I. Backup the printer shares

From the source server:

execute printmig.exe > click Actions > backup… > choose a location to save the .cab file

The Print Migrator utility does it’s thing…

…and creates a .cab file which contains all the drivers, share names, etc. you will need to recreate these printer shares on another server.

II. Restore the printer shares

Copy the above mentioned .cab file to a location on the target server and run the Print Migrator utility:

execute printmig.exe >

click Action > Restore… > browse to the .cab file >

Open >

…and if you’re like me you’ll get this error:

WARNING: Kernel Mode Drivers (version 2) are blocked on the target machine. Disable Kernel Mode driver blocking and re-run Printer Migrator…

Select OK, then do this:

Start > Run > type gpedit.msc >

explore Computer Configuration > Administrative Templates > Printer > select Disallow installation of printers using kernel mode drivers >

select Properties > check Disabled >

OK >

…and restart the Print Migrator utility.

execute printmig.exe > click Action > Restore… > browse to the .cab file > Open

Make sure the printer shares have appeared on the target server.

see also:

• Microsoft Windows Server 2003 Print Migrator 3.1

Start > Programs > Administrative Tools > Active Directory Sites and Services >

double-click Sites > double-click your site name >

double-click Servers > click your domain controller > right-click NTDS Settings > Properties >

select the General tab > select the Global Catalog check box >

OK > restart this domain controller

see also:

• How to create or move a global catalog in Windows Server 2003, Windows 2000, or Small Business Server 2000

In my migration process from Windows 2000 Server domain controllers to Windows Server 2003, I transferred FSMO roles to the new servers.

You must be logged on to the target server with domain administrator privileges. Then, at a command prompt, do this:

ntdsutil

roles

connections

connect to server <servername>

q

transfer domain naming master

transfer infrastructure master

transfer pdc

transfer rid master

transfer schema master

see also:

• Windows 2000 Active Directory FSMO roles
• Flexible Single Master Operation Transfer and Seizure Process
• Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller

I. put WINS on the 2003 Server

1. install WINS on the 2003 Server

Start > Control Panel > Add or Remove Programs >

Components > Networking Services > Details

Subcomponents of Networking Services > Windows Internet Name Service (WINS) > OK >

Next > Continue >

Finish > Close.

2. point TCP/IP services at this WINS server

Start > Control Panel > Network Connections > Properties >

General > Internet Protocol (TCP/IP) > Properties > Advanced >

WINS > Add >

[put the ip address of the 2003 Server] > Add >

check ‘Enable NetBIOS over TCP/IP’

OK > Close.

3. check that this WINS Server appears within the WINS service

Start > Programs > Administrative Tools > WINS >

…and the 2003 Server name should appear here:

II. copy the WINS database from the Windows 2000 Server host to the Windows Server 2003 host

1. verify that this WINS server is not replicating

on the Windows 2000 Server-based host, open the WINS service and right click the server icon to stop any replication partners:

2. stop the WINS service on both servers

Start > Run > type ‘cmd’ > OK

type ‘net stop wins’ > ENTER

3. copy the WINS files

copy all files in %systemroot%System32Wins from the 2000 Server to the same location on the 2003 Server:

4. restart the WINS service on both servers

Start > Run > type ‘cmd’ > OK

type ‘net start wins’ > ENTER

III. set up a WINS replication partnership

I have to gradually phase out my old Windows 2000 Server from its WINS responsibilities. Because there are dozens of servers here whose IP settings were manually configured and point to the old server for WINS, I need to set up a replication partnership between the old and new WINS servers. This partnership will need to function until all clients, those receiving DHCP and those that are manually configured, are communicating with the new server.

set up a WINS replication partner in Windows 2000 Server (same for Windows 2003):

Start > Programs > Administrative Tools > WINS >

right-click the ‘Replication Partners’ node > New Replication Partner… >

enter the IP address of the other WINS server

There are 2 areas worth configuring: the push settings and the pull settings. By again right-clicking the ‘Replication Partners’ node and selecting ‘Properties’ you can get in to the settings for these 2 items. Push Replication is based on revision number while Pull Replication is based on time. Both are typically used.

you should see the replication partner appear, here:

…and on the Windows 2003 Server, the old WINS server will automatically appear:

Settings for Windows Server 2003 are the same as for Windows 2000 Server.

