Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Question about upgrading to 2008 AD from 2003 1

Status
Not open for further replies.
3rik7

3rik7

IS-IT--Management
Nov 25, 2009
21
US
We are planning on upgrading our AD from 2003 to 2008. I've read (at least a dozen times) the instructions on how to do it found here -



We are going the "transition" route. Our current configuration is 6 DC's all running 2003.
DC1 - PDC. Resides in main office.
DC2 - Secondary DC in main office and DNS for main office as well as 3 other smaller offices.
DC3 - DC in one of the 3 smaller offices.
DC4 - DC in one of the 3 smaller offices.
DC5 - DC in one of the 3 smaller offices.
DC6 - main DC in large branch office. Also does DNS for large branch office.

My question is this - my plan was to install 2008 AD on new hardware (DC7). Transfer FSMO roles from DC1 to new DC7. Demote DC1. Assuming everything was working, over time, I would begin transitioning the other DC's from 2003 to 2008 by same method, minus the transferring of the FSMO roles.

Will this work? Can I have the PDC at 2008 (making the domain 2008) while having the other DC's (including the ones doing DNS) at the 2003 level and transition the 2003's out over time?

Any help would be appreciated.
Thanks in advance.
Erik
 
Sort by date Sort by votes
Upvote 0 Downvote
Yes, sorry. I meant PDC emulator or "the server that holds all the FSMO" roles.

Thanks for the response. I'll have a look at your FAQ.

Thanks again.
 
Upvote 0 Downvote
Hi Pat,

I have one additional question for you, for clarification purposes since I have realized that I was a little confused in my original post.

In my original post, I was confused about at which point the domain/forest level became 2008. I thought that transferring the FSMO roles was the step that brought the domain up to 2008 when I now realize that it's actually the following steps that do that:

Log on to the Domain Controller holding the PDC emulator FSMO role with a user account that is a member of the Domain Administrators group..
Open Active Directory Domains and Trusts.
In the console tree, right-click the domain for which you want to raise functionality, and then click Raise Domain Functional Level.
In Select an available domain functional level, click Windows Server 2008, and then click Raise.

That being said, I just want to verify that I can in fact raise the domain level to 2008 while still having the 2003 domain controllers as active DC's on the domain until I gradually demote and replace them with 2008 servers?

Thank you for your help.

 
Upvote 0 Downvote
To activate the newest domain features, all the domain controllers must be running the newest Windows Server operating system version in the domain. If this requirement is met, the administrator can raise the domain functional level.


Do you have your Tek-Tips.com swag? I've got mine! Pick some up at
Stop by the new Tek-Tips group at LinkedIn.
 
Upvote 0 Downvote
Ok. This is good to know because it was not how I understood it.

With this new information, it now appears that I have a new plan?

Going back to my original post, I have the following setup:

DC1 (2003)- PDC (Holder of FSMO roles). Resides in main office.
DC2 (2003)- Secondary DC in main office and DNS for main office as well as 3 other smaller offices.
DC3 (2003)- DC in one of the 3 smaller offices.
DC4 (2003)- DC in one of the 3 smaller offices.
DC5 (2003)- DC in one of the 3 smaller offices.
DC6 (2003)- main DC in large branch office. Also does DNS for large branch office.
DC7 (2008) - DC in main office. Does DNS/DHCP. Intended to be the new holder of FSMO roles.

New plan:
Build new hardware to replace DC's 2 through 6
Install 2008 and promote.
Demote DC's 2 through 6 (2003 servers)
Transfer FSMO roles from DC1 to DC7
Demote DC1
Raise domain/forest levels on DC7

Does that sound about right?

Thanks for your help.
 
Upvote 0 Downvote
You don't have to do that. You can add a 2008 DC and transfer the FSMO roles to it and be done. Only when you need to raise the DFL do all of the DCs need to be 2008.

