Prepared by Ian Matthews August 18, 2003, last updated Sept 20, 2003 Several glossy Microsoft presenters have stated that all you need to do to complete a Windows 2003 Domain upgrade is run ADPREP and then upgrade away. This may work for very small / simple environments but it is definitely not good advice for most companies. After upgrading five servers in two unrelated domains and installing many fresh copies of 2003 I can say that I personally would not skip a single step in the process I have developed below.
NOTE: This process below is offered with no guarantees and we acceprt no liability.
To keep an otherwise complex process simple, it is provided in a terse point form.
Windows 2000 to 2003 Domain Upgrade Process:
- set internal DNS servers to “scavenge” every 7 days
- do this as far before the upgrade as possible: 61+ days preferred but not required
- have all W2K servers running SP4
- any machines being upgraded should have 512MB of RAM or better (256MB works but it is damn slow)
- run CD \i386\winnt32.exe /checkupgradeonly
- verify all your applications are supposed to function under W2003 by contacting your vendors
- if you have MS Exchange 2000 or older you are in Hell and must read Q325379
- note that only “local” (LPR) and “Standard TCP/IP” printer ports work under 2003
- i.e. Lexmark printers using LexLink will have to have their ports recreated
- this is not true in an pure upgrade environment
- they will still continue to function even though MS says they won’t
- I suggest your take a few minutes to remove your old ports and create new TCP/IP ports
- if you run a Lexmark laser printer driver update you will find that your print run very slowly
- (i.e. 3 minutes for a test page)
- go to each printers properties, click the PORTS tab and remove the BIDIRECTIONAL COMMUNICATION check mark
- also click the button to the right of the this check mark and uncheck SMTP
- check with your hardware vendor for W2003 issues
- possibly require updated BIOS
- RAID cards are a real issue under W2003 so make sure yours will work
- my experience has been that the problems lie with new cards.
- I have not had any problems with cards that were greater than 2 years old
- ensure that the first server you upgrade has the PDC Emulator and Domain Naming Master & RID Master FSMO’s.
- if these roles are on different computers, upgrade them in the order listed PDC, then DNM, then RID
- note that IIS Lockdown and/or FrontPage Server Extensions do NOT need to be removed before the upgrade
- IIS6 inherits the restrictions you set in IIS Lockdown and then removes the IIS lockdown tool (it is ‘built in’ now)
- if you do not already have it, install the W2000 Recovery Console (x:\i386\winnt32 /cmdcons)
- disable Link Tracking Server Service – click HERE for details
- remove W2000 Admin Tools, W2000 ResKit (not required but a very good idea), and WinZip < version 8.1 if you have it installed
- STOP and DISABLE the FAX Service
- update / create Repair Disks using NTBackup
- backup the SYSTEM STATE preferably using NTBACKUP
- backup your SQL or other databases
- if your are upgrading a print server, backup your printers using PRINTMIG which you can get HERE
- reboot and do a common sense check:
- resolve any service errors
- check for major event viewer errors relating to key AD components like FRS and DNS
- verify their is a pile of hard drive space (like 1GB+)
- from the W2003 CD run ADPREP /forestprep – only required once
- You should complete the W2003 upgrade within the week of running ADPREP tools.
- from the W2003 CD run ADPREP /domainprep – only required once
- force replication to all DC’s via AD Sites and Services
- wait a MINIMUM of 20 minutes before starting the Windows 2003 upgrade
- disable all anti-virus and non-windows applications / services
- (i.e. event log trackers, 3rd party FTP servers…)
- SQL2000 services do NOT need to be shut down
- insert the W2003 CD, let it autoplay, and select INSTALL then Upgrade
- complete the upgrade process which will take about an hour for most machines
- don’t get too concerned about the COMPLETE TIME meter during this install
- my experience on a variety of machines is that it is off about 25% and the status bar regularly appears ‘stuck’; just keep waiting
- after the upgrade is complete, check event viewer for key errors – ignore Event ID 1931
- check DNS and AD replication
- i.e. add a new user on one server and see if it shows up on the other DC’s
- install W2003 admin tools from x:\WINNT\SYSTEM32\ADMINPACK.MSI
- Note that the incredibly useful tool NETDIAG is now integrated into the OS under HELP & SUPPORT, TOOLS, HELP & SUPPORT TOOLS
- if you had a copy of the W2000 I386 directory on the server delete it and copy new I386 files
- install the Support Tools from the \TOOLS\SUPPORT TOOLS folder on the CD
- delete any $xxxx$ folders from x:\WINNT\ which contained W2000 service pack / hot fix uninstall info (i.e. all of them)
- install the new W2003 Recovery Console (x:\i386\winnt32 /cmdcons)
- install ALL patches from http://windowsupdate.microsoft.com
- this is CRITICAL to avoid problems like MSBLAST virus
- note that the 4 critical updates that were available at the time this article was written installed EXTREMELY slowly on every machine I worked on
- verify that SYSTEM PROPERTIES, ADVANCED tab, PERFORMANCE OPTIONS, ADVANCED tab is set to BACKGROUND SERVICES and SYSTEM CACHE
- after one of the upgrade I did, the machine was very slow . as soon I changed performance settings to SYSTEM CACHE, speed improved dramatically
- In the same place in SYSTEM PROPERTIES, set the VIRTUAL MEMORY (read Swap File) to be MANAGED BY WINDOWS
- don’t forget to click SET after making each change to each drive
- you may want to go back and check your settings were applied as you expected after the reboot
- it is a good idea to put your Swap File on a different drive than the Operating System is on
- backup at least the System State of the server preferably using NTBACKUP
- do NOT overwrite pre-upgrade backup as you just might need it in the future
- Note that W2003 Backup does not read W2000 NTBackup files but if you need to restore back to W2000 you will be happy you still have a W2000 System State to use
- re-enable Antivirus and another of 3rd party services disabled before the upgrade
- install WinZip 8.1 or newer (if desired)
- download (now for free!) and install the W2003 Resource Kit from HERE.