IV. change DHCP scope settings

it’s time to point DHCP clients at the new WINS server:

see also:

• How to migrate a WINS Database from Windows 2000-based WINS server to a Windows 2003-based WINS server
• Migrating WINS from Windows NT to Windows Server 2003

One notable difference between me and whoever documents technical procedures for Microsoft is that I work on Earth, for a company, and my implementation must not cause an explosion. We have a bunch of VLANs, managed by Cisco routers, that are configured with the ip helper-address command to ensure DHCP broadcasts are forwarded from clients to the DHCP server. I deviate from Microsoft’s generic recommendation for DHCP service migration in this way: I will move one VLAN at a time. This allows me to test things as I go, knowing both servers are handling at least some DHCP scopes, affecting as few clients as possible in the event of catastrophe, and giving myself a clear method for reversing my changes. Also, by adjusting the ip helper-address value on my core routers one VLAN at a time I am able to prevent the new and old DHCP servers from handing out addresses for the same subnet.

I. export the DHCP database from the Windows 2000 Server host

1. stop the DHCP service

command line: net stop dhcpserver

2. compact the DHCP data base

command line: cd c:winntsystem32dhcp

command line: jetpack dhcp.mdb temp.mdb

3. export the database

download, install, and run Microsoft’s DHCP Database Export Import Tool (dhcpexim.exe)

4. restart the DHCP service

command line: net start dhcpserver

II. import the DHCP database to the new Windows Server 2003 host

1. install the Windows DHCP component

Start > Control Panel > Add or Remove Programs > Add/Remove Windows Comonents > Netwoking Services >

Details >

Dynamic Host Configuration Protocol (DHCP) > OK > Next > Finish

2. import the database file

command line: netsh dhcp server import c:dhcpdb.txt all

3. authorize this DHCP server

before authorizing:

right-click the server object, then click Authorize

III. point the ip helper-address at the new DHCP server

existing configuration, pointing at the old DHCP server:

in Cisco IOS, use this command: ip helper-address 172.16.12.12

IV. confirm

I set my Vista laptop to retrieve an ip address from a DHCP server and plugged it in to a port on the VLAN we just set up…

have my laptop send a DHCP request on to this subnet…

command line: ipconfig /renew

and confirm on the new DHCP server that this address was handed out by the new server…

V. change DHCP lease duration

If you let Windows DHCP do it’s own thing, leases will automatically expire after 8 days. But if you want to speed things up, change the DHCP lease duration to something like 2 hours. At least then you’ll know sooner if something’s broken.

change DHCP lease duration in Windows 2000 Server:

Start > Programs > Administrative Tools > DHCP >

expand the server node you’re interested in > right click the scope whose lease you want to change > Properties > on the ‘General’ tab, in the ‘Lease duration for DHCP clients’ box, check ‘Limited to:’ and specify a time span

VI. turn on DHCP logging

Just in case any clients got left behind, check the DHCP log files for unexpected requests. Do this on the Windows 2000 Server for a couple weeks.

to turn on DHCP logging in Windows 2000 Server:

Start > Programs > Administrative Tools > DHCP >

on the ‘General’ tab, select ‘Enable DHCP audit logging’

Windows 2000 will write DHCP log files, one for each day of the week, to this directory: %systemroot%system32dhcp

see also:

• How to move a DHCP database from a computer that is running Windows NT Server 4.0, Windows 2000, or Windows Server 2003 to a computer that is running Windows Server 2003

• What’s in store when you migrate DHCP to Windows Server 2003

the program class:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading;
using System.Net.Mail;

namespace kopier
{
    class Program
    {
        const int maxThreads = 8;

        static void Main(string[] args)
        {
            DateTime startTime;
            int w, c;
            StringBuilder aggMsg = new StringBuilder();

            string[] lines = System.IO.File.ReadAllLines(@args[0]);

            ManualResetEvent[] doneEvents = new ManualResetEvent[lines.Count()];
            kopy[] kopArray = new kopy[lines.Count()];

            ThreadPool.SetMaxThreads(maxThreads, 100);
            ThreadPool.GetMaxThreads(out w, out c);

            Console.WriteLine("--------------------------------------------------------------------------------");
            Console.WriteLine("kopier");
            Console.WriteLine("--------------------------------------------------------------------------------");
            Console.WriteLine("Max threads: " + w + ", " + c);
            Console.WriteLine("Launching {0} jobs...", lines.Count());
            startTime = DateTime.Now;

            for (int i = 0; i < lines.Count(); i++)
            {
                doneEvents[i] = new ManualResetEvent(false);
                string[] switches = lines[i].Split(new char[]{','});
                string src = switches[0];
                string dst = switches[1];
                TimeSpan min = TimeSpan.FromMinutes(double.Parse(switches[2]));
                kopy k = new kopy(src, dst, min, doneEvents[i]);
                kopArray[i] = k;
                ThreadPool.QueueUserWorkItem(k.threadPoolCallback, i);
            }

