6

I am in the process of moving our active directory environment off of Windows 2000 server to a new Windows 2008 R2 server. I have prepped our Windows 2000 domain and upgraded the schema so that I could add the DC role to the Windows 2008 server. I can replicate changes between the 2 servers but I am having an issue replicating the sysvol directory to the new Windows 2008 server.

I have tried forcing replication by stopping the ntfrs & netlogon services and setting the D4 & D2 flags in the registry on the appropriate servers and restarting both of those services. (http://support.microsoft.com/kb/315457)

The sysvol and netlogon network shares are both present on the Windows 2008 server.

We are using Bind 9 for our internal DNS but both of the servers have dns running on them. The Windows 2000 server points to Bind 9 server for primary and itself for secondary. The Windows 2008 server points to the same Bind 9 server for primary and itself for secondary.

Also note: I did not move any of the schema roles over to the Windows 2008 R2 server.

When I run 'dcdiag' on the W2008 server all test pass and I only get errors that there are issues in the event log that have to do with GPO's:

The processing of Group Policy failed. Windows attempted to read the file \mydomain.com\sysvol\mydomain.com\Policies{GUID removed}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: An error event occurred. EventID: 0x00000422

Any suggestions would be greatly appreciated!!!

-mike

Mike Gargano
  • 141
  • 1
  • 2
  • 4
  • 3
    Do the BIND servers hold the `_msdcs` and other AD specific zones? If not - your DCs shouldn't be configured to use them for DNS. – MDMarra Nov 18 '13 at 18:21
  • Please share with us the *exact* sequence of steps you executed in order to prepare the domain for the 2008R2 DC. – Ryan Ries Nov 18 '13 at 18:25
  • So the SYSVOL and NELOGON shares exist? Those shares shouldn't exist until the contents have fully replicated. Note that I'm not talking about the folders themselves, they will exist but they aren't shared until replication of the contents has completed. – joeqwerty Nov 18 '13 at 18:34
  • What happens if you try browsing manually from one dc to the others sysvol and the path which fails in the event log? (Then in the opposite direction) – ErikE Nov 18 '13 at 18:35
  • The BIND servers hold all of the correct _msdcs records and zones. – Mike Gargano Nov 18 '13 at 18:40
  • Domain prep 1. adprep32 /domainprep 2. adprep32 /forestprep 3. Added active directoey server role to Win 2008 R2 server. Also the Netlogon and sysvols shares can be accessed fro either to server to the other. – Mike Gargano Nov 18 '13 at 18:46
  • Let me add the the Windows 2008 R2 Server is in a different subnet than the W2k server. – Mike Gargano Nov 18 '13 at 19:02
  • You should have done /forestprep first and then waited for the changes to replicate throughout the forest. Also, you need to do a /gpprep. – Ryan Ries Nov 18 '13 at 20:07

2 Answers2

1

I don't think you can go 2000>2008R2

You have to go to 2003 first and upgrade the domain to be all 2003 first

There is a post here: http://stevejenkins.com/blog/2010/01/migrating-an-active-directory-domain-controller-from-windows-2000-to-windows-2008-r2/

Which shows a possible alternative.

sircles
  • 9
  • 1
  • Pretty sure you're wrong. Do you have a source for saying that you can't add a Server 2008 R2 DC to a Windows 200 FL domain? I'd test it out myself, but that would involve digging up and dusting off a Windows Server 2000 ISO. – HopelessN00b Feb 11 '14 at 12:35
  • It's a long long time ago but I remember running into trouble doing that. Maybe it is something that can be done provided you do all the right things, but I remember having issues. – ETL Mar 13 '14 at 18:33
0

I would run a repadmin /syncall using the correct syntax, and see if that doesn't report an error, or at least a more detailed success message. Also you can check the update sequence number (USN), and view unreplicated changes with various switches via repadmin. I recommend running from the 2008 R2 server so you don't need to bother with the Windows 2000 Resource Kit.

Repadmin Examples http://technet.microsoft.com/en-us/library/cc773062%28v=ws.10%29.aspx

Justin Brown
  • 1
  • C:\>repadmin /syncall ad1.mydomain.com CALLBACK MESSAGE: The following replication is in progress: From: guid-ad2._msdcs.mydomain.com To : guid-ad1._msdcs.mydomain.com CALLBACK MESSAGE: The following replication completed successfully: From: guid-ad1._msdcs.mydomain.com To : guid-ad2._msdcs.mydomain.com CALLBACK MESSAGE: SyncAll Finished. SyncAll terminated with no errors. – Mike Gargano Nov 19 '13 at 13:21
  • C:\>repadmin /showutdvec . dc=mydomain,dc=com Repadmin: running command /showutdvec against full DC localhost Caching GUIDs. .. 2bf06b48-bf8d-47fd-934f-4ca5e37e072d @ USN 477973 @ Time (unknown) 718aa76b-fb7a-490b-ab89-2233639497e6 @ USN 30907 @ Time (unknown) 7ca13841-2a9f-4ad3-9648-de330b7f647b @ USN 16396 @ Time (unknown) Default-First-Site-Name\DC1 @ USN 10003170 @ Time (unknown) Default-First-Site-Name\DC1 @ USN 14546374 @ Time 2013-11-19 08:54:59 Default-First-Site-Name\DC2 @ USN 173618 @ Time 2013-11-19 08:55:21 – Mike Gargano Nov 19 '13 at 14:01