Announcement

Collapse
No announcement yet.

Upgrading Windows Server 2003 domain controller to 2012 R2

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Upgrading Windows Server 2003 domain controller to 2012 R2

    Hi All,

    Can someone please let me know what steps and checklist are necessary to successfully upgrade/migrate the active directory domain controller which is now on Windows Server 2003 into Windows Server 2012 R2 ?

    and what are the impact to the existing Exchange Server and the FSMO role to the user ?

    Thanks.

  • #2
    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

    Assuming new server hardware:
    Install 2012R2 Server
    Join domain
    On current DC, run ADPrep with correct switches to upgrade schema
    On 2012R2 server install AD-DS role
    Promote to DC, add DNS if needed
    Reboot etc
    Confirm all AD objects have replicated
    On 2003DC, run DCPromo to remove DC role
    FSMOs should transfer automatically
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Upgrading Windows Server 2003 domain controller to 2012 R2

      Originally posted by Ossian View Post
      Assuming new server hardware:
      Install 2012R2 Server
      Join domain
      On current DC, run ADPrep with correct switches to upgrade schema
      On 2012R2 server install AD-DS role
      Promote to DC, add DNS if needed
      Reboot etc
      Confirm all AD objects have replicated
      On 2003DC, run DCPromo to remove DC role
      FSMOs should transfer automatically
      Hi Ossian,

      Do I need to do the following ADPrep command on the following roles:

      Code:
      Command	                                   Domain Controller
      adprep.exe /forestprep	            Schema Master
      adprep.exe /domainprep	            Infrastructure Master
      adprep.exe /domainprep /gpprep    Infrastructure Master

      Comment


      • #4
        Re: Upgrading Windows Server 2003 domain controller to 2012 R2

        Originally posted by Albertwt View Post
        Hi Ossian,

        Do I need to do the following ADPrep command on the following roles:

        Code:
        Command	                                   Domain Controller
        adprep.exe /forestprep	            Schema Master
        adprep.exe /domainprep	            Infrastructure Master
        adprep.exe /domainprep /gpprep    Infrastructure Master
        http://blogs.msmvps.com/mweber/2012/...s-server-2012/

        Typically you do as much as possible on your schema master, at least that's what I have done in the past.

        Comment


        • #5
          Re: Upgrading Windows Server 2003 domain controller to 2012 R2

          Thanks guys,

          What about the FSMO role placement ?

          Do I have to keep some of the FSMO role in the head office DC/GC or can I just put them all in the DC/GC servers in my primary production Data Center ?

          Comment


          • #6
            Re: Upgrading Windows Server 2003 domain controller to 2012 R2

            We need more information on structure of the environment
            The first domain in the forest needs all 5 FSMOs, additional domains need 3 of them

            When you unPromo a FSMO holder, FSMOs will be transferred but no control over where. If you want to, transfer the FSMOs to a specified DC (or several) before unpromoting the original holder

            As to where, that's up to you, but I would keep them in the location with the most other servers and especially other DCs
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: Upgrading Windows Server 2003 domain controller to 2012 R2

              http://support.microsoft.com/kb/223346

              http://www.windowsdevcenter.com/pub/...6/15/fsmo.html

              They should help.

              Comment


              • #8
                Re: Upgrading Windows Server 2003 domain controller to 2012 R2

                Originally posted by Ossian View Post
                We need more information on structure of the environment
                The first domain in the forest needs all 5 FSMOs, additional domains need 3 of them

                When you unPromo a FSMO holder, FSMOs will be transferred but no control over where. If you want to, transfer the FSMOs to a specified DC (or several) before unpromoting the original holder

                As to where, that's up to you, but I would keep them in the location with the most other servers and especially other DCs
                Hi Ossian,

                This environment will be just single AD domain, most of the Tier-1 production servers (Exchange, SCCM, SharePoint, SQL Servers, etc...) are all in the Data Center, while the Office building only got server room with Domain Controllers/Global Catalog serving as DNS and DHCP only.