            WaitHandle.WaitAll(doneEvents);
            Console.WriteLine("All jobs are complete.");

            aggMsg.Append("started: " + startTime.ToShortTimeString() + ", " + startTime.ToShortDateString() + "n");
            aggMsg.Append("finished: " + DateTime.Now.ToShortTimeString() + ", " + DateTime.Now.ToShortDateString() + "n");
            aggMsg.Append("duration: " + DateTime.Now.Subtract(startTime).ToString() + "r n");

            for (int i = 0; i < lines.Count(); i++)
            {
                kopy k = kopArray[i];
                Console.WriteLine("job({0}): {1}", k.srcDir, k.kopyMsg);
                aggMsg.Append("job(" + k.srcDir + "): " + k.kopyMsg + "r n");
            }

            sendMsg(aggMsg.ToString());
        }

        private static void sendMsg(string msg)
        {
            try
            {
                MailMessage email = new MailMessage();
                email.From = new MailAddress("results@kopy.int");
                email.To.Add(new MailAddress("elijahb@bargain.com"));
                email.Subject = "kopy results";
                email.Body = msg;
                SmtpClient client = new SmtpClient("172.16.12.25");
                client.Send(email);
            }
            catch (Exception e)
            {
                Console.WriteLine("Exception during email: {0}", e);
            }
        }
    }
}

the kopy class:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;

using System.Threading;
using System.Diagnostics;

namespace kopier
{
    class kopy
    {
        public kopy(string srcDir, string dstDir, TimeSpan timeMin, ManualResetEvent doneEvent)
        {
            _srcDir = srcDir;
            _dstDir = dstDir;
            _timeMin = timeMin;
            _doneEvent = doneEvent;
        }

        public void threadPoolCallback(object threadContext)
        {
            int threadIndex = (int)threadContext;
            _startTime = DateTime.Now;

            Console.Write("job {0} started..." +
                "n t job {0} source = " + _srcDir +
                "n t job {0} destination = " + _dstDir +
                "n t job {0} time limit = " + _timeMin.TotalMinutes.ToString() + " minutes" +
                "n", threadIndex);

            _kopyMsg = kopyAway(_srcDir, _dstDir, _timeMin);

            Console.Write("job {0} finished..." +
                "n t job {0} source = " + _srcDir +
                "n t job {0} destination = " + _dstDir +
                "n t job {0} duration = " + DateTime.Now.Subtract(_startTime).ToString() +
                "n", threadIndex);

            _doneEvent.Set();
        }

        private string kopyAway(string src, string dst, TimeSpan min)
        {
            string log = dst + @"rcLog(" + DateTime.Today.ToShortDateString().Replace('/', '-') + ").txt";
            string msg;
            Process p = new Process();

            if (System.IO.Directory.Exists(dst) != true)
            {
                System.IO.Directory.CreateDirectory(dst);
            }

            dst = dst + @"files";

            try
            {
                p.StartInfo.FileName = "ROBOCOPY";
                p.StartInfo.Arguments = '"' + src + '"' + " " + '"' + dst + '"' + " /MIR /W:10 /R:3 /NP /TEE /LOG+:" + '"' + log + '"';
                p.Start();

                do
                {
                    if (DateTime.Now.Subtract(p.StartTime) >= min)
                    {
                        p.Kill();
                        throw new Exception(buildOutput(src, dst, p.StartTime, DateTime.Now, "Failed: killed for exceeding max time."));
                    }
                    System.Threading.Thread.Sleep(500);
                } while (p.HasExited == false);

                msg = buildOutput(src, dst, p.StartTime, DateTime.Now, "Succeeded.");
            }
            catch (Exception e)
            {
                msg = e.Message.ToString();
            }
            finally
            {
                p.Dispose();
            }
            return msg;
        }

        private string buildOutput(string src, string dst, DateTime startTime, DateTime endTime, string result)
        {
            return result +
                "n t source: " + src +
                "n t destination: " + dst +
                "n t started: " + startTime.ToShortTimeString() + ", " + startTime.ToShortDateString() +
                "n t finished: " + endTime.ToShortTimeString() + ", " + endTime.ToShortDateString() +
                "n t duration: " + endTime.Subtract(startTime).ToString();
        }

        public string srcDir { get { return _srcDir; } }
        private string _srcDir;

        public string dstDir { get { return _dstDir; } }
        private string _dstDir;

        public TimeSpan timeMin { get { return _timeMin; } }
        private TimeSpan _timeMin;

        public string kopyMsg { get { return _kopyMsg; } }
        private string _kopyMsg;

        private ManualResetEvent _doneEvent;

        private DateTime _startTime;
    }
}

Part I – Configure Windows 2000 Server

1. Create a Console
start > in the run line, type ‘mmc’ >

OK >

In the Console1 window, click ‘Console’ > Add/Remove Snap-in… >

Add… > select ‘IP Security Policy Management’ >

Add > check next to ‘Local Computer’ >

Finish >

Close >

OK >

2. Create a New IP Security Policy
right click on ‘IP Security Policies on Local Machine’ > Create IP Security Policy >

Next >

Next > uncheck ‘Activate the default response rule.’ >

Next > check ‘Edit properties’ >

Finish > check ‘Use Add Wizard’ >

Add… >

Next > check ‘This rule does not specify a tunnel’ >

Next > check ‘All network connections’ >

Next > check ‘Use this string to protect the key exchange (preshared key):’ > choose a password and type it in the following field >

