TechSpot

Replacing a Windows 2003 AD DS server with a 2008 R2 AD DS server

By pyromaster114
Jan 26, 2013
Post New Reply
  1. We had:

    1) 1 Windows Server 2003 running Active Directory services to manage logon and permissions for file sharing.
    2) 15 workstations.

    We now want to have:

    1) 1 Windows Server 2008 R2 server running Active Directory services to manage logon and permissions for file sharing.
    2) 15 same workstations, with their same user profiles.

    So I joined the 2008 R2 server to the domain, and then used the dcpromo tool to make it a domain controller.

    Problem is, whenever I take the old server offline, (the 2003 one) everything flips out, logons are slow, and the 2008 server gives people trying to access shared files weird errors like that the server that authenticated them cannot be contacted, and asks them to log in again with their username and password before accessing shared files on the server.

    What did I do wrong? I must be forgetting something.
  2. wrt54gs7

    wrt54gs7 TS Enthusiast Posts: 131

    1. Transfer all FSMO roles to your 2008 R2 server
    2. Uninstall AD on 2003 server
    3. You can now permanently take 2003 server offline
  3. pyromaster114

    pyromaster114 TS Maniac Topic Starter Posts: 395

    Okay, I transferred the roles, but it says that the domain controller cannot be contacted when I try and use dcpromo.exe to demote the old 2003 one.
    Can I just force this in some way?
  4. wrt54gs7

    wrt54gs7 TS Enthusiast Posts: 131

    It is much easier and safer to transfer the roles than seize (force) it. Your server 2003 must be online (connected to the network) while transferring the roles. You are transferring the roles from your server 2003 to your server 2008, so 2003 server must be online.
  5. pyromaster114

    pyromaster114 TS Maniac Topic Starter Posts: 395

    It refuses to let me run dcpromo on the old one. Some thing's up with it, evidently.

    All the roles have been transfered (some had to be seized because it wouldn't allow me to transfer them) over, I have just not been able to demote the old 2003 server as it tells me that 'a domain controller cannot be contacted that has an account for this machine.'
    Should I just check the box that says 'this is the last domain controller for this domain'?

    Or I could go in and delete the domain controller (the old one) from the Active Directory Users and Computers section on the new server.
  6. wrt54gs7

    wrt54gs7 TS Enthusiast Posts: 131

    DO NOT CHECK 'this is the last domain controller for this domain', you are not removing the whole domain. After the FSMO roles have been transferred, disconnect server 2003 from the network and check user access for any problems. If there are no problems, you can delete the DC(server 2003 machine) on Active Directory Users and Computers on your server 2008 machine.
  7. pyromaster114

    pyromaster114 TS Maniac Topic Starter Posts: 395

    One user access issue that seems to be happening, is that when a user (who is logged onto the domain) tries to access a share on the new server, they are prompted for their username and password. (Even though the shares are set to 'Everyone'.)

    If they enter their logon username and password, then they're fine. They can use the share just fine until they log off and on again... then they have to resubmit their user info to access the share for some reason.

    Previously, if you were logged onto the domain, you didn't have to log on again if you were accessing a share on the server.
  8. wrt54gs7

    wrt54gs7 TS Enthusiast Posts: 131

    Is there no option to save/remember credentials (check box) while accessing the share?
  9. pyromaster114

    pyromaster114 TS Maniac Topic Starter Posts: 395

    There is... it doesn't work.

    Below the box, it says that it detects that something 'may be trying to compromise the security of the network' and that I should 'make sure to ensure I can still contact the server that authenticated me'.
  10. wrt54gs7

    wrt54gs7 TS Enthusiast Posts: 131

    Restart the pc, make sure it appears in the list of computers on Active Directory Users and Computers.
  11. pyromaster114

    pyromaster114 TS Maniac Topic Starter Posts: 395

    It does... all the computers appear in the list... and they all do the same thing apparently.

    Here's a picture of the dialogue box that pops up... not that it's extremely descriptive.

    Attached Files:

     
  12. wrt54gs7

    wrt54gs7 TS Enthusiast Posts: 131

    Shutdown the pc, delete the pc in the list of computers in Active Directory Users and Computers. Power on the pc. Or re-join them to the domain.
  13. pyromaster114

    pyromaster114 TS Maniac Topic Starter Posts: 395

    Well, we've shut down the old one, or rather it is refusing to start now (hardware issue), so we're gonna see if we can't get it to work by the method you mentioned, and if not, we'll just create an entirely new domain... there's only 20 workstations, so it's not a big deal I guess.

    Thanks for the help though. :3
  14. wrt54gs7

    wrt54gs7 TS Enthusiast Posts: 131

    No problem... You may also check if the DNS server entries of your clients points to your new DC.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.