                Do I still need to place some of the FSMO role in the office building or I can just spread those five FSMO role in the two Domain Controllers/Global Catalog in the Data Center ?

                Comment


                • #9
                  Re: Upgrading Windows Server 2003 domain controller to 2012 R2

                  Hi Wullieb1,

                  Does transferring the FSMO role from Windows Server 2003 DC into Windows Server 2008R2 or 2012 R2 is supported procedure ?

                  Comment


                  • #10
                    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

                    Considering Windows 2003 Server's EOL is 14 July 2015, what do you think?
                    1 1 was a racehorse.
                    2 2 was 1 2.
                    1 1 1 1 race 1 day,
                    2 2 1 1 2

                    Comment


                    • #11
                      Re: Upgrading Windows Server 2003 domain controller to 2012 R2

                      Originally posted by biggles77 View Post
                      Considering Windows 2003 Server's EOL is 14 July 2015, what do you think?
                      Yes it is supported at the very last day I guess.

                      so to transfer the FSMO role is it just using the normal ADSIedit ?

                      Comment


                      • #12
                        Re: Upgrading Windows Server 2003 domain controller to 2012 R2

                        Transferring FSMO Roles
                        1 1 was a racehorse.
                        2 2 was 1 2.
                        1 1 1 1 race 1 day,
                        2 2 1 1 2

                        Comment


                        • #13
                          Re: Upgrading Windows Server 2003 domain controller to 2012 R2

                          Originally posted by Albertwt View Post
                          Yes it is supported at the very last day I guess.

                          so to transfer the FSMO role is it just using the normal ADSIedit ?
                          4 can be transferred using the standard AD tools - 3 via ADUC and 1 via domains and trusts. The last (and to my shame I cant remember which ) needs ADSIEDIT or NTDSUTIL - plenty of stuff online

                          Remember replication time once you have made changes!
                          Tom Jones
                          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                          PhD, MSc, FIAP, MIITT
                          IT Trainer / Consultant
                          Ossian Ltd
                          Scotland

                          ** Remember to give credit where credit is due and leave reputation points where appropriate **

                          Comment


                          • #14
                            Re: Upgrading Windows Server 2003 domain controller to 2012 R2

                            Originally posted by Ossian View Post
                            4 can be transferred using the standard AD tools - 3 via ADUC and 1 via domains and trusts. The last (and to my shame I cant remember which ) needs ADSIEDIT or NTDSUTIL - plenty of stuff online

                            Remember replication time once you have made changes!
                            Schema Master is transferred using the Schema Management Snap-in - no need for ADSIEDIT or NTDSUTIL but the snap-in DLL does need to be registered before it can be used. Domain Naming Master is the one done in Domains and Trusts, RID, Infrastructure and PDC Emulator are all in ADUC. You can transfer using NTDSUTIL I think, as well as seize, but I tend to use the GUI personally. I try to avoid using ADSIEDIT as much as possible - it's too easy to make mistakes so unless it's something like an Exchange 2003 decommission that requires ADSIEDIT I'll avoid it.

                            Regarding placement, there is no particular requirement to distribute the FSMO Roles unless you want to - the only "rule" is that the Infrastructure Master should not be placed on a GC unless every one of your DCs is a GC.
                            BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
                            sigpic
                            Cruachan's Blog

                            Comment


                            • #15
                              Re: Upgrading Windows Server 2003 domain controller to 2012 R2

                              Transferring FSMO roles in 2012 with Powershell is super easy:
                              Code:
                              Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 0,1,2,3,4
                              And not that you need it but seizing is also easy:
                              Code:
                              Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 0,1,2,3,4 -force
                              Each number relates to a role. More info: http://social.technet.microsoft.com/...ontroller.aspx
                              Regards,
                              Jeremy

                              Network Consultant/Engineer
                              Baltimore - Washington area and beyond
                              www.gma-cpa.com

                              Comment

                              Working...
                              X