>How to add your first Windows 2003 DC to an existing Windows 2000 domain ?
The first step is to install Windows 2003 on your new DC. This is a straighforward process, so we aren?t going to discuss that here.
Because significant changes have been made to the Active Directory schema in Windows 2003, we need to make our Windows 2000 Active Directory compatible with the new version. If you already have Windows 2003 DCs running with Windows 2000 DCs, then you can skip down to the part about DNS.
Before you attempt this step, you should make sure that you have service pack 4 installed on your Windows 2000 DC. Next, make sure that you are logged in as a user that is a member of the Schema Admin and Enterprise Admin groups.
Next, insert the Windows 2003 Server installation CD into the Windows 2000 Server.
Bring up a command line and change directories to the I386 directory on the installation CD. At the command prompt, type:
Code : adprep /forestprep After running this command, make sure that the updates have been replicated to all existing Windows 2000 DCs in the forest.
Next, we need to run the following command:
The above command must be run on the Infrastructure Master of the domain by someone who is a member of the Domain Admins group.
Once this is complete, we move back to the Windows 2003 Server. Click ?start? then ?run? - type in dcpromo and click OK. During the ensuing wizard, make sure that you select that you are adding this DC to an existing domain.
After this process is complete, the server will reboot. When it comes back online, check and make sure that the AD database has been replicated to your new server.
Next, you will want to check and make sure that DNS was installed on your new server.
If not, go to the control panel,
click on ?Add or Remove Programs?, and click the ?Add/Remove Windows Components? button.
In the Windows Components screen, click on ?Networking Services? and click the details button.
In the new window check ?Domain Name System (DNS)? and then click the OK button. Click ?Next? in the Windows Components screen.
This will install DNS and the server will reboot. After reboot, pull up the DNS Management window and make sure that your DNS settings have replicated from the Windows 2000 Server. You will need to re-enter any forwarders or other properties you had set up, but the DNS records should replicate on their own.
The next 2 items, global catalog and FSMO roles, are important if you plan on decomissioning your Windows 2000 server(s). If this is the case, you need to tansfer the global catalog from the old server to the new one.
First, let?s create a global catalog on our new server. Here are the steps:
1. On the domain controller where you want the new global catalog, start the Active Directory Sites and Services snap-in.
To start the snap-in, click ?Start?, point to ?Programs?, point to ?Administrative Tools?, and then click ?Active Directory Sites and Services?.
2. In the console tree, double-click ?Sites?, and then double-click ?sitename?.
3. Double-click ?Servers?, click your domain controller, right-click ?NTDS Settings?, and then click ?Properties?.
4. On the General tab, click to select the Global catalog check box to assign the role of global catalog to this server.
5. Restart the domain controller.
Make sure you allow sufficient time for the account and the schema information to replicate to the new global catalog server before you remove the global catalog from the original DC or take the DC offline.
After this is complete, you will want to transfer or seize the FSMO roles for your new server.
For instructions, read Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller.
After this step is complete, we can now run DCPROMO on the Windows 2000 Servers in order to demote them.
Once this is complete, copy over any files you need to your new server and you should have successfully replaced your Windows 2000 server(s) with a new Windows 2003 server.
> What is DSRM in AD ?
Directory Services Restore Mode (DSRM) is a safe mode boot option for Windows Server domain
controllers. DSRM allows an administrator to repair or recover to repair or restore an Active Directory
database.When Active Directory is installed, the install wizard prompts the administrator to choose a DSRM
password. This password provides the administrator with a back door to the database in case something
goes wrong later on, but it does not provide access to the domain or to any services. In the event a
DSRM password is forgotten, it can be changed by using the command-line tool NTDSUtil.
> Why dns is important for active directory ?
Active Directory is dependent on DNS as a domain controller location mechanism and uses DNS domain
naming conventions in the architecture of Active Directory domains. There are three components in the
dependency of Active Directory on DNS:
1. Domain controller locator (Locator)
2. Active Directory domain names in DNS
3. Active Directory DNS objects
> What is group policy in active directory ?
Group Policy is an infrastructure that allows you to implement specific configurations for users and
computers. Group Policy settings are contained in Group Policy objects (GPOs), which are linked to the
following Active Directory directory service containers: sites, domains, or organizational units (OUs).
> What is tree in active directory ?
A tree is a group of domains that have the same DNS name; for example, abc.com (the top domain),
sales.abc.com and support.abc.com (the child domains).
> What is forest in active directory ?
A forest is a collection of multiple trees that share a common global catalog, directory schema,
logical structure, and directory configuration. Forest has automatic two way transitive trust
relationships. The very first domain created in the forest is called the forest root domain.Forests allow organizations to group their divisions that use different naming schemes and may need to operate independently. But as an organization, they want to communicate with the entire organization via transitive trusts and share the same schema and configuration container.