Recently I had to help move some services off of a few old 2003 domain controllers. I compiled the following list to help me remember all of the things I needed to check
Moving NTP
· Old DC
o w32tm /config /syncfromflags:domhier /reliable:no /update
o net stop w32time && net start w32time
· New DC
o w32tm /config /manualpeerlist:time.windows.com /syncfromflags:manual /reliable:yes /update
o net stop w32time && net start w32time
Moving DHCP
o Export from 2003
§ Netsh
§ DHCP
§ server <\\Name or IP Address>
§ export c:\w2k3DHCPdb all
o Import to 2008
§ Copy the exported DHCP database file to the local hard disk of the Windows Server 2008-based computer.
§ Install the DHCP Role on the server.
§ net stop DHCPserver
§ Delete the DHCP.mdb file under c:\windows\system32\DHCP folder.
§ Start the DHCP server service.
§ Netsh
§ DHCP
§ server <\\Name or IP Address>
§ import c:\w2k3DHCPdb
§ Restart DHCP and verify the database has moved over properly.
· Open Active Directory Sites and Services.
o expand the Sites container
o expand the site of the domain controller you want to check
o expand the Servers container
o expand the Server object.
§ Right-click the NTDS Settings object, and then click Properties
§ On the General tab, if the Global Catalog box is selected, the domain controller is designated as a global catalog server.
· netdiag /test:dns /v (2003)
· move DNS – point all servers to one primary DNS
· netdiag /test:dsgetdc /v (2003)
· nltest /dclist:
· dcdiag /s: domaincontroller /test:knowsofroleholders /verbose
· dcdiag /s: domaincontroller /test:fsmocheck
If the domain controller hosts encrypted documents,
· perform the following procedure before you remove Active Directory to ensure that the encrypted files can be recovered after Active Directory is removed: Export a certificate with the private key http://go.microsoft.com/fwlink/?LinkId=20039
· dcpromo
If the domain controller hosts encrypted documents
· and you backed up the certificate and private key before you remove Active Directory, perform the following procedure to re-import the certificate to the server: Import a certificate http://go.microsoft.com/fwlink/?LinkId=20040
· Open Active Directory Sites and Services.
· Expand the Sites container and expand the site of the Server object.
· Expand the Servers container, and then expand the Server object to view any Child objects
· Open Active Directory Sites and Services.
· Expand the Sites container, and then expand the site from which you want to delete a Server object.
· If no Child objects appear below the Server object, right-click the Server object, and then clickDelete.
No comments:
Post a Comment