# Windows 2003 Server and Windows 2008 Server



## sblair_5 (Feb 24, 2010)

Hello,

I have a problem. I have a old Dell Windows 2003 Domain Controller server. We purchased a new server, the old is out of warranty, Insurance. 

The thought is to add the new Dell 2008 R2 server to the Domain and then prompt it to Domain controller and demote the 2003 to a member.

PS the Old server when booting takes time at Network settings. I can ping each other servers. I can map drives.

I cannot add the new server to the Domain. I get this error in the dcdiag file.

DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "DOMAIN":

The query was for the SRV record for _ldap._tcp.dc._msdcs.DOMAIN
The following domain controllers were identified by the query:
DOMAIN

However no domain controllers could be contacted.

Common causes of this error include:

- Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.

- Domain controllers registered in DNS are not connected to the network or are not running.

I made sure I have a (A) host on the old server existing Domain.

I have now run ADprep /forest; adprep /domain. Raised the Domain. Worked on DNS in the old server. Isolated both server so they are only ones on the router, with no outside connections.

I'm sure you will want more info, so ask and I shall provide.

Thanks....


----------



## djaburg (May 15, 2008)

Install Windows Server 2008 onto the new server which is intended to be promoted as a Domain Controller. Ensure the new server is assigned a routable static IP address on your IP subnet. Ensure the IP address is not included in any of your existing DHCP scopes. The only DNS server entry at this stage should be the IP address of the existing domain controller on your network.

After installation, join the new machine to the existing domain as a member server. This procedure is exactly the same as joining a workstation to the domain.

Since you are upgrading the Operating System on the new Domain Controller, you will need to add some values to the existing Active Directory schema, in order for the new server to become a Domain Controller. Windows Server 2008 supports more functionality than before, so a schema upgrade for the domain and forest is required to facilitate this and make this new feature set fully functional on the domain. To make the necessary changes, you must be logged on as the built-in Administrator user account, or a user with Domain, Schema and Enterprise Admin privileges.

Insert the Windows Server 2008 media into your current server . Open a command prompt and browse to sources\adprep folder within the Windows Server 2008 DVD media. Execute the command adprep /forestprep.

Next, execute adprep /domainprep . You must be logged on as a Domain Admin user for these steps to work correctly. Once these commands have run your Active Directory schema will have been extended to support Windows Server 2008 as a Domain Controller.

Promote the new server as a Domain Controller for the domain. Enter dcpromo at a command prompt and follow the wizard. When prompted, select the option for an additional domain controller in an existing domain. After the wizard completes, the new server will be acting as a Domain Controller for your domain. It is necessary at this point to restart the server for these changes to be applied.

In a single-domain Active Directory forest, all servers should also be Global Catalog servers. The Global Catalog is a required component of Active Directory which is used during logins to establish universal group membership for a user account. To promote the new server as a Global Catalog, open Active Directory Sites and Services from the Administrative Tools container within Control Panel or on the Start Menu. Double-click Sites, then Servers, followed by the name of the new server. Next, right-click "NTDS Settings" and select Properties. On the General tab, check the Global Catalog checkbox. Restart the new Domain Controller for changes to take effect.

If you wish the new server to become the holder of one or more Operations (FSMO) roles, you will need to transfer these roles to the new server. In a single-domain environment, you gain no benefits from spreading FSMO roles between Domain Controllers

The current FSMO role configuration for your network can be found by running the command "netdom query fsmo" at a command prompt on a Domain Controller.

To transfer one or more of these FSMO roles to the new domain controller, follow the information detailed in the following Microsoft Support article: How to view and transfer FSMO roles in Windows Server 2003. Please ensure any other information you follow is information regarding the TRANSFER of FSMO roles. Seizing FSMO roles is an emergency operation which should not be performed during this procedure.

DNS is a critical component of your Active Directory network. The easiest way to install the DNS role onto the new server is to follow the instructions outlined at Install a DNS Server You should be already using Active Directory-integrated DNS zones, which is the easiest method of allowing DNS replication to occur - DNS information is stored in Active Directory and replicates with Domain Controller replication traffic. To check if your DNS zones are AD-integrated (and convert them if not), please follow Primary and Active Directory Integrated Zones Differences.

You probably want to enable DNS forwarding in the DNS console on the server, too. This forwards lookups for external domains to a DNS server at your ISP, which allows the server to effectively resolve DNS for external domains. More information on forwarders can be found at Windows Server 2003.

To move DHCP to the new server, you will need to first install the role. To install the role in Windows Server 2008, check the DHCP Server role option within the Add Roles wizard in the Server Manager. To correctly configure DHCP after the role is installed on your new server, you will need to ensure you configure it to distribute IP addresses which are in a different range to the IP scope defined on the other DHCP server. You should also ensure the correct DNS and WINS servers are entered into the scope options. Remember that the only DNS servers which should be configured on workstations are the Domain Controllers which are also acting as DNS servers - no ISP DNS server should ever be set through DHCP.


----------



## sblair_5 (Feb 24, 2010)

Thank you for the response. 

