question

techcoor-9538 avatar image
0 Votes"
techcoor-9538 asked techcoor-9538 answered

How to transfer the users from one server to another server


I am working on moving from from DC1 to DC3.

When I do a gpresult /v I still see the user settings showing

Group Policy was applied from: DC1


How do I make the change to get the Group Policy to apply from DC3?

The domain is the same for both DC1 and DC3

windows-server-2019
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered

Hi,

Based on my understanding, there are 2 DCs (DC1 and DC3) in your domain, right?

Do you mean you want to demoted DC1 and remove it from Domain, but the policies sitll show applied from DC 1?
Or both the DCs (DC1 ,DC3) are working well, you just want the policies apply from DC3

If you mean you demoted DC1 and remove it from Domain, but the policies still show applied from DC 1? You can confirm the following steps

If there are FSMO roles in the DC1, you may try to transfer the FSMO role first:
https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/view-transfer-fsmo-roles

For how to demote one DC, you can refer to:
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/demoting-domain-controllers-and-domains--level-200-

If the DC1 was not demoted successfully, we need to perform a metadata cleanup.
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup
Then, the client will apply policies from DC3 since DC1 is not existing anymore.

If both the DCs (DC1, DC3) are working well, you just want the policies apply from DC3, you can try to confirm the site configuration.
Did the 2 DCs are in the same site or different sites?
If in different sites, the user or computers will find the DC in the same site.
If in the same site, the user or computers will apply policies randomly.
The process is allowing the computers on the network to find the closest domain controller to retrieve the Group Policy information from SYSVOL. This behavior is to load balance and synchronize fault tolerant between domain controllers.
Following link for your reference:
https://social.technet.microsoft.com/Forums/windows/en-US/a23d914c-6998-4107-af3d-db2d380693d1/change-the-server-group-policy-was-applied-from?forum=winserverGP

If i misunderstand you, please feel to let me know.

Best Regards,

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

techcoor-9538 avatar image
0 Votes"
techcoor-9538 answered FanFan-MSFT commented

DC1 and DC3 are in the same domain
I am trying to move from DC1 to DC3.
FMSO roles are transferred to DC3.

This is related to the After a migration the data keeps going to the old server
The question is too vague and I believe abandoned.
The more specific problem is that the folder redirection is going to the old server DC1 with the GPO saying the location is DC3. The map drive GPOs work.

There is a reference to this problem on the Internet.
My Documents folder redirection stuck on old location

fixed the problem with the help of Reddit :)
https://community.spiceworks.com/topic/104283-my-documents-folder-redirection-stuck-on-old-location

After running gpresult /v, I found out that workstations were still looking to the old DC to obtain group policy info. The gpresult showed the gpupdate I had just performed but showed that it had refreshed from the old server (which is impossible since that server isn't online).
Finally I specified the DNS server in the workstation's network connection, flushed dns, and did another gpupdate. After a restart all proper policies were in place and folder redirections were working!

The problem I have is that this fix is for one workstation.

https://techwiser.com/check-your-dns-server/
ipconfig /all | findstr "DNS\ Servers" gives DC1 where I want DC3.

Changing Primary DNS server
https://community.spiceworks.com/topic/860179-changing-primary-dns-server

I think this isn't a DNS issue but rather a DHCP issue. Before going further let me state, as others have said, do not use an external DNS server.
The next question is what is your DHCP server? If it is a Windows server then open the DHCP management tool. Connect to your DHCP server by right clicking on the root object labeled "DHCP" then choosing Manage Authorized Servers. Choose the correct DHCP sever you are managing.
Once it has loaded, expand the tree down to the following IPv4 -> Scope -> Scope Options. Select DHCP Option 006 (DNS Servers) and remove the old server and add the new one.
Go back to your workstation, do a release and renew.