- download and install GPMC (Group Policy Management Console) from HERE
- perform your usual system maintenance routine
- delete temp files, old profiles…
- chkdsk, defrag…
- repeat the relevant steps for all DC’s
- delete Link Tracking Server Service objects as per the end of Q312403 – Q315229 may be useful as well
- wait 24 hours then perform an Offline Defragmentation of the Active Directory Database as per 232122
- .DIT files will be as much as 40% smaller
- in DNS, CHANGE ZONE REPLICATION SCOPE to ALL DC’s IN AD DOMAIN GPMC
- after all DC’s are upgraded, increase “Functional Mode” via AD Domains & Trusts
- this is like W2K Native Mode
- If you want to be able right click on WinXP or Win2000 SERVER machines in you AD and select REMOTE CONTROL click HERE
- If you have a WinXP box you can now use ADMIN TOOLS to manage both your W2000 and W2003 domains, if you download them from HERE .
- To get SHADOW COPY (i.e. Network Recycle Bin) to work, your clients will need THIS.
- MS just release a web log analyzer HERE but you also need the v2.1 upgrade you can get HERE .
- If you run IIS on your server you will likely want the new (free) Share Point Team Services update (still in beta) which you can get HERE.
- If you run Terminal Services, you will need the new RDP 5.2 client which will automatically map drives, network printers, sound… which you can get HERE.
- You can now run Terminal Services/ RDP client in “Console Mode”
- if you want to “be there” just add /console to your RDP shortcut- it ROCKS!
Useful Links:
Multihomed Server Routing Problems:
The following information was taken from a Merak Mail Forum. I thought many people may find the information useful:
Windows Server 2003 networking you need to be aware that MS seems to have adopted a different philosophy regarding multi-homing. By default a server with 2 NICs treats networking concept as fault tolerant redundancy. That is if one of your default gateways goes down the other NIC should route traffic to the other gateway. In real life however, many networks have been traditionally designed with one NIC pointing to an Internet gateway and the other to a LAN gateway and availability should always be available through either NIC depending upon if you’re connecting to the server via the LAN or Internet. The solution to this problem is to disable the default Automatic Metric settings for both NICs and put in a static value of 1 (assuming your default gateway is 1 hop away).
We used to try and run multihomed servers with 2 “default gateways” – every now and then the server would drop off the internet. A server can only have one default gateway. Its basically a dumping ground for any traffic it doesn’t know where to route.
The correct way (and now enforced by win2003) is to add static routes.
For example, a server we have is on 217.77.176.15. Its default gateway is 217.77.176.1. The server is also 192.168.2.15. It can reach any other 192.168.2.0/24 address by default. We also want to get to 192.168.1.0/24. Old way – add 192.168.2.1 (which is a router) as the gateway for second interface. Bad bad bad. Better way – route add 192.168.1.0 mask 255.255.255.0 192.168.2.1 -p
…the “servers” default gateway is defined by the NIC that you give the highest preference to. Specifying the IP Address, Subnet mask, gateway and metric for the gateway for each NIC will result in the routes automatically being added to the server’s routing table (you can see this with Route Print). This difference is how Server 2003 handles the metric by “default”. By “default” it sets the metric to automatic which results in the Server 2003 picking the default gateway by shortest actual distance determined by pinging each gateway. If the performance to one gateway is slightly, even fractions of a ms, better then that becomes the server’s default gateway. Should connectivity to this default gateway become degraded or disappear then the next NIC’s default gateway automatically kicks in. This is fine if you want fault tolerance. Now consider if you want to have two separate gateways run independently to two distinct networks as an always on. It is necessary to turn off the automatic metric and set the default gateways to each nic to an equal value (typically 1). Now the actual overall default gateway for the server will remain as the default gateway for the NIC which has the highest adapter preference. All of the routing information will be generated by Windows. Now you could manually create the routes but it really isn’t necessary. The real idea here is that each NIC must be always available, listening for traffic coming from it’s own respective default gateway. I mostly wanted to point out that the way the Server 2003 handles multiple NICs differently by default. Incidentally, this is an excellent way of separating specific protocols between two distinct networks, setting up port forwarding or migrating a server from one network to another without any downtime and without having to build a clone of the server. You can actually setup multiple IP addresses each with their own gateway and only one NIC. I’ve used this successfully many times during migrations but we won’t go there. LOL Take care.