Migrating to Windows Server 2008 - Migration Steps: FSMO Roles
(Page 3 of 4 )
Transferring FSMO roles is what we are going to do next. This is very important; before we demote your already-existing domain controller running Windows Server 2000/2003, we need to transfer the FSMO roles to the new Windows Server 2008. When we talk about FSMO roles we refer to the Schema Master, Domain Naming Master, Infrastructure Master, RID (Relative ID) Master, and PDC Emulator.
There are various ways to transfer these roles, either by using the Ntdsutil.exe command-line utility or the built-in MMC snap-ins. We usually recommend that nifty Ntdsutil tool because it is a bit more advanced and gives detailed error messages (logs to work with). The snap-in method is explained in the official Microsoft documentation. The documentation applies to Server 2008 because the process is almost identical.
If you are following the command line, then this paragraph should aid you in the process. As a side note, you can always type "?" for a list of possible commands. First, just run the Ntdsutil.exe. Once it's up and running, type "roles." After that, type "connections." Now you need to connect to the server; to do this, type: "connect to server name_goes_here." Of course, replace that latter field with the respective host.
It should appear that the utility have established a successful connection to the server. Now you are required to type "q" to quit from the connections menu, since you want to work on the previous menu (which was roles, as you may recall). Now you are in the roles menu; type "?" to see the available commands for further information.
In order to transfer all of the FSMO roles, you need to execute the following:
- Transfer domain naming master
- Transfer infrastructure master
- Transfer pdc
- Transfer rid master
- Transfer schema master
During the process, carefully follow the messages. If there are any errors, chances are that they are related to not having necessary credentials and/or permissions. You should run the Ntdsutil as an Administrator. Also remember, running the command "Adprep /forestprep" already required the Admin user to be member of the Enterprise Admins and Schema Admins, while the "Adprep /domainprep" required Domain Admin.
For further information regarding FSMO roles and how to use Ntdsutil, please read the official documentation. Now we are going to move on. Windows Server 2008 only supports domain functional levels that are either Windows Server 2003 (native) or above, as mentioned earlier when we discussed Adprep. This means that if there are other DCs in the domain running Windows NT or 2000, you should demote them.
Once they are demoted to member servers, the overall functional level of the domain can be raised to meet the requirements (at least Windows Server 2003). Once this step is also done, you can join the domain with the new Windows Server 2008. The FSMO roles are going to be managed by the new server, including the DNS roles. Everything should work fine after a full server restart (or just Netlogon service restart).
But we aren't done yet. You should set the IP address and host name of the new server to your needs. If it is going to replace the old domain controller, then ideally it should receive the same name and IP address; in this case, disjoin the existing domain controller, since you can't have duplicate servers under the same host name and IP. If it's going to work along with it, then just call it differently and set another IP.
Next: DHCP Migration, Final Words >>
More BrainDump Articles
More By Barzan "Tony" Antal
