On Tue, Mar 2, 2010 at 9:24 PM, Michael B. Smith <[email protected]> wrote: > No...as described below, you still have a Win2000 forest. > > You don't get a win2003 domain and/or forest until you start upgrading domain > functional levels and forest functional levels.
It would be a Win2003 domain in Win2000 native mode, isn't it? My current Win2000 domain is at Native Mode. > > To upgrade domain functional levels, all DCs in the forest have to be at the > higher version. To upgrade forest functional levels, all domains in the > forest have to be at the higher version. Good points. Still, first steps and all .. we have all new hardware for Win2003 servers. And once we get them all in place, we will the upgrade domain and forest functional levels. > > In terms of domainprep/forestprep, I would recommend that you run those on > the schema master (after you've run a full backup, including system state) > with that server removed from the network. Especially in the case of certain > SFU and certain specific iNetOrgPerson changes, it IS possible that the > schema upgrades can fail. You need to protect yourself from that. Really. Removed from the network? You mean pull the NIC cable out of the schema master, and then perform the prep steps on it? I didn't think that would work, unless it could contact the other DCs to inform them of the change. Then what - just plug it back in and let it replicate the changes out? > > Regards, > > Michael B. Smith > Consultant and Exchange MVP > http://TheEssentialExchange.com > > > -----Original Message----- > From: Michael Leone [mailto:[email protected]] > Sent: Tuesday, March 02, 2010 3:51 PM > To: NT System Admin Issues > Subject: Re: Demote a DC that is primary DNS for a forest? - REVISED > > So here's what we've come up with, as a plan: > > Run FORESTPREP/ADPREP this week. > On Sat: > > Upgrade Win2000 forest to Win2003 by DCPROMOing new-DC2 (which has DNS > installed) > Transfer all FSMO roles to new-DC2 > Demote old-DC1. > Use IP address of old-DC1 for new-DC1 (which has DNS installed). > DCPROMO new-DC1. > Transfer some FSMO roles to new-DC1, as balance. > > That means I now have a Win2003 forest. And I still have a DNS server at IP > address of old-DC1 (which is what all the static IPs point to). > And I've gotten rid of old-DC1, which is throwing an error about "trusted > machine account" when running DCDIAG (hence the need to demote it). > > That should cover me, I think. > > Then, next weekend, I can upgrade the child domain to Win2003 by DCPROMOing > more member Win2003 servers in that domain, and transferring roles > accordingly. > > Sound like a plan? > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
