks for your help.
Kevin

Hi Kevin,
You posted quite a bit today, so perhaps you have already worked this out. If not...
1. View -> Reports -> Data Dictionary Reports -> All Objects -> Invalid Objects [for a specific schema name]
2. Next, for each invalid stored procedure listed in (1)...
a. Open in the code editor from the Connections navigator tree
b. Click on the Compile icon (two gears meshed together) in code editor tool bar.
c. Look in the Compiler log pane for errors.
d. Correct the errorsOf course, success in addressing any errors depends on your skill level dealing with Oracle PL/SQL.
Also, it may be helpful to read over section *3.2 Stored Procedures* in the supplementary migration guide:
http://docs.oracle.com/cd/E35137_01/doc.32/e18462/trig_stored_proc.htm#CHDEIGBC
Regards,
Gary
SQL Developer Team

PKI migration from 2003 to greenfield 2008 R2 plan-of-approach

Similar Messages

Maybe you are looking for