Log in

No account? Create an account

Previous Web | Next Web

ok, so I'm in the progress of upgrading my windows 2000 servers, and the associated active directory, to windows server 2003 R2, a somewhat protracted and painful process so far...

ok, so the original plan was that because i had a harddisk failure on my backup domain controller, and had to reinstall it anyway, i'd use it as a temporary testbed, come migration system, and that i'd do the job gradually over a few days, with overnight periods for replication to catch up and stuff.

well, the original test installation was a plain server, no ADS, just so i could take a peek and see what had changed, where things had moved to, how painful the install was, etc. this went relatively ok, except when it came to the graphics driver... now, this machine has an ArtX adapter on-board, the drivers are only available for up-to w2k... so it had a little bit of irritation potential, but anyway, i installed it and it seemed to work, then i rebooted the machine and i still had vga mode. into display properties, and lo-and-behold, i have two graphics adapters; the artx and the vga! remove the vga driver using device manager, reboot and it works! easy(ish)!!!

so, the first thing for the AD migration is to go through the adprep process to make sure the ADS Schema is ready for 2k3, that is, using adprep from disk 2 of the Windows Server 2003 R2 CD set (why CD not DVD? well, one of the machines only has a 54x cdrom, anyway):

  • adprep /forestprep

  • adprep /domainprep

  • adprep /domainprep /gpprep

Next, i wipe the test 2k3 and install w2k as an ads domain controller and do all the updates. Checking in the AD shows that the Scheme update and thenSo, next I ran 2k3 setup to upgrade the machine.

This is where things first went wrong.

Turns out that for some reason, upgrading that machine to 2k3 looks as though it's worked, that is, setup will run completely for disk 1 and will reboot the machine for the last time, 2k3 will boot, the GUI will start, and it will get to either Preparing network connections... or Applying security policy... and then it will drop a BSoD..... it doesn't seem to fail at a consistent point in the start sequence either; one time, I got the Ctrl-Alt-Delete prompt, did the deathgrip and put in my password before it capitulated!

I spent a day or so deleting drivers, going through boot logs, etc in Safe Mode (oh yeah, that works!) to no avail, so I decided 'stuff it'....

So, a new plan was formulated... luckily, I was planning to reinstall my Master DC after I'd upgraded the Backup anyway... one of the reasons being that I partitioned the drive when the machine was new, so I kept the original Dell partitions (diag partition, WinXP OS partition and System Restore partition) on there, i just partition magic'd the OS partition into two and installed 2000 Server in the new half... I've not used XP on that machine since I got the DC sided of things configured, so I don't think I really need all those partitions!

So the new plan makes use of the XP OS partition for a temporary Master DC.

The (obvious) problem with the plan is that there's no way to directly sync the temporary DC with the original MDC... but I'd thought of that one... the unhappy 2k3 upgrade was duly turned off, cleaned out of the AD and reinstalled with w2k, then dcpromod back to DC status. It was then made into a Global Catalogue, and the Operation Master for RID, PDC Emulation, Infrastructure, Domain Naming and also the Schema Master.

So, now I have a temporary-temporary MDC and my now ex-Master DC. So, its restart the ex-M into 2k3 setup, and through the installation process. Being a clean install not an upgrade, this is easy :-) Log in, prompted for and stick in CD2, wait for it to run, all done... one 2003 Server, ready to be used.

Next is to install the R2 "Domain Controller Role" (I kinda like these Role thingies)... nice and painless.... things are starting to look easy now!

So, where are we at? Well, the temporary-temporary DC is currently Master, the temporary DC is running 2k3 and AD, and the original Master is offline but still in the AD.

So, what's next? Well, there's a temporary-temporary machine and its the Master DC; that's no good for the next big job, which is wiping it of w2k and clean-installing 2k3... so, more Operation Master changes, this time making the temporary 2k3 DC into the Master for all the FSMO Roles. Next, dcpromo on temporary-temporary, to remove DC-ness.

temp-temp is now offline.

All is good :-)

Now its time to delete temporary-temporary from the AD... so, into AD Users and Computer, find the Computer entry and delete... it moans about this being a container and it could be slow, well, thats fine, so 'ok', and...



Access denied!

This is another of those things that took ages to sort out... it involves using ntdsutil to zap the DC... but, zapping is intended for DC's that have died, not ex-DCs that are now computers... so firstly, temporary-temporary gets turned back on, dcpromo'd back to being a DC, then turned off again... then its command prompt time, and into ntdsutil. This isn't really all that bad, as MS command line tools go...

