How to transfer the users from one server to another server

techcoor 1,251 Reputation points
2021-06-06T23:01:42.377+00:00

I am working on moving from from DC1 to DC3.

When I do a gpresult /v I still see the user settings showing

Group Policy was applied from: DC1

How do I make the change to get the Group Policy to apply from DC3?

The domain is the same for both DC1 and DC3

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,708 questions
0 comments No comments
{count} votes

Accepted answer
  1. Fan Fan 15,326 Reputation points Microsoft Vendor
    2021-06-07T00:59:52.56+00:00

    Hi,

    Based on my understanding, there are 2 DCs (DC1 and DC3) in your domain, right?

    Do you mean you want to demoted DC1 and remove it from Domain, but the policies sitll show applied from DC 1?
    Or both the DCs (DC1 ,DC3) are working well, you just want the policies apply from DC3

    If you mean you demoted DC1 and remove it from Domain, but the policies still show applied from DC 1? You can confirm the following steps

    If there are FSMO roles in the DC1, you may try to transfer the FSMO role first:
    https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/view-transfer-fsmo-roles

    For how to demote one DC, you can refer to:
    https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/demoting-domain-controllers-and-domains--level-200-

    If the DC1 was not demoted successfully, we need to perform a metadata cleanup.
    https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup
    Then, the client will apply policies from DC3 since DC1 is not existing anymore.

    If both the DCs (DC1, DC3) are working well, you just want the policies apply from DC3, you can try to confirm the site configuration.
    Did the 2 DCs are in the same site or different sites?
    If in different sites, the user or computers will find the DC in the same site.
    If in the same site, the user or computers will apply policies randomly.
    The process is allowing the computers on the network to find the closest domain controller to retrieve the Group Policy information from SYSVOL. This behavior is to load balance and synchronize fault tolerant between domain controllers.
    Following link for your reference:
    https://social.technet.microsoft.com/Forums/windows/en-US/a23d914c-6998-4107-af3d-db2d380693d1/change-the-server-group-policy-was-applied-from?forum=winserverGP

    If i misunderstand you, please feel to let me know.

    Best Regards,

    0 comments No comments

6 additional answers

Sort by: Most helpful
  1. techcoor 1,251 Reputation points
    2021-06-09T21:45:35.143+00:00

    DC1 was not removed. The users files are still directed to DC1. The folder redirection is not working.

    I will take the last two commands first on DC3
    The Repadmin /showrepl >C:\repl.txt shows successful.
    Repadmin /showreps * LDAP error 81 (Server Down) Win32 Err 58.
    My guess this is referencing Windows Server 2008 that I thought was removed.
    Dcdiag /v >c:\dcdiag1.log

    The DFS Replication service has detected that the staging space in use for the replicated folder at local path Location is above the high watermark. The service will attempt to delete the oldest staging files. Performance may be affected. This is old. I already changed the staging size.
    The DFS Replication service has been repeatedly prevented from replicating a file due to consistent sharing violations encountered on the file. The service failed to stage a file for replication due to a sharing violation. Also old
    he DFS Replication service is stopping communication with partner DC1 for replication group Domain System Volume due to an error. The service will retry the connection periodically Also old

    DC1 has lots of following:
    No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this.

    Locator Flags: 0xe003f1fc
    Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355

         A Primary Domain Controller could not be located.
    
         The server holding the PDC role is down.
    

  2. techcoor 1,251 Reputation points
    2021-06-07T01:40:02.79+00:00

    DC1 and DC3 are in the same domain
    I am trying to move from DC1 to DC3.
    FMSO roles are transferred to DC3.

    This is related to the After a migration the data keeps going to the old server
    The question is too vague and I believe abandoned.
    The more specific problem is that the folder redirection is going to the old server DC1 with the GPO saying the location is DC3. The map drive GPOs work.

    There is a reference to this problem on the Internet.
    My Documents folder redirection stuck on old location

    fixed the problem with the help of Reddit :)
    https://community.spiceworks.com/topic/104283-my-documents-folder-redirection-stuck-on-old-location

    After running gpresult /v, I found out that workstations were still looking to the old DC to obtain group policy info. The gpresult showed the gpupdate I had just performed but showed that it had refreshed from the old server (which is impossible since that server isn't online).
    Finally I specified the DNS server in the workstation's network connection, flushed dns, and did another gpupdate. After a restart all proper policies were in place and folder redirections were working!

    The problem I have is that this fix is for one workstation.

    https://techwiser.com/check-your-dns-server/
    ipconfig /all | findstr "DNS\ Servers" gives DC1 where I want DC3.

    Changing Primary DNS server
    https://community.spiceworks.com/topic/860179-changing-primary-dns-server

    I think this isn't a DNS issue but rather a DHCP issue. Before going further let me state, as others have said, do not use an external DNS server.
    The next question is what is your DHCP server? If it is a Windows server then open the DHCP management tool. Connect to your DHCP server by right clicking on the root object labeled "DHCP" then choosing Manage Authorized Servers. Choose the correct DHCP sever you are managing.
    Once it has loaded, expand the tree down to the following IPv4 -> Scope -> Scope Options. Select DHCP Option 006 (DNS Servers) and remove the old server and add the new one.
    Go back to your workstation, do a release and renew.

    Changed the order of the DNS servers to DC3 and DC2 on DC1, DC2, DC3.

    ipconfig /all | findstr "DNS\ Servers" gives DC1 where I want DC3.


  3. techcoor 1,251 Reputation points
    2021-06-10T01:24:19.437+00:00

    DC1, DC2, DC3
    I copied all data from DC1 to DC3, ran FSMO to transfer from DC1 to DC3, changed the location pointed to by map drive and folder redirection to point to DC3, moved DSFR from DC1 to DC3.

    Currently, data files are directed to DC3 and user documents, desktop and favorites are directed to DC1.


  4. techcoor 1,251 Reputation points
    2021-06-10T14:08:20.01+00:00

    Select Server Manager, Tools, Group Policy Management, Group Policy Objects Folder. Right click Redirection gpo. Select Edit, User Configuration, Policies, Windows Settings, Folder redirection, Right click Desktop. Select Properties. Root was changed to point to DC3 but redirection is still to DC1.

    Moved DSFR is short cut for saying delete replication group on DC1 and create replication group on DC3.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.