Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Adding Win2k3 backup DC to win2k domain

Status
Not open for further replies.
djpingpong

djpingpong

Programmer
Jul 6, 2004
70
As the title suggests, I'm looking to add a win2k3 sp1 backup domain control into a win2k domain.

Now, I've searched high and low on how to do this... but because everyone's situation is a bit different, I want to make sure that I'm doing the right thing

We have a small network here... with only 1 Win2k SP3 acting as the Domain Controller. Now, I want to add a second (backup) domain controller on a Win2k3 SP1 machine to get some fault tolerance and load balancing in our network

I wasn't researching hard enough when I initially tried to make the win2k3 computer into the domain controller.. hence, I receive an error saying that the forest and domain is ready for a win2k3 DC
Second time around, I would like to double-triple-check before i jump into the installation process again.

What do I do?
do I just run ADPrep /forestprep and ADPrep /domainprep on the win2k DC and that's it? I can turn the win2k3 into another DC?

Is there any advices or pre-requisites before I do anything to the win2k machine? because I can't mess up the win2k machine... it's the heart and soul of this entire business and I don't want to be responsible for bringing down the network.
 
Sort by date Sort by votes
To start with you need to bring the 2k server up to SP4 and install any additional updates that are available also. Then use the following link for info on adprep for the 2k server.


And if you have exchange 2000 server installed you will need this link also.


Hope this helps,

RoadKi11
 
Upvote 0 Downvote
We don't run Exchange on our networks.
But do I have to update it to SP4? I thought as long as it's higher than SP2?

Also, I forgot to ask in my initial post... but since I only have one domain controller in our network, does it make that computer the schema operations master and the infrastructure master?
 
Upvote 0 Downvote
You could be right about SP2 but i would put it at SP4 unless you have a compelling reason not to. And yes if you only have 1 domain controller it is the master of everything, FSMO roles and glogal catalog.

RoadKi11
 
Upvote 0 Downvote
Ok, so i did upgrade to SP4 on the domain controller
I finally got the nerves to adprep the win2k machine and then it failed on me... this was the error msg that I got... does anyone know what the heck it means?

****************************************************

Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=UID,CN=Schema,CN=Configuration,DC=wweld,DC=com.

LDAP API ldap_search_s() finished, return code is 0x20

Adprep successfully determined whether Microsoft Windows Services for UNIX (SFU) is installed or not. If adprep detected SFU, adprep also verified that Microsoft hotfix Q293783 for SFU has been applied.

Adprep was unable to upgrade the schema on the schema master.

[Status/Consequence]

The schema will not be restored to its original state.

[User Action]

Check the Ldif.err log file in the C:\WINNT\system32\debug\adprep\logs\20061026124120 directory for detailed information.

Adprep was unable to update forest-wide information.

[Status/Consequence]

Adprep requires access to existing forest-wide information from the schema master in order to complete this operation.

[User Action]

Check the log file, Adprep.log, in the C:\WINNT\system32\debug\adprep\logs\20061026124120 directory for more information.
 
Upvote 0 Downvote
Understand, by adding a 2003 Domain Controller (There is no "backup domain controller" or "primary domain controller" - everything is a domain controller - that's it), you are effectively upgrading your domain to the 2003 Active Directory format.

Did you check the error logs you were told to? If you don't understand them, then post copies of the errors in the logs here and perhaps one of us can help you.

Here are some links that should get you going for upgrading a 2000 domain to 2003:

Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003 Domain

Hotfixes to install before you run adprep /Forestprep on a Windows 2000 domain controller to prepare the Forest and domains for the addition of Windows Server 2003-based domain controllers

Commodore.ca | Windows | How To Upgrade Windows 2000 Domain to Windows 2003 Server
Quote from the top of this article: "Several glossy Microsoft presenters have stated that all you need to do to complete a Windows 2003 Domain upgrade is run ADPREP and then upgrade away. This may work for very small / simple environments but it is definitely not good advice for most companies. After upgrading five servers in two unrelated domains and installing many fresh copies of 2003 I can say that I personally would not skip a single step in the process I have developed below."

