Easy way to upgrade 2003 domain controller to server 2012 3

[BlueTube]

Hi there server experts,
We currently have two Windows Server 2003 domain controllers in our network. I’m looking to buy two new servers and install Server 2012 Standard on them and then make these 2 new servers the domain controllers and retire the old 2003 domain controllers. Can I just install A/D on the new server 2012 boxes, add them as additional Domain Controllers then eventually remove the old 2003 servers? How easy/simple is this process? Any thoughts or ideas?

 

[ShackDaddy]

For someone with experience, this could probably be done in an hour, once the 2012 servers were IP'd, online and joined to the domain. This would be my process:

1. Validate healthy replication/configuration on the two existing DC's. Resolve issues.
2. Check win2003 DCs for a certificate authority and save\export\backup data from it.
3. Add AD and DNS roles to the 2012 servers and run DCPROMO on those servers.
4. Verify replication using REPADMIN
5. Migrate the FSMO roles from the current role-holder to one of the 2012 servers.
6. Change internal DHCP scopes to point to the new 2012 servers for DNS. Remove WINS data from scope options config.
7. Re-validate AD health using DCDIAG.
8. Run DCPROMO on the Win2003 DC's.
9. Verify schema and NTFRS replication and health.
10. Keep an eye out for internal servers that may be hardcoded with the old servers for DNS/AD/LDAP lookups, and change their settings to point to the new IPs.



Dave Shackelford
ThirdTier.net
TrainSignal.com

 

[BlueTube]

Thanks so much for your help

 

[58sniper]

Also, see my 2008 R2 FAQ for moving to a domain controller. A lot of the steps still apply.
faq1674-7371

Do you have your Tek-Tips.com Swag? I've got mine!

Stop by the new Tek-Tips group at LinkedIn.

 

[netometer]

Hi,

It seems that you've been running these 2003 DC for quite a while.

IMHO, the plans suggested above are fine, but I wouldn't add in advance the DNS role to the new 2012 DC. This is done automatically during the second phase - Domain Controller configuration/promotion. Actually, it is important to wait until a successful replication occurs between the the 2003 and 2012 DC, before you change the DNS settings in the 2012. Pointing them earlier to themselves as a DNS might result in failure to create the SYSVOl and NETLOGON shares.

As you've been running this domain for years, it is really important to:
1. Perform extensive AD health check, before you proceed with the schema extension and upgrade.
2. Validate the 2012 DC promotion, before you move the FSMO roles and decommission the old 2003 DC.

Here are a couple of common issues:
1. Make sure the Domain Forest level is 2003. Even though you have 2003 DC, it is quite possible that you are still running at the default 2000 level.
2. Examine carefully the Netdiag and DCDiag logs (if necessary use the debug switch /d for more info).
3. Make sure that the SYSVOL and NETLOGON shares has been created successfully on the new 2012 DC.
3. Don't forget to change the w32time service settings on both the old and new PDC after moving the FSMO roles.

You might find helpful the following, slightly more detailed plan (the focus is on pre and post upgrade checks):


Dean

http://www.netometer.com/blog

 

[ShackDaddy]

Thanks for the additional valuable information, Dean.

Dave Shackelford
ThirdTier.net
TrainSignal.com