Promoting a Windows 2003 server to a domain controller in a 2000 environment
June 7, 2006
After months and months of complaining about the state of the hardware in our servers, they’ve finally got around to approving new servers (bit by bit). One of the first servers I wanted to upgrade was our domain controllers. One of them has a BIOS issue that HP won’t fix (but acknowledge exists) and the other is having drive issues. The servers are both so old that:
- It’s impossible to get drives for the servers without selling your family, and your soul to the devil.
- HP doesn’t support them any more.
So after finally getting approval for a new server, we got a nice shiney Dell ordered. PowerEdge 1850, mid-range, Windows 2003 R2. Our supplier is pretty good, they realized that purchasing a volume license for Windows is cheaper than purchasing a single license. And as we deal with a lot of servers, volume licensing certainly comes in handy.
So the server arrives, and while I’m waiting for it to build, I look into the promotion of the server to a domain controller. I’m researching this not because I don’t know how to run dcpromo but because Windows 2003 brings a whole lot more to Active Directory. This ultimately requires various updates to the AD environment. So after some reading about, Microsoft has a “guide” on how to do it in KB325379. Now the article is titled “How to upgrade Windows 2000 domain controllers to Windows Server 2003″, however the steps are identical all the way up to the point of actually upgrading Windows 2000 to Windows 2003.
The basic steps are:
- Make sure you have the latest patches on all domain controllers
- Make sure you are a Schema Admin
- Make sure you are an Enterprise Admin
- Run
dcpromo /forestprepfrom the schema operation master (FSMO) - Run
dcpromo /domainprepfrom the infrastructure operations master domain controller on each of the domains.
Okay, well windows updates is not an issue, we use WSUS here, so I can keep a close eye on updates. Logging onto the FSMO (which also happens to be the infrastructure operations master too as we only have one domain in a single forest running on 2 domain controllers), I then ran the 2 commands above. Both reported that they an successfully, and there was no errors in the log files. I did that Friday of last week. I even verified they ran correctly by looking at two keys that should have been created (details are in KB325379).
Yesterday was an incredibly busy day (video conferencing system being installed), so I didn’t get a chance to finish doing the promotion, but I had planned on giving the domain a day or so to propergate the new changes. So this morning I jumped on the new server, and executed dcpromo, it pauses and thinks for a bit, and it barfs back this error:
The Active Directory Installation Wizard cannot continue because the forest is not prepared for installing Windows Server 2003. Use the Adprep command-line tool to prepare both the forest and the domain. For more information about using the Adprep, see Active Directory Help.
The version of the Active Directory schema of the source forest is not compatible with the version of Active Directory on this computer.
Hrmm… Weird, I have run the adprep commands and the likes, and I’m still getting this error? Good old google… I did a search for the error, and stumbled across these two articles…
The first one details the exact error message, including the errors in the dcpromo.log (which is located in drive:\Windows\debug folder). However the details in the article aren’t very handy as they just tell you to run the adprep commands.
The second article was right on the money. Because we’re using R2, there is a second CD, which has additional files included that also need to be added (something that is missing from KB325379).
Drive:\CMPNENTS\R2\ADPREP\adprep.exe /forestprep
This executes an additional update. Just for the sake of it, I also executed adprep /domainprep but was informed that all the updates had been done.
I left the server for a little bit, and forced replication between the domain controllers. After a while (about an hour or so, I had other things to tend to), I reissued dcpromo on our new server. Some more twiddling of fingers, and a few moments later, it started to download all the domain settings, and updates…
Weee
Posted in General Ramblings, Microsoft, Technology, Work
I'm a full time network administrator, working for a large company in the automotive industry. I enjoy spending time with my family, when I get away from work that is. I also enjoy photography, and computer programming.
content rss
August 16th, 2006 at 4:00
This worked for us too, thanks for posting!
August 23rd, 2006 at 22:32
[...] The other day I got a little curious about the popularity of my blog. I’m pretty sure, or at least was, that I am probably the only one that reads it. That was until a few days ago when somebody posted a comment on one of my posts about promoting a domain controller. This inspired me to look at who is looking at what. [...]
September 10th, 2006 at 4:28
Thanks for sharing this info, seen the fact that you are rather high in the goolge-engine for this issue, I assume you have more visitors than you think… Or maybe I’m all wrong about the way that google indexes it’s search results.
Anyhow, your post saved my day.
thanks and regards!
Lieven
September 11th, 2006 at 2:17
Thanks for the comment. From what I’ve understood of Google’s PageRank(tm) technology, the more people link, the more votes your page gets. But it also works on the basis that if I get fewer links by more popular pages, then I also improve my rank. I’m quite amazed at home my little old page got so high, all the referrers I see are Google (all kinds of TLDs too from .com to .sg, .de, etc etc).
I wonder if I can persuade Google to tell me how I am ranked so high… or I wonder if it’s a reverse PageRank(tm) thing because I’m referencing 3 MS KB articles.
