Improve company productivity with a Business Account.Sign Up

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1046
  • Last Modified:

upgrading from windows 2003 R2 to windows 2008

I have 2 windows 2003 R2 DCs + 2 Exchange 2003 SP2 BE, FE on windows 2003 also. everything is working very well
I have windows 2008 license and media but I am worry about the migration. shall I go ahead or just keep my system as it is. if you recommend the upgradation so what is the main ben benefits I will get from that also what is the drawback of that.

waiting for your recomendations

Ahmed Abdel Salam
Ahmed Abdel Salam
2 Solutions
If it's working very well and you don't need any new functions, i would keep it as how it is now.

Windows Server 2008 is a very new product and has a big change there are lots of bugs leftover. You better wait before putting it in production (or test it on a spare server to see if it works for you and with your current software).

At least you should consult every company that provides you software if it guaranteed works on Windows Server 2008.
There are some excellent advantages to using Windows Server 2008 especially with respect to Active Directory e.g. Read only Domain Controllers for branch offices, server core so no GUI clogging up performance, role based functionality so no unwanted services or ports opened so it's more secure etc.

That said if your current environment works well I'd be very careful about making too much change too quickly.  At the present time unless you have a pressing need to upgrade to Exchange 2007 I would leave your Exchange servers well alone.

In your position I'd start as follows:

i. Acquire some spare tin and install Server 2008.  Play with it extensively and get to know it well.  Re-install it a few times and get the hang of things.  Install it with GUI first and then try out server core for a while.

ii.  Once you're sure Server 2008 is ready for you and as important you are ready for it then buy some new time and build your first 2008 member server.

iii.  Run Domain Prep and Forest Prep to ready your domain for it's first 2008 DC and then promote the new 2008 server to be a DC.

iv. Once you're sure it's behaving itself consider moving GC, DNS, DHCP, FSMO roles etc. in a phased manner and once you're really satisfied consider rebuilding your current DC's to 2008 and raising the functional level to 2008 Native Mode.

This would be a background project over the course of a few weeks or months.  As always ensure your servers are fully patched and running the latest hot-fixes and service packs.

I'll reiterate that I'd leave Exchange well alone for the time being.

I'm using 2008 heavily but we're in an enormous computing environment of over 500 servers.  I'm very impressed but we haven't yet looked at 2008 for DC functionality but that will be coming soon.


Windows Server 2008 has a LOT of advantages and benefits over the older Windows Server 2003. It has a completely reworked OS core, which means it is a lot more secure (with UAC and lots of other new features), and obviously an upgrade now would stand you in good position for probably the next 5 years, at least.

The only thing you need to be careful of is that all your applications are still going to work after the upgrade. If you intend on running Exchange on your new 2008 servers, you MUST upgrade to Exchange 2007 SP1. You can keep your Exchange Servers running on Server 2003, and just introduce new Server 2008 DCs, if you don't want to upgrade Exchange at this stage.

The standard procedure for adding 2008 DCs to your domain is as below:

Install Windows Server 2008 onto the new server which is intended to be promoted as a Domain Controller. Ensure the new server is assigned a routable static IP address on your IP subnet. Ensure the IP address is not included in any of your existing DHCP scopes. The only DNS server entry at this stage should be the IP address of one of the Domain Controllers which is running the DNS server service on your network.

After installation, join the new machine to the existing domain as a member server. This procedure is exactly the same as joining a workstation to the domain.

Since you are upgrading the Operating System on the new Domain Controller, you will need to add some values to the existing Active Directory schema, in order for the new server to become a Domain Controller. Windows Server 2008 supports more functionality than before, so a schema upgrade for the domain and forest is required to facilitate this and make this new feature set fully functional on the domain. To make the necessary changes, you must be logged on as the built-in Administrator user account, or a user with Domain, Schema and Enterprise Admin privileges.

Insert the Windows Server 2008 media into your current server which is holding the Schema Master Operations Role (FSMO role). Open a command prompt and browse to sources\adprep folder within the Windows Server 2008 DVD media. Execute the command adprep /forestprep. Once complete, you must wait for the changes to be replicated to all domain controllers in the domain and forest before you can continue.

Next, execute adprep /domainprep . You must be logged on as a Domain Admin user for these steps to work correctly. Once these commands have run and replication has taken place your Active Directory schema will have been extended to support Windows Server 2008 as a Domain Controller.

The next step is to promote the new server as a Domain Controller for the domain. Enter dcpromo at a command prompt and follow the wizard. When prompted, select the option for an additional domain controller in an existing domain. After the wizard completes, the new server will be acting as a Domain Controller for your domain. It is necessary at this point to restart the server for these changes to be applied.

In a single-domain Active Directory forest, all servers should also be Global Catalog servers. The Global Catalog is a required component of Active Directory which is used during logins to establish universal group membership for a user account. To promote the new server as a Global Catalog, open Active Directory Sites and Services from the Administrative Tools container within Control Panel or on the Start Menu. Double-click Sites, then Servers, followed by the name of the new server. Next, right-click "NTDS Settings" and select Properties. On the General tab, check the Global Catalog checkbox. Restart the new Domain Controller for changes to take effect.

If you wish the new server to become the holder of one or more Operations (FSMO) roles, you will need to transfer these roles to the new server. In a single-domain environment, you gain no benefits from spreading FSMO roles between Domain Controllers

The current FSMO role configuration for your network can be found by running the command "netdom query fsmo" at a command prompt on a Domain Controller.

To transfer one or more of these FSMO roles to the new domain controller, follow the information detailed in the following Microsoft Support article: Please ensure any other information you follow is information regarding the TRANSFER of FSMO roles. Seizing FSMO roles is an emergency operation which should not be performed during this procedure.

DNS is a critical component of your Active Directory network. The easiest way to install the DNS role onto the new server is to follow the instructions outlined at You should be already using Active Directory-integrated DNS zones, which is the easiest method of allowing DNS replication to occur - DNS information is stored in Active Directory and replicates with Domain Controller replication traffic. To check if your DNS zones are AD-integrated (and convert them if not), please follow

You probably want to enable DNS forwarding in the DNS console on the server, too. This forwards lookups for external domains to a DNS server at your ISP, which allows the server to effectively resolve DNS for external domains. More information on forwarders can be found at

To move DHCP to the new server, you will need to first install the role. To install the role in Windows Server 2008, check the DHCP Server role option within the Add Roles wizard in the Server Manager. To correctly configure DHCP after the role is installed on your new server, you will need to ensure you configure it to distribute IP addresses which are in a different range to the IP scope defined on the other DHCP servers. You should also ensure the correct DNS and WINS servers are entered into the scope options. Remember that the only DNS servers which should be configured on workstations are the Domain Controllers which are also acting as DNS servers - no ISP DNS server should ever be set through DHCP.

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Ahmed Abdel SalamPh.D. CandidateAuthor Commented:
Thanks  all for replies,
I have already add one normal PC as a DC member with win 2008 server, but for some how it is failed to be working fine (driver and H/W issues) so I removed it from the domain completly. but now I have prepared my domain by adprep /forestprep from win2008 CD, is this is effecting the current 2003 enviroment incase I don't have any 2008 DC right now ??
ADPREP merely extends the schema in readiness for the first 2008 DC, it has no negative effect on the 2003 servers.
Yes, the extension to the schema will not affect your Domain Controllers because the functional level of the domain and forest is still at a level which supports Windows Server 2003 Domain Controllers (probably Server 2000 or Server 2003).

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now