C:\> ntdsutil
ntdsutil: metadata cleanup
metadata cleanup: connections
server connections: set creds domain.dom.ain username *
Please enter password for $do.ma.in$\$user$: ************
server connections: connect to server temporary
Binding to temporary as domain.dom.ain\username...
Connected to temporary as domain.dom.ain\username.
server connections: quit
metadata cleanup: select operation target
select operation target: list sites
Found 1 site(s)
0 - CN=Domain,CN=Sites,CN=Configuration,DC=domain,DC=dom,DC=ain
select operation target: select site 0
Site - CN=Domain,CN=Sites,CN=Configuration,DC=domain,DC=dom,DC=ain
No current domain
No current server
No current Naming Context
select operation target: list domains in site
Found 1 domain(s)
0 - DC=domain,DC=dom,DC=</strong>ain</strong>
select operation target: select domain 0
Site - CN=Domain,CN=Sites,CN=Configuration,DC=domain,DC=dom,DC=ain
Domain - DC=domain,DC=dom,DC=ain
No current server
No current Naming Context
select operation target: list servers for domain in site
Found 2 server(s)
0 - CN=TEMPORARY,CN=Server,CN=Domain,CN=Sites,CN=Configuration,DC=domain,DC=dom,DC=ain
1 - CN=TEMP-TEMP,CN=Server,CN=Domain,CN=Sites,CN=Configuration,DC=domain,DC=dom,DC=ain
select operation target: select server 1
Site - CN=Domain,CN=Sites,CN=Configuration,DC=domain,DC=dom,DC=</strong>ain
Domain - DC=domain,DC=dom,DC=ain</strong>
Server - CN=TEMP-TEMP,CN=Server,CN=Domain,CN=Sites,CN=Configuration,DC=domain,DC=dom,DC=ain
        DSA object - CN=NTDS Settings,CN=TEMP-TEMP,CN=Server,CN=Domain,CN=Sites,CN=Configuration,DC=domain,DC=dom,DC=ain
        DNS host name - temp-temp.domain.dom.ain
        Computer object - CN=TEMP-TEMP,OU=Domain Controllers,DC=domain,DC=dom,DC=ain
No current Naming Context
select operation target: quit
metadata cleanup: remove selected server

ntdsutil then goes through the grind of deleting the AD bits... but even this didn't really work; I got various errors as the process ran... so next it was time to use two tools, a new one to me (looks like its a 2k3 addition), dsquery (coupled with find, which can be used like grep on unix) and ADSI Edit to seek and destroy references to temporary-temporary, atleast by name. The trick is to use
dsquery * -limit 0 | find /i  "temp-temp"

ADSI Edit is just a GUI on the AD tree structure... it lets you locate and delete stuff relatively easily.

I have no doubt that the AD is a little worse for wear having been through all this... I expect there are probably some Unique IDs in there that shouldn't be, for a start... but its better than it would have been if I left it alone. And I'd rather finish the w2k to 2k3 move before I think about maybe trying to clean it up more...

Having said that, I've started getting Error Log messages about replication on SysVol, so I'm going to have to look into those at somet point before I can finish this job by deleting the temporary Master DC, clearing out the original Master and clean-installing that machine with a relatively empty (I'm still gonna keep the ~40Mb Diag partition)

Anyway, having finally sorted out all the big AD problems, I've now installed the finalised 2k3 system onto the box that had the original harddisk problem (the one that was temporary-temporary), and its currently installing updates.

Not that the install went smoothly, oh no... more problems with the bloody graphics card! This time, it decided to throw a hissy-fit and initialise weird... i had a green desktop, like you'd expect from 16-bit colour, and it was 800x600 too, but it seems the whole two-adapter thing confused it, and it was trying to squish the primary display into the top inch or so of the screen... that is, the taskbar, etc... so anything that you can was in this screwy band at the top... eventually I managed to sort it out... once i worked out that stuff was actually running and i hadn't just got an inch of snow-crash! in the end, i could pop up the display propertied (right-click and up-arrow, then return) and move it around till it was visible (alt-space, enter, left-arrow, then roll the mouse around until the window outline appears, then left-click to drop the window), then I could get into the properties and tweak them... as I say, eventually I sorted it, but it took atleast an hour to fix... afterall, I could have reinstalled 2k3 again, but I'd have still had to sort out the display... better to persevere, I figured... atleast it was a challenge and woke my brain up a bit!

So anyway, the next task after ye olde updates, is likely to be sorting those SysVol problems, and once I'm sure replication is working right, I can wipe temporary and original and do the last 2k3 installation... that will be nice!!!!