printmedia
asked on
Migrating domain controller from Windows Server 2003 SBS to Windows Server 2008 R2 Standard
We have a Windows Server 2003 SBS server that has been our domain controller for years. It is also the exchange server, a file server and print server. We have a new Windows Server 2008 R2 Standard machine that I would like to make the new domain controller, while keeping the WIN2k3SBS machine the exchange server, and file server. Now from what I've understood about SBS for years now is that it has to be the DC on the network. I don't know if it can be demoted and function as a member server, or if there is a transition pack that allows it to do that but it needs to be done because we don't have exchange on any other server and we cant lose our mail server, so its important that the WIN2K3SBS server becomes a member server somehow.
As for migrating to the DC functionality to WIN2K8R2 I wanted to have my steps for migration reviewed so I know if I should make any changes or if what I've written below will safely migrate the DC.
The WIN2K8R2 server is already on the domain as a member server with a static IP.
ADPrep
1. Run adprep32 on WIN2K3SBS server from WIN2K8 DVD.
2. Run adprep /forestprep
3. Run adprep /domainprep (make sure functional level is at Windows Server 2003 instead of Windows 2000 native)
4. run adprep /rodcprep
DCPROMO
5. Run dcpromo on WIN2K8 server.
6. In Active Directory Domain Services Installation Wizard select “existing forest” and then type the name of the domain on the next screen
7. In the additional options for the server select DNS Server and Global Catalog
8. Set password for active directory restore mode
9. Finish the wizard
Transfer FSMO roles
10. Transfer the RID, PDC, Infrastructure roles in “Active Directory Users and Computers” to WIN2K8R2 server
11. Change Operations master role in “Active Directory Domains and Trusts” to WIN2K8R2 server
12. cmd -> regsvr32 schmmgmt.dll
13. Open “Active Directory Schema” Snap-in
14. right-click “Active Directory Schema [domain name]” and select “Change Active Directory Domain Controller”
15. Select the new DC from the list
16. Change the operations master to the new DC in “Active Directory Schema”
Demote Win2K3SBS Server
17. Run dcpromo on the WIN2K3SBS server
18. In Active Directory Installation Wizard do not select “This server is the last domain controller in the domain” click next on the rest of the screens and let the server restart
As for migrating to the DC functionality to WIN2K8R2 I wanted to have my steps for migration reviewed so I know if I should make any changes or if what I've written below will safely migrate the DC.
The WIN2K8R2 server is already on the domain as a member server with a static IP.
ADPrep
1. Run adprep32 on WIN2K3SBS server from WIN2K8 DVD.
2. Run adprep /forestprep
3. Run adprep /domainprep (make sure functional level is at Windows Server 2003 instead of Windows 2000 native)
4. run adprep /rodcprep
DCPROMO
5. Run dcpromo on WIN2K8 server.
6. In Active Directory Domain Services Installation Wizard select “existing forest” and then type the name of the domain on the next screen
7. In the additional options for the server select DNS Server and Global Catalog
8. Set password for active directory restore mode
9. Finish the wizard
Transfer FSMO roles
10. Transfer the RID, PDC, Infrastructure roles in “Active Directory Users and Computers” to WIN2K8R2 server
11. Change Operations master role in “Active Directory Domains and Trusts” to WIN2K8R2 server
12. cmd -> regsvr32 schmmgmt.dll
13. Open “Active Directory Schema” Snap-in
14. right-click “Active Directory Schema [domain name]” and select “Change Active Directory Domain Controller”
15. Select the new DC from the list
16. Change the operations master to the new DC in “Active Directory Schema”
Demote Win2K3SBS Server
17. Run dcpromo on the WIN2K3SBS server
18. In Active Directory Installation Wizard do not select “This server is the last domain controller in the domain” click next on the rest of the screens and let the server restart
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I recently inherited a network with a single Windows 2003 SBS and just completed a successful migration to Windows Server 2012 R2 Standard. I took notes along the way and will share the experience in hopes that it can help others. Some of it is generalized and assumes you have some understanding of what you’re getting into, but it can at least be used as an outline or guide to what’s involved.
Fortunately for me the business was not using Exchange. If Exchange is part of your upgrade the process will be different.
1. Run DCDIAG and DCDIAG /test:DNS on the 2003 SBS to validate health. The last thing you want to do is start with a server that has DNS issues. In my case there were journal wrap errors that needed resolved. Look close at events that are, and have been, getting logged in Event Viewer and take of anything that needs addressed.
2. Remove Exchange mailboxes from Active Directory- Open Exchange System Manager and remove mailboxes. Then uninstall Exchange from Add/Remove programs>Windows 2003 Small Business Server features (have your OS discs ready!). If you receive an error as I did about mailboxes still present on the server, there’s a nice guide to follow to find the ones that the System Manager doesn’t show. Check out “Removing Exchange” section here- http://m.msexchange.org/articles-tutorials/exchange-server-2003/migration-deployment/Removing-First-Exchange-2003-Server-Part2.html
3. Raise domain THEN forest functional level from 2000 to 2003 (if necessary). Before you can introduce 2012 servers on your domain the levels must be at least 2003.
