When upgrading and migrating to Windows 2003, unforeseen failures can occur requiring administrators to recover the Windows 2000 domain. The following sections touch on several areas to assist in addressing failed upgrades and issues when migrating. Best practices describe how to proactively recover from any problems should they arise and how to roll back after one upgrade to a domain controller fails. Backing Up Active DirectoryWhenever working with a domain controller and Active Directory, it is a good practice to back up the system state of the domain controller whether you are migrating, upgrading, or performing maintenance in preparation for a server upgrade. To back up Windows Active Directory, back up the system state of the domain controller. In this scenario, you will learn how to back up the system state data using the Windows Backup Wizard from a command prompt on the Windows 2000 domain controller. To begin the backup process, log on to the server with the domain administrator account. Open the command prompt by selecting Start, Run and typing command . Click the OK button to open the command prompt and follow these steps:
Recovering from a Failed UpgradeWhen upgrading domain controllers, especially a domain controller that holds the domain FSMO roles, it is important that you are prepared to recover these roles should the upgrade fail. Should the upgrade of the FSMO Role holder fail, you can seize these roles to another domain controller on the domain. To recover from this scenario and still end up with the same results, you with a little time can seize the FSMO roles to an addition Windows 2000 domain controller. Install the failed server with the fresh installation of Windows 2003 and transfer the roles to the new Windows 2003 server. This process will work fine to recover the failed domain controller upgrade. To seize and transfer FSMO roles between domain controllers, use the NTDSUtil Utility built into the Windows 2000 and Windows 2003 operating systems. In the scenario, the FSMO Roles will be seized to an additional Windows 2000 domain controller restoring domain functionality. To finish seizing the roles, complete the following:
When Seizing Roles in Child Domain... When seizing roles in child domain, only seize the PDC, RID Master, and Schema Master roles. Once completed, verify each role's placement and review the server logs to determine if any issues have occurred as a result of seizing the roles. Planning and Avoiding Network DowntimeOne of the biggest challenges you face when upgrading is avoiding network downtime if problems arise. This section provides some insight to common practices and simple tricks to ensure that domain authentication and name resolution are available quickly should a failure occur. One of the very first areas to consider is redundancy of vital network services. These services are configured with Active Directory and can be redundant to avoid client/server communication issues should an upgrade of a domain controller fail. One of these services is the DNS service, which provides domain name resolution for the Active Directory domain begin upgraded. Before upgrading the domain controller with the primary Active Directory DNS services, you should install an additional Active Directory DNS server and allow replication to complete before upgrading. To Export the DHCP Service Database and Configuration Information... To export the DHCP service database and configuration information, see the "Migrating DHCP to Windows 2003" section in this chapter. One other major service is the DHCP service; you can easily export all DHCP server information to a stored network location to be recovered easily. |