Cloning W2K server, then upgrading clone to W2K3?
I am currently running a Windows 2000 Advanced Server SP4 and need to get away from it to a supported build. Since it is the only domain controller I did not want to do any sort of in-place upgrade to it, for fear it might crash or blue screen. Furthermore I CANNOT dcpromo another machine to that Windows 2000 server because there is something wrong in the AD. Something is not replicating properly during the dcpromo Instead I used VMware Converter to create a hot-clone of the server, then ran an in-place upgrade of the clone. It succeeded in becoming a Windows 2003 R2 Server running on VMware ESX. Now I have two version of the same server. However, due to time issues, I have not made the transition over yet. It has been several weeks already. The Windows 2000 server is still in play while the cloned 2003 server is running on the side. My question is: 1) If I simply swap out the 2000 server with the new 2003, would that cause any issues with clients on the network? 2) If I create a new user on the 2000 server and I create the same exact user on the cloned 2003 server, would that cause any issues later on when I conduct the swap? 3) What about the DHCP leases? Would that cause any issues going from the active 2000 server to the new 2003 server after so long? First of all cloning a domain controller is not a good practice, if you do so, you might end up with unforeseen issues. As you are trying to migrate your AD, I would suggest you to post this question in Migration forum to get better and definitive answers. http://social.technet.microsoft.com/Forums/en-US/winserverMigration/threads Also, please refer similar thread... Upgrading / Migrating from server 2000 to server 2003 http://social.technet.microsoft.com/Forums/en-US/winserverMigration/thread/673cae3e-051b-46f5-83c2-1979eaef52c9 Most of the downtime's are caused because of SysAdmin's curiosity ! - Santosh
February 25th, 2012 11:25am

Hello, BEFORE upgrading to a new OS DC the current domain MUST be healthy, so solve that problem FIRST. All other tasks aree done on your own risk and cloning DCs is NOT SUPPORTED operation. So please use the support tools and provide the following output fies. ipconfig /all >c:\ipconfig.txt [all DCs] dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt netdiag /v >c:\netdiag.txt [from each DC, netdiag may work but isn't supported with Windows server 2008 and don't run on Windows server 2008 R2] repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt ["dc* is a place holder for the starting name of the DCs if they all begin the same (if more then one DC exists)] dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045) As the output will become large, DON'T post them into the thread, please use Windows Sky Drive(with open access!) http://explore.live.com/windows-live-skydrive and add the link from it here. Also the /e in dcdiag scans the complete forest, so better run it on COB. Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
February 25th, 2012 1:41pm

I am currently running a Windows 2000 Advanced Server SP4 and need to get away from it to a supported build. Since it is the only domain controller I did not want to do any sort of in-place upgrade to it, for fear it might crash or blue screen. Furthermore I CANNOT dcpromo another machine to that Windows 2000 server because there is something wrong in the AD. Something is not replicating properly during the dcpromo Instead I used VMware Converter to create a hot-clone of the server, then ran an in-place upgrade of the clone. It succeeded in becoming a Windows 2003 R2 Server running on VMware ESX. Now I have two version of the same server. However, due to time issues, I have not made the transition over yet. It has been several weeks already. The Windows 2000 server is still in play while the cloned 2003 server is running on the side. My question is: 1) If I simply swap out the 2000 server with the new 2003, would that cause any issues with clients on the network? 2) If I create a new user on the 2000 server and I create the same exact user on the cloned 2003 server, would that cause any issues later on when I conduct the swap? 3) What about the DHCP leases? Would that cause any issues going from the active 2000 server to the new 2003 server after so long?
February 25th, 2012 6:44pm

1) Put a short DHCP lease, and point the DNS server to your new DC if you change the IP of it. 2) The SID could not match. A switch like that, you better do the clone AND close the Win 2000 DC right away before restarting the clone. After you give the same IP to your new clone if you have to remake the net card configuration. 3) If the IP is the same your client will see nothing wrong. You can put a short DHCP lease before the switch, to be sure your new DHCP will be used in case you can't restart your client computer. MCP | MCTS 70-236: Exchange Server 2007, Configuring
Free Windows Admin Tool Kit Click here and download it now
February 25th, 2012 9:41pm

Santosh, I don't have any other choice. I do not want to touch the actual DC just in case something bad happens. I will cross post to Migration forums and see what happens.
March 10th, 2012 8:19am

Meinolf: Actually I have identified the exact issue. The issue is that the built-in Administrator account is NOT replicating over during the DCpromo process. Somehow, someway the isCriticalSystemObject for that is set to FALSE instead of true and I don't have a way to change that. If I try to change that in ADSIEdit it tells me I don't have permissions because SAM owns it.
Free Windows Admin Tool Kit Click here and download it now
March 10th, 2012 8:21am

Does you can change it when in active directory restore mode ? When I clone a DC for xenserver you must be in ad restore mode to have it work. The server unlock the file in that mode. In vmware I think it handle the process better and you can even not be in restore mode. But in all case maybe you can change the user setting when logged in that mode.MCP | MCTS 70-236: Exchange Server 2007, Configuring
March 10th, 2012 1:01pm

Yagmoth555: You did the same thing? You cloned a DC and put it into production and it worked?
Free Windows Admin Tool Kit Click here and download it now
March 10th, 2012 2:42pm

Yes, I did it in rare situation. (3 times on different customer, no callback at the moment, for one customer he had 2 DC, and the clone repliced at 100% no problem) I had to go in Directory Restore mode, and clone it from there... After I close the physical server, and then I start the virtual server and I hopped everything was ok. (I only had to re-configure the NIC to the same IP, and after another restart the server start to work good. I quote from VMWare KB: (http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006996) "Cold clone the server. If a cold clone is not possible, start the server in Directory Recovery mode and perform a hot conversion. Failure to use Directory Recovery mode may result in an incomplete and corrupted copy of NTDS.DIT" If the clone don't work, another method is to do a system state of the physical server, and restore it in a VM with ntbackup (OS the same - Win2000) and take a snapshot after, if it work good after do the upgrade. (I did that path too, and it work good, but a lot more stress as you have to use a lot ntdsutil) Important; you need a parachute if you do it, and your parachute in all those scenario is to keep the old server shutdown in case the new doesn't work. AND most of all a system state backup fully functionnal. MCP | MCTS 70-236: Exchange Server 2007, Configuring
March 10th, 2012 3:26pm

I see. The method I used was by way of the vmware agent installed locally on the DC and then a live P2V clone from there. Why did u have to go into Directory Restore mode?
Free Windows Admin Tool Kit Click here and download it now
March 10th, 2012 3:33pm

I used xenconvert, the tool is less good to make a P2V of a DC, but my collegue did the same with VMWare and it worked good, it's more a converter issue I think. If the agent work in Directory Restore mode I would suggest that way because of the warning VMWare do for the DC (file NTDS.DIT locked by Windows) In that mode Windows release that file.MCP | MCTS 70-236: Exchange Server 2007, Configuring
March 10th, 2012 4:06pm

It doesn't change, no.
Free Windows Admin Tool Kit Click here and download it now
March 10th, 2012 4:47pm

Then I still think that point #2 earlier is the way to go. You clone, upgrade your DC, then switch all user on it. I did the cloning step a lot of time for making a P2V overnight of a DC and I never got any error. MCP | MCTS 70-236: Exchange Server 2007, Configuring
March 10th, 2012 11:13pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics