Upgrading Windows Server 2003 domain controller to 2012 R2

Home Forums Microsoft Networking and Management Services Active Directory Upgrading Windows Server 2003 domain controller to 2012 R2

This topic contains 22 replies, has 7 voices, and was last updated by tehcamel tehcamel 5 years ago.

Viewing 23 posts - 1 through 23 (of 23 total)
  • Author
    Posts
  • Avatar
    Albertwt
    Member
    #164423

    Hi All,

    Can someone please let me know what steps and checklist are necessary to successfully upgrade/migrate the active directory domain controller which is now on Windows Server 2003 into Windows Server 2012 R2 ?

    and what are the impact to the existing Exchange Server and the FSMO role to the user ?

    Thanks.

    Avatar
    Ossian
    Moderator
    #189954

    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

    Assuming new server hardware:
    Install 2012R2 Server
    Join domain
    On current DC, run ADPrep with correct switches to upgrade schema
    On 2012R2 server install AD-DS role
    Promote to DC, add DNS if needed
    Reboot etc
    Confirm all AD objects have replicated
    On 2003DC, run DCPromo to remove DC role
    FSMOs should transfer automatically

    Avatar
    Albertwt
    Member
    #317984

    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

    Ossian;287228 wrote:
    Assuming new server hardware:
    Install 2012R2 Server
    Join domain
    On current DC, run ADPrep with correct switches to upgrade schema
    On 2012R2 server install AD-DS role
    Promote to DC, add DNS if needed
    Reboot etc
    Confirm all AD objects have replicated
    On 2003DC, run DCPromo to remove DC role
    FSMOs should transfer automatically

    Hi Ossian,

    Do I need to do the following ADPrep command on the following roles:

    Command Domain Controller
    adprep.exe /forestprep Schema Master
    adprep.exe /domainprep Infrastructure Master
    adprep.exe /domainprep /gpprep Infrastructure Master[/CODE][CODE]Command Domain Controller
    adprep.exe /forestprep Schema Master
    adprep.exe /domainprep Infrastructure Master
    adprep.exe /domainprep /gpprep Infrastructure Master[/CODE]

    Avatar
    wullieb1
    Moderator
    #244887

    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

    Albertwt;287235 wrote:
    Hi Ossian,

    Do I need to do the following ADPrep command on the following roles:

    Command Domain Controller
    adprep.exe /forestprep Schema Master
    adprep.exe /domainprep Infrastructure Master
    adprep.exe /domainprep /gpprep Infrastructure Master[/CODE][/QUOTE]

    [url]http://blogs.msmvps.com/mweber/2012/07/30/upgrading-an-active-directory-domain-from-windows-server-2003-or-windows-server-2003-r2-to-windows-server-2012/[/url]

    Typically you do as much as possible on your schema master, at least that’s what I have done in the past.[CODE]Command Domain Controller
    adprep.exe /forestprep Schema Master
    adprep.exe /domainprep Infrastructure Master
    adprep.exe /domainprep /gpprep Infrastructure Master[/CODE]

    http://blogs.msmvps.com/mweber/2012/07/30/upgrading-an-active-directory-domain-from-windows-server-2003-or-windows-server-2003-r2-to-windows-server-2012/

    Typically you do as much as possible on your schema master, at least that’s what I have done in the past.

    Avatar
    Albertwt
    Member
    #317985

    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

    Thanks guys,

    What about the FSMO role placement ?

    Do I have to keep some of the FSMO role in the head office DC/GC or can I just put them all in the DC/GC servers in my primary production Data Center ?

    Avatar
    Ossian
    Moderator
    #189959

    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

    We need more information on structure of the environment
    The first domain in the forest needs all 5 FSMOs, additional domains need 3 of them

    When you unPromo a FSMO holder, FSMOs will be transferred but no control over where. If you want to, transfer the FSMOs to a specified DC (or several) before unpromoting the original holder

    As to where, that’s up to you, but I would keep them in the location with the most other servers and especially other DCs

    Avatar
    wullieb1
    Moderator
    #244888

    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

    http://support.microsoft.com/kb/223346

    http://www.windowsdevcenter.com/pub/a/windows/2004/06/15/fsmo.html

    They should help.

    Avatar
    Albertwt
    Member
    #317986

    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

    Ossian;287258 wrote:
    We need more information on structure of the environment
    The first domain in the forest needs all 5 FSMOs, additional domains need 3 of them

    When you unPromo a FSMO holder, FSMOs will be transferred but no control over where. If you want to, transfer the FSMOs to a specified DC (or several) before unpromoting the original holder

    As to where, that’s up to you, but I would keep them in the location with the most other servers and especially other DCs

    Hi Ossian,

    This environment will be just single AD domain, most of the Tier-1 production servers (Exchange, SCCM, SharePoint, SQL Servers, etc…) are all in the Data Center, while the Office building only got server room with Domain Controllers/Global Catalog serving as DNS and DHCP only.

