Hi Yagmoth: If you recall you helped me back in February with a VMware cloning issue. In one of the threads you talked about cold cloning a domain controller and if not possible using Directory Restore to do it. Then you wrote: "If the clone don't work, another method is to do a system state of the physical server, and restore it in a VM with ntbackup (OS the same - Win2000) and take a snapshot after, if it work good after do the upgrade. (I did that path too, and it work good, but a lot more stress as you have to use a lot ntdsutil)" I have been doing exactly that. Taking a system state backup of my Windows 2000 server and on the clone of the Windows 2000 server, restoring the system state backup. In addition I export the HKLM\Software\Microsoft\DHCPServer\Configuration subkey to a file and copy DHCP.mdb to the destination clone. I also copy DNS directory files as well as HKLM\Software\Microsoft\Windows NT\CurrentVersion\DNS Server\Zones subkey to the destination clone as well. I don't know if this is enough. Please let me know if this is enough. But you mention also "you have to use a lot ntdsutil" in your statement. What did you mean by that?

I had to do that after the system state restore, but maybe it was not necessary. Startup in Directory Restore Mode (again after the ntbackup) ntdsutil <ENTER> authoritative restore< ENTER> restore database <ENTER> click yes After the restore, I changed that regkey; HKLM\system\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup >> BurFlags = d4 After I restarted in normal mode. Thats all MCP | MCTS 70-236: Exchange Server 2007, Configuring

Ah I see, you run an authoritative restore using the ntdsutil instead of NTBackup utility? Then reinitialize FRS replica sets because it is not included with the backup? I only have a single Windows 2000 DC, no other DCs, so it's always non-authoritative restore. There appears to be DFS running on it or there is a directory linked with DFS. But it is not terribly important since everyone accesses files via sharename anyway. Do you think these steps are necessary then? Or just going by way of NTBackup restore is good enough?

In your case just the ntbackup should be ok! I read that in the kb i list below. "During a typical file restore operation, Microsoft Windows Backup operates in nonauthoritative restore mode. In this mode, Windows Backup restores all files, including Active Directory objects, with their original Update Sequence Number (USN) or numbers." "When you nonauthoritatively restore a naming context that contains a single replica, you actually perform an authoritative restore." http://support.microsoft.com/kb/241594 http://support.microsoft.com/kb/240363 In my case I had to make the restore with ntbackup and restore it after with ntdsutil, but again I followed some other KB.MCP | MCTS 70-236: Exchange Server 2007, Configuring

Gotcha....in your opinion, is there any order to what I should restore first? Active Directory system state first, then dhcp, then dns? Or it doesn't matter?

The order is simple. You do the backup, you close the physical server (really important! no joke) You then prepare the VM for the restore (in exemple, if the physical's server is 1 cpu, then make the vm 1 cpu to match the HAL). You apply the restore and all steps. After the reboot you will have only to give back the ip. When you will boot, the dhcp and dns will be there.. it restore all the system back.. so really important to keep the old server down. After you test your AD, if everything is ok, you leave it that way, else if you can't debug the VM you close it and restart the true DC. I must ask, if you have the licence, why you don't dcpromo another server and let all the AD replicate ?? A LOT easier :) MCP | MCTS 70-236: Exchange Server 2007, Configuring

There is a problem with dcpromo remember? It cannot replicate a crucial administrator object in AD, so it fails every time. I can't fix it, MS won't touch it. Keeping an up-to-date clone of the DC is probably the only way to stay safe for now, until we move off of Windows 2000.