However, I'd certainly put the DNS roles on all of the DCs in remote offices. And I'd put DHCP on another DC and split the duty there. That way, in an outage, you still have DHCP.

Do you have your Tek-Tips.com swag? I've got mine! Pick some up at
Stop by the new Tek-Tips group at LinkedIn.
 
Upvote 0 Downvote
Our ultimate objective is to, in fact, raise the domain level to 2008. It's what I've been asked to do by management.

In that case, it appears that all DC's must be 2008 in order for that to be done, correct?

Also, since the time of the original post I have installed DNS on the remote offices as you suggested and DHCP is currently being split in the main office between the old DHCP server (not a DC) and my new 2008 server.
 
Upvote 0 Downvote
Great. Thank you for your help and for your quick responses.
 
Upvote 0 Downvote
I meant PDC emulator or "the server that holds all the FSMO" roles.
Click to expand...

DC1 (2003)- PDC (Holder of FSMO roles).
Click to expand...

That's not what that means. There are 5 FSMO roles, and the PDC emulator is one of those 5 roles. Generally speaking, any DC can be assigned any of the FSMO roles, and they can easily be spread across multiple DCs.

________________________________________
CompTIA A+, Network+, Server+, Security+
MCTS:Windows 7
MCSE:Security 2003
MCITP:Server Administrator
MCITP:Enterprise Administrator
MCITP:Virtualization Administrator 2008 R2
Certified Quest vWorkspace Administrator
 
Upvote 0 Downvote
Yes, I understand. Thank you.
Both shops I've worked in have been very small domains (1 forest, 1 domain and 6 or fewer DC's). I've just gotten in the habit of calling the one DC that holds all 5 FSMO roles (which was the case in both shops) the "primary" domain controller.
I realize this is a misnomer and apologize for any confusion it's created in my post.

Thanks.
 
Upvote 0 Downvote
One last question that is related to this, but sort of off topic.
I did not take into consideration Exchange and the administration of it.

Right now, we are running a 2003 domain with Exchange 2003. Plan was to upgrade domain to 2008 (as described above) followed by upgrading Exchange to 2010.
We are in the middle of upgrading all DC's to 2008, however I just realized that one of those DC's has the Exchange Admin pack installed and that is the one we use to create user accounts so that the exchange mailboxes get created. I've recently discovered that you cannot install 2003 Exchange Admin pack in Server 2008.

So I'm not sure what my best course of action is for administrating Exchange once we are at the point of being 2008 domain with 2003 Exchange?

I know that I can install 2003 Active Directory with 2003 Exchange Admin pack on my local PC, but my question is, can I install 2008 Active Directory and 2003 Exchange Admin pack on my local PC until the point that we upgrade Exchange to 2010?

Thanks.
 
Upvote 0 Downvote
Upvote 0 Downvote
Forgive my ignorance...
How would you go about doing this on the Exchange server itself?
I've never done this before. I've only ever created users on a DC with the Exchange Admin pack installed.

Would you install the AD admin pack on the Exchange server just as I would on my local PC?
 
Upvote 0 Downvote
Upvote 0 Downvote
I'm ashamed to admit this, but I never realized that.
I see now on the Exchange Server, under All Programs -> Microsoft Exchange that ADUC is there. Wow.

Okay...final question (hopefully)...
What effect will upgrading AD to 2008 have on this instance of ADUC (the one installed on the Exchange server), if any?

Thanks for all your help.
 
Upvote 0 Downvote
It wont. You can have Windows 2008 DCs. But check the supportability of Exhange 2003 if you decide to change the Domain Functional Level and/or Forest Functional Level.

Do you have your Tek-Tips.com swag? I've got mine! Pick some up at
Stop by the new Tek-Tips group at LinkedIn.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
307
suncit
suncit
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
197
DTGMI
DTGMI
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
137
DrB0b
DrB0b
goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
368
goombawaho
goombawaho
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
229
microsGuy16
microsGuy16

Part and Inventory Search

Sponsor

Back
Top