    Do I still need to place some of the FSMO role in the office building or I can just spread those five FSMO role in the two Domain Controllers/Global Catalog in the Data Center ?

    Avatar
    Albertwt
    Member
    #317987

    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

    Hi Wullieb1,

    Does transferring the FSMO role from Windows Server 2003 DC into Windows Server 2008R2 or 2012 R2 is supported procedure ?

    Avatar
    biggles77
    Spectator
    #213367

    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

    Considering Windows 2003 Server’s EOL is 14 July 2015, what do you think? :smile:

    Avatar
    Albertwt
    Member
    #317988

    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

    biggles77;287289 wrote:
    Considering Windows 2003 Server’s EOL is 14 July 2015, what do you think? :smile:

    Yes it is supported at the very last day I guess.

    so to transfer the FSMO role is it just using the normal ADSIedit ?

    Avatar
    biggles77
    Spectator
    #213368

    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

    Transferring FSMO Roles

    Avatar
    Ossian
    Moderator
    #189962

    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

    Albertwt;287291 wrote:
    Yes it is supported at the very last day I guess.

    so to transfer the FSMO role is it just using the normal ADSIedit ?

    4 can be transferred using the standard AD tools – 3 via ADUC and 1 via domains and trusts. The last (and to my shame I cant remember which :oops:) needs ADSIEDIT or NTDSUTIL – plenty of stuff online

    Remember replication time once you have made changes!

    Avatar
    cruachan
    Participant
    #330711

    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

    Ossian;287297 wrote:
    4 can be transferred using the standard AD tools – 3 via ADUC and 1 via domains and trusts. The last (and to my shame I cant remember which :oops:) needs ADSIEDIT or NTDSUTIL – plenty of stuff online

    Remember replication time once you have made changes!

    Schema Master is transferred using the Schema Management Snap-in – no need for ADSIEDIT or NTDSUTIL but the snap-in DLL does need to be registered before it can be used. Domain Naming Master is the one done in Domains and Trusts, RID, Infrastructure and PDC Emulator are all in ADUC. You can transfer using NTDSUTIL I think, as well as seize, but I tend to use the GUI personally. I try to avoid using ADSIEDIT as much as possible – it’s too easy to make mistakes so unless it’s something like an Exchange 2003 decommission that requires ADSIEDIT I’ll avoid it.

    Regarding placement, there is no particular requirement to distribute the FSMO Roles unless you want to – the only “rule” is that the Infrastructure Master should not be placed on a GC unless every one of your DCs is a GC.

    JeremyW
    JeremyW
    Moderator
    #270939

    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

    Transferring FSMO roles in 2012 with Powershell is super easy:
    Move-ADDirectoryServerOperationMasterRole -Identity “Target-DC” -OperationMasterRole 0,1,2,3,4[/CODE]

    And not that you need it but seizing is also easy:
    [CODE]Move-ADDirectoryServerOperationMasterRole -Identity “Target-DC” -OperationMasterRole 0,1,2,3,4 -force[/CODE]

    Each number relates to a role. More info: [url]http://social.technet.microsoft.com/wiki/contents/articles/6736.move-transfering-or-seizing-fsmo-roles-with-ad-powershell-command-to-another-domain-controller.aspx[/url][CODE]Move-ADDirectoryServerOperationMasterRole -Identity “Target-DC” -OperationMasterRole 0,1,2,3,4[/CODE]

    And not that you need it but seizing is also easy:
    Move-ADDirectoryServerOperationMasterRole -Identity “Target-DC” -OperationMasterRole 0,1,2,3,4 -force[/CODE]

    Each number relates to a role. More info: [url]http://social.technet.microsoft.com/wiki/contents/articles/6736.move-transfering-or-seizing-fsmo-roles-with-ad-powershell-command-to-another-domain-controller.aspx[/url][CODE]Move-ADDirectoryServerOperationMasterRole -Identity “Target-DC” -OperationMasterRole 0,1,2,3,4 -force[/CODE]

    Each number relates to a role. More info: http://social.technet.microsoft.com/wiki/contents/articles/6736.move-transfering-or-seizing-fsmo-roles-with-ad-powershell-command-to-another-domain-controller.aspx

