Active Directory Migration From Windows Server 2000 to Windows Server 2016
- 詳細內容
- 分類: Windows
- 發佈: 2017-12-05, 週二 08:40
- 作者 Super User
- 點擊數: 23081
Active Directory Migration From Windows Server 2000 to Windows Server 2008 R2. Then Migration From Windows Server 2008 R2 to Windows Server 2016
WIN2K --> WIN2K8-R2
https://www.stevejenkins.com/blog/2010/01/migrating-an-active-directory-domain-controller-from-windows-2000-to-windows-2008-r2/
https://www.youtube.com/watch?v=OUQq0drYs24
http://www.jason-tang.com/files/it/operating-system/windows/AD-Win2000-To-Win2008-R2.mp4
SMC-FS:
AdsiEdit.msc
Domain NC[smc-fs.jason-tang.com]
->DC=smc,DC=com,DC=hk
->->OU=Domain Controllers
Delete SMC_NT
Run...
cmd
cd c:\winnt\system32
.\regsvr32.exe schmmgmt.dll
OK
mmc
Console-->Add/Remove Snap-in...
Add-->Active Directory Schema-->Add-->Close-->OK
Right Click "Active Director Schema" --> Operations Master...
Click the box before "The Schema may be modified on this Domain Controller."--> OK
Install SFU2-KB919938-X86 to C:\temp
cd C:\temp
C:\temp\Idmschupg.exe
C
......
52 entries modified successfully.
The command has completed successfully
Copy support Folder from WIN2K8-R2 DVD to C:\
cmd
cd C:\support\adprep
adprep32 /forestprep
C
......
Adprep successfully updated the forest-wide information. (<-If you don't get this Information, you can run adprep32 /forestprep again.)
adprep32 /domainprep
Running domainprep ...
Adprep detected that the domain is not in native mode
[Status/Consequence]
Adprep has stopped without making changes.
[User Action]
Configure the domain to run in native mode and re-run domainprep
Start-->Programs-->Administrative Tools-->Active Directory Users and Computers
Right Click-->jason-tang.com-->Properties-->General-->Domain mode--->Change Mode-->Yes-->Apply-->OK-->OK
Check the "Domain mode" on the smc-bs domain controller server(It took 10 minutes to finish in my test)
adprep32 /domainprep
Running domainprep ...
Adprep successfully updated the domain-wide information.
The new cross domain planning functionality for Group Policy, RSOP Planning
Mode, requires file system and Active Directory Domain Services permissions
to be updated for existing Group Policy Objects (GPOs). You can enable this
functionality at any time by running "adprep.exe /domainprep /gpprep" on the
Active Directory Domain Controller that holds the infrastructure operations
master role.
This operation will cause all GPOs located in the policies folder of the
SYSVOL to be replicated once between the AD DCs in this domain.
Microsoft recommends reading KB Q324392, particularly if you have a large
number of Group policy Objects.
adprep32 /domainprep /gpprep
Running domainprep ...
Domain-wide information has already been updated.
[Status/Consequence]
Adprep did not attempt to rerun this operation.
....
Adprep successfully updated the Group Policy Object (GPO) information.
WIN2K8-R2(smc-pdc and smc-bdc) join the AD(windows 2000 server) and then login as DOMAIN administrator
Start --> Check firewall status --> Turn Windows Firewall on or off --> Turn all the firewalls off
SMC-PDC:
dcpromo.exe
Click the box before "Use advanced mode installation" --> Next --> Next --> Existing forest --> Add a domain controller to an existing domain --> Next --> jason-tang.com -->
My current logged on credentials(SMC\administrator) --> Next --> Next --> Yes --> Next --> Next(DNS GC) --> Yes --> Replicate date over the network from an existing doman controller --> Next
Use this specific domain controller: --> smc-fs.jason-tang.com --> Next --> Next --> Password (and Confirm password) --> Next --> Export settings... --> Desktop --> smc-pdc --> Save --> OK --> Next --> Click the box before "Root on completion"
repadmin /syncall
......
CALLBACK MESSAGE: SyncAll Finished.