Next >

3. Create a New IP Filter List for this Security Policy
Add… >

check ‘Use Add Wizard’ > Add… >

Next > select ‘My IP Address’ from ‘Source address:’ list >

Next > select ‘A specific IP Address’ from ‘Destination address:’ list > type SERVER1′s IP address in the following field >

Next > select ‘Any’ from ‘Select a protocol type:’ list >

Next > uncheck ‘Edit Properties’ >

Finish >

Close > select the ‘IP Filter List’ you just made >

Next > check ‘Use Add Wizard’ >

4. Create a New Filter Action for this Security Policy
Add… >

Next >

Next > check ‘Negotiate security’ >

Next > check ‘Do not communicate with computers that do not support IPSec.’ >

Next > check ‘Custom’ > Settings… >

check ‘Data integrity and encryption (ESP):’ > select ‘SHA1′ from ‘Integrity algorithm:’ list > select ’3DES’ from ‘Encryption algorithm:’ list >

OK >

Next >

Finish > select the Filter Action you just made >

Next > uncheck ‘Edit Properties’ >

Finish >

Close >

right click the IP Security Policy you just made > Assign >

…and you’re done.
5. Test the Configuration
If you’re pinging SERVER1 when the security association comes up, you’ll see this:

However, you won’t see these replies until both ends are configured. The pings will change from ‘Negotiating IP Security’ to ‘Reply from …’ only after finishing the configuration on SERVER1, the Server 2003 host described in the next section of this document.
Use the built-in IP Security Monitor to verify a successful security association.
Start > type ‘ipsecmon’  >

OK >

This association will appear only after both ends are configured, both the Windows 2000 Server host discussed above and the Server 2003 host described below.

Part II – Configure Windows Server 2003

1. Create a Console
Start > Run > type ‘mmc’ >

OK >

In the Console1 window, click ‘File’ > Add/Remove Snap-in… >

Add… > select ‘IP Security Monitor’ >

Add > select ‘IP Security Policy Management’ >

Add > select ‘Local Computer’ >

Finish >

Close >

OK >

2. Create a New IP Security Policy
right click on ‘IP Security Policies on Local Machine’ > select ‘Create IP Security Policy’ >

Next >

Next > uncheck ‘Activate the default response rule.’ >

Next > check ‘Edit properties’ >

Finish > check ‘Use Add Wizard’ >

Add… >

Next > check ‘This rule does not specify a tunnel’ >

Next > check ‘All network connections’ >

Next >

3. Create a New IP Filter List for this Security Policy.
Add… > check ‘Use Add Wizard’ >

Add… >

Next > check ‘Mirrored. Match packets with the exact opposite source and destination addresses.’ >

Next > select ‘My IP Address’ from ‘Source address:’ list >

Next > select ‘A specific IP Address’ from ‘Destination address:’ list > type SERVER2′s IP address in the following field >

Next > select ‘Any’ from ‘Select a protocol type:’ list >

Next > uncheck ‘Edit properties’ >

Finish >

OK > select the ‘IP Filter List’ you just made >

Next > select ‘Use Add Wizard’ >

4. Create a New Filter Action for this Security Policy
Add… >

Next >

Next > check ‘Negotiate security’ >

Next > check ‘Do not communicate with computers that do not support IPSec.’ >

Next > check ‘Custom’ >

Settings… > check ‘Data integrity and encryption (ESP):’ > select ‘SHA1′ from ‘Integrity algorithm:’ list > select ’3DES’ from Encryption algorithm:’ list >

OK >

OK >

Next > uncheck ‘Edit properties’ >

Finish > select the Filter Action you just made >

Next > select ‘Use this string to protect the key exchange (preshared key):’ > choose a password and type it in the following field >

Next > uncheck ‘Edit properties’ >

Finish >

OK >

right click the IP Security Policy you just made > Assign >

…and you’re done.
5. Test the Configuration
You already set up SERVER2 so completing this configuration on SERVER1 will complete both ends of the security association. If you are pinging SERVER2 from SERVER1 as this association comes up, you will see this:

A successful association should be indicated under the ‘IP Security Monitor’ node.

see also:

• Step-by-Step Guide to Internet Protocol Security (IPSec)
• SolutionBase: Discover the new IPSec features in Windows Server 2003