My problem araises when trying to add the new server as a member to the Domain. I get the above mentioned error. I have not install Active Directory on the new server.
Under Network protocol on the New server I have a static IP, Subnet, Gateway, and a DNS entered pointing to the Old server. The IP is not in any scope. DHCP is ran on the Router. Not sure about the how to verify "Ensure the new server is assigned a routable static IP address on your IP subnet."

I enabled logging on the Old Server of the DNS entries. Filtered using the New Server IP address.

I have now raised the functionality of the old domain by doing adprep /forest and adprep /domain. Same error when tring to add it as a member.

Noit sure where to go from here.

Thanks....


----------



## Wand3r3r (Sep 17, 2010)

please provide the results of a ipconfig /all from the old and new server.


----------



## sblair_5 (Feb 24, 2010)

I have Attached the Ipconfig's.


----------



## Wand3r3r (Sep 17, 2010)

from the 2008 server do a nslookup VotTL and post the results.

Was there every another domain controller in the 2003 domain?


----------



## sblair_5 (Feb 24, 2010)

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\Administrator>nslookup vottl
Server: vottl.teton.lib.id.us
Address: 192.168.1.97

*** vottl.teton.lib.id.us can't find vottl: Server failed

I don't know. Some one else setup the 2003 domain.


----------



## sblair_5 (Feb 24, 2010)

I will not be around the Server tomorrow. I will be back on Wednesday...


----------



## Wand3r3r (Sep 17, 2010)

Clearly 2003 dns is messed up.

Your original error related to finding DOMAIN which doesn't appear to exist.
Nslookup found the server in dns but then says failed.

Normally AD is set to local.net but in your case you have multiple subdomains with vottl.teton.lib.id.us


----------



## sblair_5 (Feb 24, 2010)

What are the advantages/disadvantages of multiple subdomains? Why would we have it setup like that? I inheirted the server, thought something was wrong with it by how it boots, but couldn't track it down.

So should I redo DNS on the old server? Delete the current setting and then go through adding a DNS Server? We are small, we only have three work stations that connect to the Server and and then use a ip connection to run our Library software, which is Microsoft SQL Express based?

Thanks...


----------



## Wand3r3r (Sep 17, 2010)

I have no idea why someone would setup dns as they did. Usual reason is you belong to a large organization for that kind of setup but with only three workstations it doesn't sound like this is the case.

Might want to consider just setting up the 2008 server fresh as its own Forest/Domain as its first DC. You would need to join the workstations to the new domain and install the library/sql software on the server.

You ever setup a DC before?


----------



## sblair_5 (Feb 24, 2010)

Serveral years ago. I orginally was going to setup a new domain, but the orginal Company that set the first server up suggested I stay with the First Domain and just Migrate. The company is also our ISP provider and will need to change some of their DNS Records out in the world.

Am I over my head? As I said we are really small....


----------



## Wand3r3r (Sep 17, 2010)

" will need to change some of their DNS Records out in the world"

Not sure why this would need to happen. You did not mention you were doing web or email hosting on this 2003 server. Are you?


----------



## sblair_5 (Feb 24, 2010)

Well, I guess I forgot to mention that, sorry. Yes we do a Web hosting through our Library software.

Welcome to Valley of the Tetons Library


----------



## sblair_5 (Feb 24, 2010)

So I guess I lost you. Do you have any suggestions?


----------



## Wand3r3r (Sep 17, 2010)

Hosting complicates things as well as corrupt AD and DNS.

I would suggest abandoning the idea of joining the 08 server to the existing domain.
I would bring up the new 08 server as the first DC in the same forest name and same ip address as the 03 server. This way the isp should not have to make any changes to their dns or to the routers port forwarding for the web hosting.

It would just be a matter of transferring the web page to the 08 server.

I would suggest you get help on this.


----------



## djaburg (May 15, 2008)

I have to concur with Wand3r3r on this one. It seems silly to keep an incorrectly configured server running just to avoid migrating a web site. There are likely computer techs in the area that could and would do this quickly and easily. The only potential issue I could see with respect to the website would be migrating the DB over to the new server. Once the migration is done and everything is running as it should, you'll wonder why you waited.


----------



## sblair_5 (Feb 24, 2010)

THANKS....I had come to that conclusion this morning also....


----------



## sblair_5 (Feb 24, 2010)

So one more question can I use the same Domain name with the new server. The Old server will still be the primary domain controller for a couple of weeks while we continue to work on the new server. After we transfer, we will remove the old servers roles.


----------



## Wand3r3r (Sep 17, 2010)

I would suggest you get a small switch and connect the 08 server and a workstation to this switch. This will isolate it from the main network. This way you can configure the same forest and domain name as well as ip address. Once operational physically swap with the 03 machine. You would need to have the pcs join a workgroup and then rejoin the 08 domain.


----------



## djaburg (May 15, 2008)

The only issue I could see with either option is that likely the users will have different "profiles" even if the domain and userid are the same since the UID and SID will be different. Kind of sucks, but it may be the best way to get a nice clean start with a good server config.


----------