SyncAll terminated with no errors.
SMC-BDC:
dcpromo.exe
Click the box before "Use advanced mode installation" --> Next --> Next --> Existing forest --> Add a domain controller to an existing domain --> Next --> jason-tang.com -->
My current logged on credentials(SMC\administrator) --> Next --> Next --> Yes --> Next --> Next(DNS GC) --> Yes --> Replicate date over the network from an existing doman controller --> Next
Use this specific domain controller: --> smc-bs.jason-tang.com --> Next --> Next --> Password (and Confirm password) --> Next --> Export settings... --> Desktop --> smc-bdc --> Save --> OK --> Next --> Click the box before "Root on completion"
repadmin /syncall
......
CALLBACK MESSAGE: SyncAll Finished.
SyncAll terminated with no errors.
Transfer FSMO Roles and Set Up Any Additional Roles
1.Relative ID (RID) Master
2.PDC Emulator
3.Infrastructure Master
4.Domain Naming Master
5.Schema Master
smc-pdc:
Administrative Tools-->Active Directory Users and Computers
Right Click (jason-tang.com) --> Operations Masters...
-->RID---> Change...--> Yes -->OK
-->PDC---> Change...--> Yes -->OK
-->Infrastucture---> Change...--> Yes -->OK --> Close
repadmin /syncall
smc-fs:
Programs --> Administrative Tools --> Active Directory Users and Computers
Right Click (jason-tang.com) --> Operations Masters... --> Check the settings --> Close
smc-pdc:
Administrative Tools --> Active Directory Domains and Trusts
Right Click (Active Directory Domains and Trusts [smc-pdc.jason-tang.com]) --> Operations Master... --> Change... --> Yes --> OK --> Close
repadmin /syncall
smc-fs:
Programs --> Administrative Tools --> Active Directory Domains and Trusts
Right Click (Active Directory Domains and Trusts) --> Operations Master... Check the setting --> Close
smc-pdc:
Run...
cmd
cd c:\windows\system32
.\regsvr32.exe schmmgmt.dll
OK
mmc
File --> Add/Remove Snap-in...
Active Directory Schema --> Add --> OK
Right Click (Active Directory Schema[smc-fs.jason-tang.com]) --> Change Active Directory Domain Controller...
Current Directory Server:
smc-fs.jason-tang.com
Change to:
smc-pdc.jason-tang.com
--> OK --> OK
Right Click (Active Directory Schema[smc-pdc.jason-tang.com]) --> Operations Master... --> Change... --> Yes --> OK --> Close
repadmin /syncall
netdom query fsmo
Schema master smc-pdc.jason-tang.com
Domain naming master smc-pdc.jason-tang.com
PDC smc-pdc.jason-tang.com
RID pool manager smc-pdc.jason-tang.com
Infrastructure master smc-pdc.jason-tang.com
The command completed successfully.
smc-fs:
Run...
cmd
mmc
Console --> Add/Remove Snap-in... --> Add --> Active Directory Schema --> Add --> Close --> OK
Right Click (Active Directory Schema) --> Operations Master... --> Check the setting (Current Focus:smc-pdc.jason-tang.com) --> Cancel
netdom query fsmo
Schema master smc-pdc.jason-tang.com
Domain naming master smc-pdc.jason-tang.com
PDC smc-pdc.jason-tang.com
RID pool manager smc-pdc.jason-tang.com
Infrastructure master smc-pdc.jason-tang.com
The command completed successfully.
How to migrate a DHCP database from Windows 2000 Server to Windows Server 2008 or Windows Server 2008 R2:
https://blogs.technet.microsoft.com/networking/2009/11/09/how-to-migrate-a-dhcp-database-from-windows-2000-server-to-windows-server-2008-or-windows-server-2008-r2/
smc-fs:
Run...
cmd
net stop dhcpserver
cd %systemroot%\system32\dhcp
jetpack dhcp.mdb temp.mdb
Compacted database dhcp.mdb in 0.250 seconds.
moving temp.mdb => dhcp.mdb
jetpack completed successfully.
