2003 DC AD upgrade to 2008 on second server migration plan

active-directorymigrationwindows-server-2003windows-server-2008

SUMMARY

Writing a plan to prepare for a 2003 to 2008 active dir upgrade. 2003 AD exists on a single domain controller and has been upgraded to 2003 functionality. I have add a new 2008 Standard R2 server as a member server.

note: Exchange 2007 installed on an additional member server in this 2003 ad domain.

Upgrade plan to date is copied below , i have executed everything fine to date and stopped at ADPREP as i want to ensure the DC is patched and rebooted before proceeding.

Been having a few problems finding enough information for my exact configuration and have been building it peice meal from multiple sources.

This article provided some info , my questions related to what to do after this. Please see below. http://www.winserverhelp.com/2010/05/windows-server-2008-r2-migration-guide-replacing-existing-domain-controllers/

UPGRADE PLAN

0.Backup System state on existing 2003 DC

1.Install 2008 on new server

2.Install DNS and confirm its working

3.Patch server with all updates 2003 & 2008

4.On 2003 upgrade domain level to 2003

5.On 2003 upgarde forrest level to 2003

6.On 2003 Verify Domain and Forest Levels are full Windows Server 2003 and not Mixed/Interim

7.On 2003 regedit \system\currentcontorlset\services\NTDS\parameter (schema version 30 then
44 after adprep)

8.Verify the fsmo roles of all domain controllers. Use netdom /query fsmo

9.Copy adprep directory from Windows 2008 Server Media to 2003DC

10.On 2003 run DCDIAG in cmd to check AD health (all passed)

11.Run adprep to prepare 2003 Active Directory environment for 2008.

-Adprep32.exe /forestprep

-Adprep32.exe /domainprep

-Adprep32.exe /domainprep /gpprep

-Adprep.exe /rodcprep (edited to add this. Have a DMZ so may need a read only DC)

(I understand these can be run during business hours)

note: adprep32.exe used as existing dc is 32 bit and new 2008 server R2 obviously 64 bit

12.Log on to the new server as an admin.

13.Launch the Server Manager.

14.Select the Roles node in the Server Manager.

15.Click Add Roles and then click Next.

16.Select the Active Directory Domain Services checkbox and then click Next. Note that   .NET Framework 3.5.1 is required and  if prompted to install click Add Required Features.

17.Click Next in the Introduction screen.

18.Click Install, this will install the binaries required for the server to become a domain
controller.

19.Click Close in the Installation Results screen.

20.In  Server Manager , expand the Roles node and then select the Active Directory Domain
Services node.

21.In the Summary section, click  Run the Active Directory Domain Services Installation
Wizard (dcpromo.exe).

22.Click Next in the Welcome screen.

23.Select the Existing Forest option.

24.Select  Add a Domain Controller to an Existing Domain   and then click Next.

25.Enter the name of the domain.

26.Click Set to specify alternative credentials to use for the operation.

27.Enter the credentials of a domain admin in the target domain, and then click OK.

28.Click Next.

29.Select the domain for the new domain controller and then click Next.

30.Select a site for the domain and then click Next.

31.Select the Additional Domain Controller Options (these are DNS Server and Global
Catalog by default).  Click Next.

32.Click Yes if  a DNS Delegation warning dialog box appears.

33.Select the locations for the log files, database, and the SYSVOL, and then click Next.

34.Enter the Directory Services Restore mode administrator password and  click Next.

35.Review the summary  and  click Next. The   wizard will now create the domain controller
and replicate the Active Directory database.

36.Click Finish.

37.Click Restart Now to reboot the new domain controller

QUESTIONS

1)So after the above is done. Do i still need to transfer the FSMO roles to the new 2008 DC or is this completed as part of the upgrade.

2)I would then want to Demote the 2003 server from DC role. Do i use DC promo tool ? this server will remain as a member server.

3)Any other critical points i have missed from this plan above ? exchange prep for example.

Thank you for any advice.
Scott

EDITED to explain i plan to demote the existing W2k3 DC hence transferring roles to new DC.

Some good info here too:

http://www.pbbergs.com/windows/articles/Upgrading_Active_Directory_from_2003_to_2008.htm

EDITED TO ADD RODCPREP
-Adprep.exe /rodcprep (edited to add this. Have a DMZ so may need a read only DC)

upgrade went without a problem.

Best Answer

Make sure you are using the version of adprep from 2008 R2. It should be run on the schema master and infrastructure master for the domain for /forestprep and /domainprep respectively. Win2008 R2 is 64bit, but it also has a 32bit version of adprep if you need it. (ADPREP32) Yes, it can be run during business hours, and I have never seen them take more than a few seconds to do their jobs.

  1. Run adprep /forestprep. Wait for schema changes to replicate.
  2. Run adprep /domainprep. Wait for replication.
  3. Don't mess with domain and forest functional levels yet.
  4. DCPROMO your Win2008R2 box alongside your existing DCs.
  5. Transfer FSMO roles to it if you wish.
  6. Begin decomissioning your old DCs by first demoting them with DCPROMO.
  7. You're done. Your domain and forest functional levels are still at 2003, you simply have a 2008 R2 machine for a domain controller. (You didn't specify exactly what your DFL and FFL was so I assumed.)

Answering your questions:

  1. You need to transfer the roles manually as per my instructions above, that is, if your intent is to let the new 2008R2 DC have the FSMOs.

  2. Yes, DCPROMO should be all that is required to demote a domain controller. If something goes wrong trying to demote it though you'll have to perform a metadata cleanup. (Not hard.)

  3. After all of your old DCs are gone and you have only 2008R2 DCs in your forest, you can start thinking about raising the FFL and DFL.

Related Topic