4. Install Server 2012 (or 2012 R2) OS on your new server and static its IP information to what it will be on the network. I prefer to assign static information before a network cable is ever connected to it, but that’s me. Be sure to assign the primary DNS server to the 2003 SBS’ IP and leave secondary empty for now.
5. When Exchange is removed, the forest and domain functional levels are 2003 and the 2003 SBS is in good health, join the new 2012 server to the domain.
6. Install AD DS on 2012 server. A lot of information is available on this subject but AD DS is the ONLY checkbox you need checked and you DO NOT need to run ADPREP /forestprep or ADPREP /domainprep, as this happens automatically now (see https://technet.microsoft.com/en-us/library/dd464018%28v=ws.10%29.aspx). DNS will also automatically be installed with AD DS so you can leave DNS unchecked.
7. After AD DS installation is finished, you should see an option to promote the server to a domain controller inside Server Manager. Click it and select the option to join an existing domain. You may see a warnings about DNS delegation, which can be safely ignored. After adding the server as a DC it will reboot.
8. To update group policy settings to 2012 R2, insert the 2012 R2 media and open command prompt on the 2012 R2 server. Browse to the support directory on the media and run adprep /domainprep /gpprep.
9. Confirm your two servers are talking. Check event logs, DCDIAG and also REPADMIN /showrepl results. If you’re satisfied it’s time to transfer FSMO roles. The guide I followed to transfer all five rolls: https://blogs.technet.microsoft.com/canitpro/2015/02/10/step-by-step-migrating-windows-server-2003-fsmo-roles-to-windows-server-2012-r2/. Perform these steps ON the 2012 R2 server.
10. Transfer time server role to 2012 R2 server. From a command prompt on the 2003 server, run w32tm /config /syncfromflags:domhier /reliable:no /update then browse to hkey_local_machine\system\
11. Transfer DHCP role. This part is easy but after it’s complete check that DHCP server settings are how you want and aren’t handing out invalid primary DNS or time server information, for example. Here’s a good guide for this- https://blogs.technet.microsoft.com/canitpro/2013/04/28/step-by-step-migration-of-dhcp-from-windows-server-2003-to-windows-server-2012. Uninstall DHCP or at least disable the service on the 2003 server.
12. Take note of any file shares on the 2003 server (tip: get a screen shot from Computer Management). Transfer files hosted on the 2003 server before it’s demoted so AD permissions are also copied. Create a folder on the C drive of the 2012 R2 server called “filecopylogs”. This will serve as a place you can verify Robocopy results. I used Robocopy commands and will share the command that copies permissions: robocopy "\\2003server\c$\ClientApp
13. Update home folder paths in AD (if necessary).
14. Set primary DNS on 2012 to itself. It’s now time to run DCPROMO on the 2003 server and make the 2012 server stand on its own. I chose to decommission the 2003 server before adding a second 2012 R2 DC but you may choose to add another before taking down the 2003 server. During DCPROMO of the 2003 SBS I received an error about it unable to stop the NETLOGON service. If you do, click OK, then back, then Next again to get through it on the 2nd attempt. 2003 SBS will reboot when complete.
15. The 2012 R2 server is now standing alone as a DC but there’s cleanup to do. You’ll find the 2003 SBS server still in AD Sites and Services and in quite a few locations in DNS. These should either be removed or updated to the 2012 R2 server IP or name if it’s the only server listed in the DNS entry. Also check your DNS forwarders.
16. Add an additional 2012 R2 DC to your network! Best practice is to have at least two DCs for redundancy. Simply add AD DS to the second 2012 R2 server like we did for the first one (step 6), disable it as the time server (step 10), then set its primary DNS server to the other 2012 R2 server and secondary DNS to itself. At this time you should also update the other server’s NIC so its primary DNS is the other 2012 R2 server and secondary is itself.
Other things to consider:
1. If the 2003 SBS was a print server, you’ll need to set up shared printing on the 2012 R2 server with matching printer properties and share names.
2. If you plan on turning off the 2003 SBS for good and think there’s additional files on it you might need at some point that weren’t shared, copy them to somewhere on the new server or external media. This is better than having to turn on the old server again.
Good luck!
Fortunately for me the business was not using Exchange. If Exchange is part of your upgrade the process will be different.
1. Run DCDIAG and DCDIAG /test:DNS on the 2003 SBS to validate health. The last thing you want to do is start with a server that has DNS issues. In my case there were journal wrap errors that needed resolved. Look close at events that are, and have been, getting logged in Event Viewer and take of anything that needs addressed.
2. Remove Exchange mailboxes from Active Directory- Open Exchange System Manager and remove mailboxes. Then uninstall Exchange from Add/Remove programs>Windows 2003 Small Business Server features (have your OS discs ready!). If you receive an error as I did about mailboxes still present on the server, there’s a nice guide to follow to find the ones that the System Manager doesn’t show. Check out “Removing Exchange” section here- http://m.msexchange.org/articles-tutorials/exchange-server-2003/migration-deployment/Removing-First-Exchange-2003-Server-Part2.html
3. Raise domain THEN forest functional level from 2000 to 2003 (if necessary). Before you can introduce 2012 servers on your domain the levels must be at least 2003.
