question

cosmicstorm avatar image
0 Votes"
cosmicstorm asked EdisonYandun-5508 commented

AD Migration from Win 2003 to Win 2019

I wish to MIGRATE users, groups & computers from Windows 2003 Forest Root Domain named "xyz.com" to Win2019 Forest Root Domain named "abc.com"

Following are my queries

  1. Will setting up Trust relationship be possible between Windows 2003 Forest & Windows 2019 Forest?

  2. Will ADMT & PES tools support this migration?

  3. Is there any other way of meeting the Migration requirement other than using ADMT/PES tools?




windows-active-directory
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello:

The concerns you had when you wrote in the forum are the same ones I have now; I've read every answer and none come close to answering the questions you raise.

In the end, were you able to establish the trust relationships between 2003 and 2019??

Thanks for your answer

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered cosmicstorm commented

Something here may help.
https://www.varonis.com/blog/active-directory-migration-tool/

--please don't forget to upvote and Accept as answer if the reply is helpful--



· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

i am actually looking for a specific response to my three queries.

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered cosmicstorm commented

Sounds good, you're welcome. You could also do a two step migration using 2008 or 2012 as intermediary step.

The two prerequisites to introducing the first 2019 domain controller are that domain functional level needs to be 2008 or higher and older sysvol FRS replication needs to have been migrated to DFSR
https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Streamlined-Migration-of-FRS-to-DFSR-SYSVOL/ba-p/425405

--please don't forget to upvote and Accept as answer if the reply is helpful--






· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi DSPatrick,

Sorry but your response here seem to be totally out of context.

I am NOT keen on doing a AD Upgrade or AD Transition from Win 2003 to Win 2019. I am aware that for doing a AD Upgrade/Transition one needs to use the two hop migration as it is not directly supported.

Rather I am wanting to do a Object Migration such as AD users/groups/computers from Win2003 based AD to a new AD Forest root domain hosted on Win2019 using ADMT/PES tools & my queries revolve around the same.


Thanks.

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered

I'd suggest starting a case here with product support.
https://support.serviceshub.microsoft.com/supportforbusiness

--please don't forget to upvote and Accept as answer if the reply is helpful--




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VickyWang-MFST avatar image
0 Votes"
VickyWang-MFST answered DSPatrick commented

Then the simplest would be to migrate rather than building a new domain. This will be a two step process though since you cannot add a 2019 domain controller to a 2003 domain. You also would need to migrate FRS to DFSR.

I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting. Then I'd stand up a new 2008 R2 or 2012 R2, patch it fully, (you can use a technet evaluation for this purpose), join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to verify health, when all is good you can decommission / demote old one, raise domain functional level, then do FRS to DFSR migration (DFSR is required for 2019 domain controllers)

Once done, repeat these steps to add a 2019 domain controller.

Use dcdiag / repadmin tools to verify health correcting all errors found before starting. Then I'd stand up the new Server 2019, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to verify health, when all is good you can decommission / demote old one.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Vicky,

I am looking for a specific response to my query & not an alternative.

BTW, the Win2019 forest root domain named "abc.com" already exists with a few users/computers of its own?
The Win2003 forest root domain "xyz.com" too is not a with a single DC but has 14 DC's spread across 8 AD Sites.

I wanted to keep my query simple, so avoided giving details & am expecting a simple response specific to my query.


Thanks





0 Votes 0 ·

please remember to give the author some credit when you copy their post


0 Votes 0 ·
VickyWang-MFST avatar image
0 Votes"
VickyWang-MFST answered cosmicstorm commented

Hi,

Thank you for your reply and waiting.

If the information provided by me and MVP is not helpful to you, you may need to remotely or collect logs. But this is beyond the security scope of the forum.

If necessary, you can seek help from a senior engineer.

reference: https://support.microsoft.com/en-in/hub/4343728/support-for-business

Hope this information can help you

Best wishes

Vicky

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Vicky,

I am confused by your response.
Why would you require to collect logs, from where?

& BTW the support service from MS; i understand its not free, or is it?
& importantly MS does not support or comment on products those have reached their end of life cycle.

Regards


0 Votes 0 ·
VickyWang-MFST avatar image
0 Votes"
VickyWang-MFST answered cosmicstorm commented

Hi,
thank you for your reply.
Because the collection of logs involves privacy. Beyond the scope of our discussion of him
The link provided to you is indeed chargeable.
Can give you as a reference, because your problem is indeed very complicated, it is recommended that you find a more professional engineer for help
Thank you for your understanding and support
Best wishes

Vicky

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

No Vicky, its not complicated. My queries are simple & straight forward.
I do not understand why you have gone so far to state collection of logs.

I have in the past used ADMT/PES tools to perform AD Object migration between win2012 to win2016 forest. So I know how to use it.

My current limitations are that I do not have an environment nor Win 2003 ISO to simulate the migration & test it myself in a lab.



0 Votes 0 ·
VickyWang-MFST avatar image
0 Votes"
VickyWang-MFST answered

Hi,
Thank you for your reply
Maybe I misunderstood your meaning. Give me some time. I need to discuss it with a senior engineer.
I will update in time with updated results
Thank you for your understanding and support
Best wishes
Vicky

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VickyWang-MFST avatar image
0 Votes"
VickyWang-MFST answered

Question 1: Shuanglin trust can be built
Active Directory Forest Trust: Attention Points - TechNet Articles - United States (English) - TechNet Wiki (microsoft.com)
This is a video tutorial of utube, which can teach how to build Shuanglin trust:
https://www.youtube.com/watch?v=Cud41sE2KHI
Create Two-Way Forest Trust in Active Directory Forest | Windows Server 2019 - YouTube
2: ADMT supports migration, link is the method of use;
https://www.varonis.com/blog/active-directory-migration-tool/
This ADMT installation link:
https://www.microsoft.com/en-us/download/details.aspx?id=56570
3: The third is that Microsoft recommends using ADMT to reduce risk
Before doing the migration, make a backup
107489-image.png



image.png (60.7 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VickyWang-MFST avatar image
0 Votes"
VickyWang-MFST answered

Hi,

Welcome to share your current situation if there are any updates.

Please feel free to let us know if you need further assistance.


Best Regards,
Vicky

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.