Win 2k to 2k3 Migration?

[agrikk]

Greetings!

I am planning an infrastructure upgrade from Windows 2000 to Windows 2003. I have two servers that I plan to set up thusly:

Server1: (main)
AD Primary Controller
File/Print
DHCP
DNS

Server2: (utilities)
AD Backup controller
Antivirus Server
Software Updates Server
Backup Server
Ghost Image host
Drivers/Software Images, etc


The existing 2000 network has been acting pretty flaky so I plan on blowing out the exiting servers, formatting their drives and starting with a fresh install of 2003 and a new installation of Active Directory.

I would like to preserve current user settings (including roaming profiles, passwords, group membership, etc) computer account settings, and GPOs.

Is there a way to make a backup of these sections of AD (like to a text file or something) and restore them to my squeaky clean 2003 Directory?

Does anyone have any experience with this type of installation who could give me some tips or point me in the right direction?

 

[sandmanx]

If you find a way to keep the settings while blowing away the old install, let me know. I had the blow our domain away a couple years back and it was the most stressful week of my life (50 computers, ~80 users all resetup). AFAIK, you can't do too much here because a new install gives you all new UID's so settings won't port over.

You might be better off getting new hard drives and loading up the 2k3 servers and move them over when you're ready. Also make sure you have plenty of ram on those machines. I've got one 2k3 server right now(web center edition) and it's quite fast. Another option is to upgrade the servers and see if they run any better, then if they still suck, blow them away and then reinstall. Whatever you do, make sure all your progs and hardware are compatable with 2k3.

 

[MorfiusX]

You're problem is that everthing in the directory has a unique Security Identifier (SID). Each time a new object is created, a new SID is generated. This is why when you delete an account and then re-create the account, it's not the same account even though the name is the same. AD and Windows links everything based on these SIDs, the actual name is only there to make the account human-readable. To the OS and AD, everthing is a SID.

So, when you go through this format process, you're going to need to manually re-create these things.

The key to any successful migration is planning. It's not something you can just do. You are going to migrate to 2003 more than you are going to upgrade. Part of planning is testing. Get spare PC, install 2000 AD and make it a DC. Then test the upgrade/migration.

From my experience, 2003 has many optimizations to the way AD works (Global Cataloge caching is a big one) that might help with the problems you've been having.

 

[MorfiusX]

Also, if you are going to do a format and reinstall, you can use LDIFDE to export all of your users which might save some time. The reason that M$ recomends assigning permision to group instead of individuals is evident hear. If you have say 800 users and 50 groups, and you have permisions to folders and what not assigned to the groups, then you only have to re-create permisions for the 50 groups, and not 800 users.

 

[agrikk]

The key to any successful migration is planning. It's not something you can just do. You are going to migrate to 2003 more than you are going to upgrade. Part of planning is testing. Get spare PC, install 2000 AD and make it a DC. Then test the upgrade/migration.

That's what I'm doing. Research, research and more research, and then testing, testing testing...

But I still need to know if it's possible to migrate users form a 2000 AD to a 2003 AD.

 

[figgie]

That's what I'm doing. Research, research and more research, and then testing, testing testing...

But I still need to know if it's possible to migrate users form a 2000 AD to a 2003 AD.

instead of blowing away first

i would first and foremost nstall the win2k3 server as an DC for your domain. This will sync everything up and pull ALL user info and OU structure right of the bat. It should detect that it is in windows 2000 compatability mode. Also you need to run a tool called adprep (adprep /forestprep and adprep /domainprep). This updates the schema with necessary info to support win2k3 dc's

Once the copying is done. Demote the other two win2k DC and then your win2k3 box should be the only DC left. Then rebuild old win2k server as win2k3 and dcpromo them and you are set.

Of course. Dry run this. Make sure it works

 

[bigstusexy]

I think I'm about to say the same thing as figgy. I did some research on upgrading to 2k3 for 2k and all methods seemd to be an in place upgrade (I don't remeber the artilce its on tech net). SO I would do it like tihs


Update in place to 2k3 then what you could do go through the steps of replacing a server
IE: Making sure that you have a read and wrietable copy of the domain on another computer
demoting the target computer
Reinstall as fit and premote the computer again
Sync and verify then you can start on the other computer.

Yeah this purely theory pulled out of my head so it would need to be tested before done and don't forget to do a full backup of all the servers before you begin anyway as a "just in case" safety net.