Migrate Active Directory from Windows Server 2003 to 2012 R2: Preparing Windows Server and Active Directory

Support for Windows Server 2003 ends in July 2015, so if you haven’t already started planning to migrate to Windows Server 2012 R2, now is the time. In this new article series, I’ll walk you through making the change to a Windows Server 2012 R2 domain, including handling DHCP and DNS, starting with updating Windows Server 2003, and preparing the domain so that a Windows Server 2012 R2 domain controller (DC) can be added.

Migrating Active Directory from Windows Server 2003 to Server 2012 R2 Article Series

• Part 1: Preparing Windows Server and Active Directory
• Part 2: Install AD and Transfer FSMO Roles
• Part 3: Migrate DHCP, Remove Windows Server 2003, and Raise Functional Levels

Before planning how to retire Windows Server 2003, I recommend reading Migrating From Windows Server 2003: Getting Started on the Petri IT Knowledgebase. This article includes important information on the technical issues and upgrade paths available and a section dedicated to the migration options for domain controllers. Once you’ve formulated the best way to replace Windows Server 2003 domain controllers in your environment, you should adapt the instructions below and test them in a pre-production lab.

Upgrade to a Windows Server 2012 R2 Domain

For the purposes of this article, my environment consists of a single Windows Server 2003 domain (ad.contoso.com), with one DC (dc1) running Active Directory integrated DNS and DHCP. This is a typical scenario for small businesses that can’t afford the luxury of two physical servers or virtualization.

I’m going to add a Windows Server 2012 R2 DC (newDC) to the existing domain, decommission the Windows Server 2003 DC, and then raise the domain and forest functional levels to Windows Server 2012 R2. If your domain has more than one DC, or your server is running roles other than DHCP and DNS, I’ve made notes along the way where you may need to consider taking extra steps for a successful transition.

An alternative to this method is to use Microsoft Active Directory Migration Tool (ADMT), which copies AD objects to a new domain, synchronizes passwords, and updates user profiles on end-user devices. Although this method is more complicated, it can be useful if you need to restructure AD as part of the migration process.

Preparing the Domain

Before Windows Server 2012 R2 DCs can be added to the existing Windows Server 2003 domain, you will need to meet some prerequisites and perform a few recommend health checks.

Update Windows Server 2003

First let’s check that Windows Server 2003 is running Service Pack 2. Log in to the Windows Server 2003 DC with a domain administrator account, and following the instructions below:

• Click Start, and select Run… from the Start menu.
• In the Run box, type winver and press ENTER.

The About Windows dialog will be displayed, showing the installed build and service pack. If Service Pack 2 isn’t installed, you can download it for Windows Server 2003 32-bit edition.

Now check to make sure any additional updates have been installed:

• Click Start, and select Command Prompt from the Start menu.
• In the command prompt window, type wuauclt /detectnow and press ENTER.

If there are any available updates, a yellow shield will appear in the system tray. Double click it and follow the instructions for installing the available updates. You may need to wait a few minutes for the icon in the system tray to be updated.

Domain and Forest Functional Levels

Windows Server 2012 R2 DCs can only be added to a domain when the forest and domain functional levels are set to Windows Server 2003 or higher. So let’s check the forest and domain functional levels on the Windows Server 2003 DC:

• Go to Administrative Tools on the Start menu, and click Active Directory Domains and Trusts.
• Right click your domain in the left pane, and select Properties from the menu.

In the Properties dialog, check the Domain functional level and Forest functional level. If they are set to anything other than Windows Server 2003, continue with the instructions below. Remember that raising the domain and forest functional levels is an irreversible operation.

• To raise the domain functional level, right click your domain in the left pane of Active Directory Domains and Trusts, and select Raise Domain Functional Level from the menu.
• In the Raise Domain Functional Level dialog, select Windows Server 2003 from the drop-down menu, and then click Raise.
• Click OK to start the operation.
• Click OK again to confirm the operation has completed.

If you have more than one domain in your forest, they will all need to be at the Windows Server 2003 domain functional level, before the forest functional level can be raised.

• Right click Active Directory Domains and Trusts in the left pane of Active Directory Domains and Trusts console, and select Raise Forest Functional Level from the menu.
• In the Raise Forest Functional Level dialog, select Windows Server 2003 from the drop-down menu and click Raise.
• Click OK to start the operation.
• Click OK again to confirm the operation has completed.

Active Directory Health

DCdiag is part of the Windows Server 2003 support tools, which can be downloaded here and allows you to check the health of Active Directory. Before adding Windows Server 2012 R2 DCs to your domain, I recommend that you run this tool to make sure that the domain passes all the basic tests. Any significant problems, including those connected to replication, will show up in the results.

• To run dcdiag, open a command prompt, type dcdiag and press ENTER.
• Check that the DC passed each test.

In the next part of this series, we’ll install Active Directory on Windows Server 2012 R2, add it to the domain, transfer the five Flexible Single Operation Master (FSMO) roles to the new DC, remove the Windows Server 2003 DC as a Global Catalog (GC) in the domain, and configure the new DC to use its own DNS server for name resolution.