Install the Dhcpexim.exe utility, and then start the Dhcpexim.exe utility.
cd C:\Program Files\Resource Kit
Dhcpexim.exe
Click "Export configuration of the local service to a file" --> OK --> Enter a file name in the "File name" box: C:\dhcpdatabase.txt --> Save
Click the scope --> Click the check box before "Disable the selected scopes on local machine before export" --> Export --> OK (The operation completed successfully.)
Click Start --> Programs --> Administrative Tools --> Services
Right click "DHCP Server" --> Stop
Right click "DHCP Server" --> Properties --> Startup type: Disabled --> OK --> Close
smc-fs and smc-bs:
Change the IP addresses of DNS.
smc-fs:
Run...
cmd
dcpromo.exe --> Next --> OK --> Next --> Enter the password and confirm password --> Next --> Next --> Finish --> Restart Now
smc-bs:
Run...
cmd
dcpromo.exe --> Next --> Next --> Enter the password and confirm password --> Next --> Next --> Finish --> Restart Now
smc-fs and smc-bs login as local administrator:
Uninstall DNS,DHCP,WINS
Start --> Settings --> Control Panel --> Add/Remove Programs --> Add/Remove Windows Components --> Networking Services --> Details...
Unclick (DNS, DHCP, WINS) --> OK --> Next --> Next --> Finish --> Close
smc-fs and smc-bs:
Change the name and IP address of the servers.
smc-fs --> smc-fs-old (IP: 192.168.1.249 --> 192.168.1.246)
smc-bs --> smc-bs-old (IP: 192.168.1.253 --> 192.168.1.251)
Copy the file C:\dhcpdatabase.txt from smc-fs to smc-pdc C:\dhcpdatabase.txt.
smc-pdc:
Click Start --> Administrative Tools --> Server Manager --> Roles --> Add Roles --> Next --> Select the "DHCP Server" --> Next --> ...(Follow the instructions in the Add Roles Wizard to complete the installation.)... --> Install --> Close
Run...
cmd
netsh dhcp server import C:\dhcpdatabase.txt all
Command completed successfully.
Click Start --> Administrative Tools --> DHCP
Change the IP addresses of Time,DNS and WINS Server.
smc-pdc and smc-bdc:
Change the IP addresses of DNS.
WINS:
WIN2K8-R2(smc-pdc and smc-bdc) install WINS Server and Add Replication Partnet each other:
Click Start --> Administrative Tools --> Server Manager --> Features --> Add Features --> Select "WINS Server" --> Next --> Install --> Close
smc-pdc:
Click Start --> Administrative Tools --> WINS ---> SMC-PDC[192.168.1.250] --> Right click "Replication Partners" --> New Replication Partnet... --> Enter SMC-BDC ---> OK
smc-bdc:
Click Start --> Administrative Tools --> WINS ---> SMC-BDC[192.168.1.252] --> Right click "Replication Partners" --> New Replication Partnet... --> Enter SMC-PDC ---> OK
smc-pdc:
repadmin /syncall
Start --> Administrative Tools --> Active Directory Users and Computers
Right Click jason-tang.com --> Raise domain functional level...
Current domain functional level:
Windows 2000 native
Select an available domain functional level:
Windows Server 2008 R2
--> Raise --> OK --> OK
repadmin /syncall
Start --> Administrative Tools --> Active Directory Domains and Trusts
Right Click (Active Directory Domains and Trusts [smc-pdc.jason-tang.com]) --> Raise Forest Functional Level...