Changed the order of the DNS servers to DC3 and DC2 on DC1, DC2, DC3.

ipconfig /all | findstr "DNS\ Servers" gives DC1 where I want DC3.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,
Was the DC1 removed from the domain after the migration?
Anything wrong if you run command:

Dcdiag /v >c:\dcdiag1.log
Repadmin /showrepl >C:\repl.txt
Repadmin /showreps * 

Best Regards,

0 Votes 0 ·
techcoor-9538 avatar image
0 Votes"
techcoor-9538 answered FanFan-MSFT commented

DC1 was not removed. The users files are still directed to DC1. The folder redirection is not working.

I will take the last two commands first on DC3
The Repadmin /showrepl >C:\repl.txt shows successful.
Repadmin /showreps * LDAP error 81 (Server Down) Win32 Err 58.
My guess this is referencing Windows Server 2008 that I thought was removed.
Dcdiag /v >c:\dcdiag1.log

The DFS Replication service has detected that the staging space in use for the replicated folder at local path Location is above the high watermark. The service will attempt to delete the oldest staging files. Performance may be affected. This is old. I already changed the staging size.
The DFS Replication service has been repeatedly prevented from replicating a file due to consistent sharing violations encountered on the file. The service failed to stage a file for replication due to a sharing violation. Also old
he DFS Replication service is stopping communication with partner DC1 for replication group Domain System Volume due to an error. The service will retry the connection periodically Also old

DC1 has lots of following:
No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this.

Locator Flags: 0xe003f1fc
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355

      A Primary Domain Controller could not be located.

      The server holding the PDC role is down.



· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Actually, I'm little confused about the DCs in your domain.
How many DCs do you have now?
What do you mean when you said moving from DC1 to DC3?
Did you demote the DC1? Or just changed the folder redirection location?
If you demoted the DC1, but there are still old references existed, it is suggested to do a metadata cleanup.


Best Regards,

0 Votes 0 ·
techcoor-9538 avatar image
0 Votes"
techcoor-9538 answered FanFan-MSFT commented

DC1, DC2, DC3
I copied all data from DC1 to DC3, ran FSMO to transfer from DC1 to DC3, changed the location pointed to by map drive and folder redirection to point to DC3, moved DSFR from DC1 to DC3.

Currently, data files are directed to DC3 and user documents, desktop and favorites are directed to DC1.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

How did you change the location for the folder redirection? From GPO?
What do you mean by "moved DSFR from DC1 to DC3"
Best Regards,

0 Votes 0 ·
techcoor-9538 avatar image
0 Votes"
techcoor-9538 answered FanFan-MSFT commented

Select Server Manager, Tools, Group Policy Management, Group Policy Objects Folder. Right click Redirection gpo. Select Edit, User Configuration, Policies, Windows Settings, Folder redirection, Right click Desktop. Select Properties. Root was changed to point to DC3 but redirection is still to DC1.

Moved DSFR is short cut for saying delete replication group on DC1 and create replication group on DC3.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

So, now the situation is that :
You transferred the FSMO role for DC1 to DC3, but DC1 is still acts as a DC in domain.
Changed the folder redirection path but didn't work.
It is suggested to check if the DCs is healthy and if the replication is working correctly.
Dcdiag /v >c:\dcdiag1.log
Repadmin /showrepl >C:\repl.txt
Repadmin /showreps *

0 Votes 0 ·
techcoor-9538 avatar image
0 Votes"
techcoor-9538 answered FanFan-MSFT commented

I already run those commands.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

It seems the PDC is down, did you check that?
You can run following command to check which server holds the FSMO Role.
netdom query fsmo
Fan

0 Votes 0 ·
techcoor-9538 avatar image
0 Votes"
techcoor-9538 answered

I am abandoning this question. This is the same problem as After a migration the data keeps going to the old server.
https://docs.microsoft.com/en-us/answers/questions/414358/after-a-migration-the-data-keeps-going-to-the-old.html?childToView=434067#comment-434067.




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.