Domain Migration

We are a Windows shop here at First Church. For the past 2 years we have been running a Windows Server 2003 R2 domain. Recently though, we began having some trouble with our primary server and domain controller. The techie folks out there understand that this is a significant problem. For those of you who aren’t familiar with Windows domains, suffice to say that this server controlled internet access, shared drives, printing, and anti-virus. Basically everything that happens everyday.

We hobbled along for 2 weeks while some new hardware arrived. Finally our Dell R710 server and half rack came in on a semi-truck. It was an ordeal just to get it onto a cart (think pallet jack, forklift, mega cart, smaller cart, elevator, and 4 strong backs). It took me about 16 hours to change over our physical equipment and install a fresh copy of Windows Server 2008 R2. This is our OS of choice now since the R710 supports tons of memory allowing us to run virtual servers.

Meanwhile we were still hobbling along with our old equipment. I was able to install 2008 R2 onto a donated Dell PowerEdge 1800. This is a fairly robust box with dual 3.6Ghz Xeons, 4GB of RAM, and RAID 5 SATA drives. We will call this server #3. I then added this server as a member server to our existing 2003 domain, promoted it to a secondary domain controller, and adjusted the DNS settings of the primary server to point to the secondary server in the event of a failure. Things were stable finally.

I researched for roughly a week on the migration process from 2003 to 2008 R2. My main areas of concerning were:

• Active Directory
• Network Printers
• DNS/DHCP
• Shared Drives
• Sophos Anti-Virus

I will list the steps I used in order to complete the migration. The main process was to use Server #3 as a temporary server while I recreated Server #1. I began at 6:00 on Friday evening and was finished by 2:00 AM.

1. I used this guide for the high level steps
2. Full Backup #1 to external USB, backup of shared drives to network share using Synctoy 2.1 Echo
3. Transfer FSMO roles from #1 to #3 using this Petri article
4. Verify FSMO roles on #3 by running netdom query /domain:<our domain name> fsmo
5. Transfer 64 bit drivers for each printer to #3 and used Microsoft Printer Manager 3.1 on #1 according to Experts-Exchange
6. Backup Sophos Anti-Virus database using according to this KB

With everything removed from server #1 I was able to run DCpromo.exe and demote it as a domain controller. Server #3 now has our active directory, global catalog, and DNS.

The following steps were required because I wanted to name our new server the same as the old one. This way printers, mapped drives, and anti-virus updating remained the same. The win here is that I didn’t have to go around to each computer to reconfigure them.

1. Remove old Server #1 from the domain
2. Remove static IP address
3. Rename old Server #1 to #4
4. Rename new server to #1
5. Add static IP address (to match the old server to make DNS easier)
6. Add Server #1 as a member server to our domain
7. Run DCpromo.exe to promote it to a domain controller
8. Add DNS and DCHP roles to Server #1
9. To transfer the DHCP settings I used this Petri article. This was straightforward.
10. Change DHCP scope to point to Server #1 rather than Server #3
11. Install x64 printers by completing the Experts-Exchange article
12. Test Printers
13. Transfer our shared drives to Server #1 over the network using SyncToy 2.1 Echo (reversed this time)
14. Share the appropriate folders (this way the mapped drive paths for each client are identical)
15. I attempted to use this Sophos Knowledge base to migrate the anti-virus database. However, I consistently got errors in Step 5 sub-step 3. A call to Sophos 24 hour tech support proved unhelpful. I resorted to re-installing Enterprise Console 4.5 from scratch and recreating our policies from memory. Fortunately it was pretty basic.
16. Restart several clients to ensure they are able to logon, get the correct IP settings, have access to the shares, and print properly.
17. Raise domain function level from 2003 to 2008 R2 using Petri article here

WOW! That is a lot of stuff. This was one of the most intense things I have done in IT, so many little pieces of a giant puzzle. I am certainly glad it is complete.