How can I transfer some or all of the FSMO Roles from one DC to another?

How To Create or Move a Global Catalog in Windows 2000

[If you run Exchange 2000] Windows Server 2003 adprep /forestprep Command Causes Mangled Attributes in Windows 2000 Forests That Contain Exchange 2000 Servers

Windows Server 2003 Upgrade Assistance Center

[If using R2 release of Windows 2003] Extending Your Active Directory Schema for New Features in Windows Server 2003 R2

How to move a DHCP database from a computer that is running Windows NT Server 4.0, Windows 2000, or Windows Server 2003 to a computer that is running Windows Server 2003

How can I move a DHCP database from one server to another?

How can I move DNS from one Windows 2000 Server to another Windows 2000 Server?
(Two Related if going 2000 to 2003 - read both before moving)
 
Upvote 0 Downvote
I am wondering if the user you used to run adprep had enough authority, the user should be domain admin, schema admin, and enterprise admin. might be over kill but i know thats enough to get the job done.

RoadKi11
 
Upvote 0 Downvote
I have read over all the links that you provided lwcomputing.
But i'm not tryin to upgrade my win2000 to win2003... i'm tryin to add a win2003 DC to the domain and have both running at the same time.

Roadki11, I'm logged into the win2k server as administrator... so I have full permissions.

Now, how about this? What if I try something a bit different. What if I make the win2k3 machine a domain controller in a new forest and new tree... and then I pass all the roles from the old DC to the new one... I could also setup DNS and DHCP on the win2k3 machines and point all the workstations to the new machine and not the old one.
Basically, I'm tryin to eliminate the old DC and promote a new one .. all in one shot, without too much down time... would that work?
 
Upvote 0 Downvote
To quote myself:
Understand, by adding a 2003 Domain Controller (There is no "backup domain controller" or "primary domain controller" - everything is a domain controller - that's it), you are effectively upgrading your domain to the 2003 Active Directory format.
Click to expand...

It doesn't mater if you're upgrading a 2000 server or not - by adding a 2003 domain controller, you ARE upgrading the DOMAIN to 2003.
 
Upvote 0 Downvote
I think we really want to resolve the issues with the 2000 domain controller. Can you post errors from the logs? You cant transfer the roles from one forest/domain to a different forest/domain. The new domain you create will have its own FSMO master. the easiest way is to get the 2k3 server promoted into the 2000 domain then transfer the roles to the 2k3 server and demote the 2k server. Other way to do it is create a new domain with the 2k3 server and use the Active Directory Migration Tool to migrate user and computer accounts over to the new domain. this second method may or may not be a "short down time" solution.

RoadKi11
 
Upvote 0 Downvote
You should run DCDIAG and NETDIAG on the 2k server and report any errors to us. I would add Enterprise Admin, Schema Admin, and Domain Admin to your administrator account and run adprep again if DCDIAG and NETDIAG report no errors.

RoadKi11
 
Upvote 0 Downvote
thank you guys for all of your help...
after careful consideration, we have change our project plan to stay with Windows 2000 Server instead of putting in a Win2k3 Domain Controller.

Thanks again for all the advices/tips/hints/etc...
 
Upvote 0 Downvote
Do what you're comfortable with, but in my opinion, this is not a wise choice. Unless you already have or intend on purchasing extended support from Microsoft. There's no problem adding a 2003 domain controller and upgrading the domain to 2003... just don't do it blindly and make sure you run a test run or two to be safe.
 
Upvote 0 Downvote
That's good advice... and i'll definitely take a deeper look into adding/upgrading a domain to 2003 on my own.

As for now, for my workplace... I just need to get the network cleaned up. Which is why I posted my next task in the Windows 2000 Server forum.

If you would like to help, feel free to provide any answers in my new thread:
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
607
DTGMI
DTGMI
goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
1K
goombawaho
goombawaho
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
372
ADB100
ADB100
goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
957
goombawaho
goombawaho
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
722
microsGuy16
microsGuy16

Part and Inventory Search

Sponsor

Back
Top