Current forest functional level:
Windows 2000
Select an available forest functional level:
Windows Server 2008 R2
--> Raise --> OK --> OK
Start --> Administrative Tools-->Active Directory Users and Computers
Right Click jason-tang.com --> Computers
Delete smc-fs and smc-bs
WIN2K8-R2 --> WIN2016:
https://www.youtube.com/watch?v=RCX_1A_-UZU
http://www.jason-tang.com/files/it/operating-system/windows/AD-Win2008-R2-To-Win2016.mp4
WIN2016(smc-fs and smc-bs) join the AD(windows 2008 server) and restart
Login WIN2016(smc-fs and smc-bs) as DOMAIN administrator and then install AD DS and Add as a domain controller to an existing domain.
smc-fs(WIN2016):
Start --> Server Manager --> Add roles and features --> Next --> Next --> Select a server from the server pool (smc-fs) --> Next
Click "Active Directory Domain Services" --> Add Features --> Next --> Next --> Next --> Install --> Click "Promote this server to a domain controller"
Click "Add a domain controller to an existing domain" --> Domain: jason-tang.com --> SMC\administrator(Current user) --> Next
Type the password and confirm password of DSRM --> Next --> Next --> Replicate from: smc-pdc.jason-tang.com --> Next --> Next --> Next --> Install
This server was successfully configured as a domain controller.<-- The server will restart automatically.
smc-bs(WIN2016):
Start --> Server Manager --> Add roles and features --> Next --> Next --> Select a server from the server pool (smc-fs) --> Next
Click "Active Directory Domain Services" --> Add Features --> Next --> Next --> Next --> Install --> Click "Promote this server to a domain controller"
Click "Add a domain controller to an existing domain" --> Domain: jason-tang.com --> SMC\administrator(Current user) --> Next
Type the password and confirm password of DSRM --> Next --> Next --> Replicate from: smc-bdc.jason-tang.com --> Next --> Next --> Next --> Install
This server was successfully configured as a domain controller.<-- The server will restart automatically.
smc-fs(WIN2016):
Login smc-fs as domain administrator
netdom query fsmo
Schema master smc-pdc.jason-tang.com
Domain naming master smc-pdc.jason-tang.com
PDC smc-pdc.jason-tang.com
RID pool manager smc-pdc.jason-tang.com
Infrastructure master smc-pdc.jason-tang.com
Start --> Windows Administrative Tools --> Active Directory Users and Computers --> Right click "jason-tang.com" --> Operations Masters... --> RID --> Change... --> Yes -->OK
PDC --> Change... --> YES --> OK --> Infrastructure --> Change... --> YES --> OK --> Close
netdom query fsmo
Schema master smc-pdc.jason-tang.com
Domain naming master smc-pdc.jason-tang.com
PDC smc-fs.jason-tang.com
RID pool manager smc-fs.jason-tang.com
Infrastructure master smc-fs.jason-tang.com
The command completed successfully.
Start --> Windows Administrative Tools --> Active Directory Domains and Trusts --> Right click "Active Directory Domains and Trusts[smc-fs.jason-tang.com]" --> Operations Master... Change... --> Yes -->OK --> Close
netdom query fsmo
Schema master smc-pdc.jason-tang.com
Domain naming master smc-fs.jason-tang.com
PDC smc-fs.jason-tang.com
RID pool manager smc-fs.jason-tang.com
Infrastructure master smc-fs.jason-tang.com
The command completed successfully.
Run...
cmd
cd c:\windows\system32
.\regsvr32.exe schmmgmt.dll
OK
mmc
File --> Add/Remove Snap-in... --> Active Directory Schema --> Add --> OK
Right click (Active Directory Schema[smc-pdc.jason-tang.com]) --> Change Active Directory Domain Controller...
Current Directory Server:
smc-pdc.jason-tang.com
Change to:
smc-fs.jason-tang.com
--> OK --> OK
Right click (Active Directory Schema[smc-fs.jason-tang.com]) --> Operations Master... --> Change --> Yes --> OK --> Close
netdom query fsmo
Schema master smc-fs.jason-tang.com
Domain naming master smc-fs.jason-tang.com
PDC smc-fs.jason-tang.com
RID pool manager smc-fs.jason-tang.com
Infrastructure master smc-fs.jason-tang.com
The command completed successfully.
Migration from 2008 R2 server to 2016 DHCP:
https://www.youtube.com/watch?v=EMZerVfdxpI
http://www.jason-tang.com/files/it/operating-system/windows/DHCP-Win2008-R2-To-Win2016.mp4
smc-pdc(WIN2008):
Run...
cmd
netsh dhcp server export C:\dhcpbackup.txt all
Command completed successfully.