May 23rd, 2007 at 4:00
I just wanted to post to say glad I’m not the only one struggling to get hardware replaced. We finally got the go ahead to upgrade our domain controllers from a six year old (no RAID!!!) primary server and a $250 used desktop (no RAID either!) I threw on there as a backup. I ran into exactly the same issue with my new Win 2003 R2 boxes. Microsoft could really stand to clean up its tech notes on doing the 2000 to 2003 AD transition. I also ran into an issue with Exchange 2000 (nope haven’t convinced them to upgrade that yet). Everything said to run the inetorgperson fix file, but in actuality that is only usable if you have already mangled your AD records. It just craps out if you try to run it before doing adprep. I figured out that was because the script was trying to fix 2003 schema objects that didn’t exist and ran only the changes that were needed. After that I did find a technet article saying to do that, but it was hard to find.
May 23rd, 2007 at 10:54
Thanks. I just had the exact sam issue. your instructions got me thought it. I also found you at the top of goolges search results.
July 1st, 2007 at 9:36
Thanks for putting this out there! As I’m wrtiting this my new R2 server is being promoted to DC. Can’t thank you enough!
I can’t believe this wasn’t specified more clearly on MS’s site.
Regards,
Vince
July 24th, 2007 at 23:17
Nice one thankyou, was floundering there for a while!
August 9th, 2007 at 10:51
Nicely sums up the steps to complete this procedure.
Thanks
August 31st, 2007 at 8:14
Having an issue, that you might be able to assist with….
Managed to promote my new 2003 R2 server with out any problem. reboots fine a couple of times, then the problems begin.
It starts to take an age when it gets to “Preparing network connections”, then when it finally does let you log in, it can’t communicate with the domain (or anywhere else for that matter).
Several key processes hang on startup, COM+ being one of them. Network connections fails.
Any ideas….
Thanks
September 2nd, 2007 at 21:31
The lag in setting up the networking sounds like a DNS issue almost. What do you have the DNS servers set to for this server? Failure to start services can be the result of not being able to find the domain for authentication, even though the server is itself a DC. We’ve had a similar issue before, and we found it was caused by the servers not being able to find the DC records in the DNS. The resolution was to change the DNS settings for the server to point to 127.0.0.1 for one of the hosts, and another DC server for the other host. Of course, you can specify outside your network for the second if you want, but I’ve found it necessary for the first host to be 127.0.0.1.
November 28th, 2007 at 1:24
hello, mennn… its almost clocking 2008 and ive been havin this nagging issue…i think i have one of the oldest domain controllers on the galaxy (think about the 1st compaq..around 1995)….so you can guess how much of a hustle it was to convince mgt to sort out the situation..anyways it was bringing resistance to a new hp server i recently managed to pry off the mgt….jammed to admit it as a secondary pdc..jealousy issues i guess…but after reading your blog..everything looks up…good work hommie..
January 11th, 2008 at 18:01
Cannot tell you how much this helped. Have been struggling with the same issues as well. Old domain controllers, hard headed bean counters, and check signers with thick heads. Finally got it approved and got us on our way only to hit this road block. Anyway, thanks again for the post. Now if I can just help them understand the importance of not downloading every “free twinkly ultra cool all in one fixer toolbar and search engine program.
February 4th, 2008 at 20:17
bro, i try to migrate my domain. from w2000 server to win2003 server. all step already running ok. i make old DC (win2000) and new DC (win2003) as global catalog. but when my old DC down., user cannot logon to my new DC. anny issue for this bro ?, thanks for help ( my old DC running exchange too)
February 19th, 2008 at 19:59
Solved my problem. Found you on google as well. Thx!
March 5th, 2008 at 11:35
[...] Bugs 03.05.2008 at 09:14AM PST, ID: 21052191 CptnTrips: http://jon.netdork.net/2006/06/07/promoting-a-windows-2003-server-to-a-domain-controller-in-a-2000-e... 03.05.2008 at 09:20AM PST, ID: 21052278Rank: Master PlaceboC6: This article goes [...]
July 1st, 2008 at 9:51
Excellent blog! I was stuck with it also, i knew its something to do with bugger R2 but when i did the forest update from the disk two the level actually went one level up from windows 2003.
October 8th, 2008 at 13:28
Great blog. I am planning to upgrade my domain from Windows 2000 to Windows 2003 with new hardware. I am sure this is going to help me a lot lot……
November 10th, 2008 at 14:19
Thank you. More than two years later it is still very helpful information. Why couldn’t the error message contain the same information?
November 18th, 2008 at 3:23
I must echo all before me. You (and google) have saved me a whole lot of stress!
Many Thanks, David
December 10th, 2008 at 9:26
I am just about to prep a domain that is W2K, single DC. I already have 4 other 2K3 Servers; but only as member servers. Somebody on Experts Exchange has posted a link to this site, and I am so happy I found it ( with help)….. I am just about to start the process. A quick question. During the whole adjustment process, does the network ( DC) ever have to be rebooted? Am i looking at downtime at all ?
thanks
December 10th, 2008 at 12:15
I don’t believe a reboot was required. The changes are to the LDAP structure used by Active Directory, so I don’t think changes were required to the actual machine that did the reboot. I don’t believe either of the documents report that you have to reboot either.