4. Install Server 2012 (or 2012 R2) OS on your new server and static its IP information to what it will be on the network. I prefer to assign static information before a network cable is ever connected to it, but that’s me. Be sure to assign the primary DNS server to the 2003 SBS’ IP and leave secondary empty for now.
5. When Exchange is removed, the forest and domain functional levels are 2003 and the 2003 SBS is in good health, join the new 2012 server to the domain.
6. Install AD DS on 2012 server. A lot of information is available on this subject but AD DS is the ONLY checkbox you need checked and you DO NOT need to run ADPREP /forestprep or ADPREP /domainprep, as this happens automatically now (see https://technet.microsoft.com/en-us/library/dd464018%28v=ws.10%29.aspx). DNS will also automatically be installed with AD DS so you can leave DNS unchecked.
7. After AD DS installation is finished, you should see an option to promote the server to a domain controller inside Server Manager. Click it and select the option to join an existing domain. You may see a warnings about DNS delegation, which can be safely ignored. After adding the server as a DC it will reboot.
8. To update group policy settings to 2012 R2, insert the 2012 R2 media and open command prompt on the 2012 R2 server. Browse to the support directory on the media and run adprep /domainprep /gpprep.
9. Confirm your two servers are talking. Check event logs, DCDIAG and also REPADMIN /showrepl results. If you’re satisfied it’s time to transfer FSMO roles. The guide I followed to transfer all five rolls: https://blogs.technet.microsoft.com/canitpro/2015/02/10/step-by-step-migrating-windows-server-2003-fsmo-roles-to-windows-server-2012-r2/. Perform these steps ON the 2012 R2 server.
10. Transfer time server role to 2012 R2 server. From a command prompt on the 2003 server, run w32tm /config /syncfromflags:domhier /reliable:no /update then browse to hkey_local_machine\system\
11. Transfer DHCP role. This part is easy but after it’s complete check that DHCP server settings are how you want and aren’t handing out invalid primary DNS or time server information, for example. Here’s a good guide for this- https://blogs.technet.microsoft.com/canitpro/2013/04/28/step-by-step-migration-of-dhcp-from-windows-server-2003-to-windows-server-2012. Uninstall DHCP or at least disable the service on the 2003 server.
12. Take note of any file shares on the 2003 server (tip: get a screen shot from Computer Management). Transfer files hosted on the 2003 server before it’s demoted so AD permissions are also copied. Create a folder on the C drive of the 2012 R2 server called “filecopylogs”. This will serve as a place you can verify Robocopy results. I used Robocopy commands and will share the command that copies permissions: robocopy "\\2003server\c$\ClientApp
13. Update home folder paths in AD (if necessary).
14. Set primary DNS on 2012 to itself. It’s now time to run DCPROMO on the 2003 server and make the 2012 server stand on its own. I chose to decommission the 2003 server before adding a second 2012 R2 DC but you may choose to add another before taking down the 2003 server. During DCPROMO of the 2003 SBS I received an error about it unable to stop the NETLOGON service. If you do, click OK, then back, then Next again to get through it on the 2nd attempt. 2003 SBS will reboot when complete.
15. The 2012 R2 server is now standing alone as a DC but there’s cleanup to do. You’ll find the 2003 SBS server still in AD Sites and Services and in quite a few locations in DNS. These should either be removed or updated to the 2012 R2 server IP or name if it’s the only server listed in the DNS entry. Also check your DNS forwarders.
16. Add an additional 2012 R2 DC to your network! Best practice is to have at least two DCs for redundancy. Simply add AD DS to the second 2012 R2 server like we did for the first one (step 6), disable it as the time server (step 10), then set its primary DNS server to the other 2012 R2 server and secondary DNS to itself. At this time you should also update the other server’s NIC so its primary DNS is the other 2012 R2 server and secondary is itself.
Other things to consider:
1. If the 2003 SBS was a print server, you’ll need to set up shared printing on the 2012 R2 server with matching printer properties and share names.
2. If you plan on turning off the 2003 SBS for good and think there’s additional files on it you might need at some point that weren’t shared, copy them to somewhere on the new server or external media. This is better than having to turn on the old server again.
Good luck!
Adprep /domainprep /gpprep
You can add 2008 R2 ADC in network with pleasure, however you can't simply demote SBS server
1st you need to add another Exchange server in same organization
May be you can add another 2003 server with exchange 2003 or more better you can have one more 2008 R2 member server and introduce Exchange 2010 SP3
Then move your send receive operations to Exchange 2010, move your mail boxes to Exchange 2010
Once that done successfully, you need to remove Exchange 2003 from SBS 1st and then transfer FSMO to 2008 R2 ADC and then demote SBS server
Also I don't think it will allow you to use it as member server
U need to format it with either 2003 server or 2008 and can repurpose it for else use
Mahesh.