Click Start --> Administrative Tools --> Services
Right click "DHCP Server" --> Stop
Right click "DHCP Server" --> Properties --> Startup type: Disabled --> OK --> Close
smc-fs(WIN2016):
Click Start --> Server Manager --> Manage --> Add Roles and Features --> Next --> Next --> Next --> Select the "DHCP Server" --> Add Features --> Next --> Next --> Next --> Install --> Close(Installation succeeded on smc-fs.jason-tang.com)
Copy the file C:\dhcpbackup.txt from smc-pdc(WIN2008) to smc-fs(WIN2016) C:\dhcpbackup.txt.
cmd
netsh dhcp server import C:\dhcpbackup.txt all
Command completed successfully.
Click Start --> Windows Administrative Tools --> DHCP --> Scope Options
Change the IP addresses of Time,DNS and WINS Server.
smc-fs and smc-bs:
Change the IP addresses of DNS.
WINS:
smc-pdc and smc-bdc:
Click Start --> Administrative Tools --> Services
Right click "WINS" --> Stop
Right click "WINS" --> Properties --> Startup type: Disabled --> OK --> Close
WIN2016(smc-fs and smc-bs) install WINS Server and Add Replication Partnet each other:
Click Start --> Server Manager --> Manage --> Add Roles and Features --> Next --> Next --> Next --> Next --> Select "WINS Server" --> Add Features --> Next --> Install --> Close(Installation succeeded on smc-fs.jason-tang.com)
smc-fs:
Click Start --> Windows Administrative Tools --> WINS ---> SMC-PDC[192.168.1.249] --> Right click "Replication Partners" --> New Replication Partnet... --> Enter SMC-BS ---> OK
smc-bs:
Click Start --> Windows Administrative Tools --> WINS ---> SMC-BDC[192.168.1.253] --> Right click "Replication Partners" --> New Replication Partnet... --> Enter SMC-FS ---> OK
smc-pdc and smc-bdc:
Change the IP addresses of DNS.
smc-pdc:
Run...
cmd
dcpromo.exe --> Next --> OK --> Next --> Enter the password and confirm password --> Next --> Next --> Click Reboot on completion
Start --> Right click "Computer" --> Properties --> Change settings --> Change... --> Click "Workgroup" --> Type WORKGROUP --> OK --> OK --> OK --> OK --> Close --> Restart Now
smc-bdc:
Run...
cmd
dcpromo.exe --> Next --> OK --> Next --> Enter the password and confirm password --> Next --> Next --> Click Reboot on completion
Start --> Right click "Computer" --> Properties --> Change settings --> Change... --> Click "Workgroup" --> Type WORKGROUP --> OK --> OK --> OK --> OK --> Close --> Restart Now
Migrate File Server Keep NTFS Permission:
https://www.youtube.com/watch?v=uLFvkUqKpeU
http://www.jason-tang.com/files/it/operating-system/windows/Migrate-File-Server-Keep-NTFS-Permission.mp4
Start --> Server Manager --> Manage --> Add Roles and Features --> Next --> Next --> Next --> Next --> Click the box before ".NET Framework 3.5 Features" --> Next
Click "Specify an altemate source path" --> Path: "F:\sources\sxs"(F:<--The driver which is the WIN2016 DVD in) --> OK --> Install --> Close
Install File Server Migration Toolkit 64 bit
Click "File Server Migration Wizard" --> New... --> Next --> Type Name: and Location: --> Next --> Yes --> Click "Use the following DSF root server" --> Next --> Type Location: D:\Share --> Finish
Add Server... --> Server: smc-fs-old --> OK --> Click + --> Chose the Share Folders you want to migrate --> Continue --> OK --> Continue --> Continue --> Yes --> Success - Migration --> OK --> Close
Disabled Downloaded Maps Manager:
Start --> Windows Administrative Tools --> Services --> Right click "Downloaded Maps Manager" --> Properties --> Startup type: Disabled --> OK --> Close