    Avatar
    Albertwt
    Member
    #317989

    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

    JeremyW;287413 wrote:
    Transferring FSMO roles in 2012 with Powershell is super easy:
    Move-ADDirectoryServerOperationMasterRole -Identity “Target-DC” -OperationMasterRole 0,1,2,3,4[/CODE]

    And not that you need it but seizing is also easy:
    [CODE]Move-ADDirectoryServerOperationMasterRole -Identity “Target-DC” -OperationMasterRole 0,1,2,3,4 -force[/CODE]

    Each number relates to a role. More info: [url]http://social.technet.microsoft.com/wiki/contents/articles/6736.move-transfering-or-seizing-fsmo-roles-with-ad-powershell-command-to-another-domain-controller.aspx[/url][/QUOTE]

    Yes it does looks easy. However, in my case I’m decommissioning the old Windows Server 2003 physical box domain controllers, so I guess I must do it the “classic” way.[CODE]Move-ADDirectoryServerOperationMasterRole -Identity “Target-DC” -OperationMasterRole 0,1,2,3,4[/CODE]

    And not that you need it but seizing is also easy:
    Move-ADDirectoryServerOperationMasterRole -Identity “Target-DC” -OperationMasterRole 0,1,2,3,4 -force[/CODE]

    Each number relates to a role. More info: [url]http://social.technet.microsoft.com/wiki/contents/articles/6736.move-transfering-or-seizing-fsmo-roles-with-ad-powershell-command-to-another-domain-controller.aspx[/url][/QUOTE]

    Yes it does looks easy. However, in my case I’m decommissioning the old Windows Server 2003 physical box domain controllers, so I guess I must do it the “classic” way.[CODE]Move-ADDirectoryServerOperationMasterRole -Identity “Target-DC” -OperationMasterRole 0,1,2,3,4 -force[/CODE]

    Each number relates to a role. More info: http://social.technet.microsoft.com/wiki/contents/articles/6736.move-transfering-or-seizing-fsmo-roles-with-ad-powershell-command-to-another-domain-controller.aspx

    Yes it does looks easy. However, in my case I’m decommissioning the old Windows Server 2003 physical box domain controllers, so I guess I must do it the “classic” way.

    Avatar
    wullieb1
    Moderator
    #244898

    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

    Albertwt;287426 wrote:
    Yes it does looks easy. However, in my case I’m decommissioning the old Windows Server 2003 physical box domain controllers, so I guess I must do it the “classic” way.

    Decommissioning properly should move the FSMO roles for you IIRC.

    Avatar
    Albertwt
    Member
    #317990

    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

    wullieb1;287428 wrote:
    Decommissioning properly should move the FSMO roles for you IIRC.

    Ah, so does this means that when I perform the graceful demotion using Start | run “dcpromo” in the Win200k old DC, the FSMO role would then be automatically transferred across the surviving DC ?

    is there any way to control it of which roles going to which DC or this is done automatically and intelligently ?

    tehcamel
    tehcamel
    Moderator
    #359874

    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

    Albertwt;287429 wrote:
    Ah, so does this means that when I perform the graceful demotion using Start | run “dcpromo” in the Win200k old DC, the FSMO role would then be automatically transferred across the surviving DC ?

    is there any way to control it of which roles going to which DC or this is done automatically and intelligently ?

    not through dcpromo
    but you can manually transfer the fsmo roles, see Biggles post earlier in this thread

    JeremyW
    JeremyW
    Moderator
    #270940

    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

    Albertwt;287426 wrote:
    Yes it does looks easy. However, in my case I’m decommissioning the old Windows Server 2003 physical box domain controllers, so I guess I must do it the “classic” way.

    If you have a 2012 DC then you can transfer the roles from any DC to any DC using the AD module on the 2012 DC. It doesn’t matter if the source is a 2003 DC.

    You can also choose specific roles to transfer. Look through the link I posted earlier if you want more info.

    But you can just dcpromo like others have been saying and be done with it. :)

    Avatar
    Albertwt
    Member
    #317991

    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

    ok, one last question.

    Suppose the previous server name is re used, but this time with newer OS and elected as the same Domain Controller Role, would that cause even more problem ?

    Avatar
    Ossian
    Moderator
    #189990

    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

    As long as you have properly demoted and removed the old DC (not a Metadata cleanup), introducing a new one with the same name will not cause you any problems

    Avatar
    Albertwt
    Member
    #317992

    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

    Ossian;287484 wrote:
    As long as you have properly demoted and removed the old DC (not a Metadata cleanup), introducing a new one with the same name will not cause you any problems

    Great. thanks for the clarification mate.

Viewing 23 posts - 1 through 23 (of 23 total)

You must be logged in to reply to this topic.