best way to upgrade from 2003 server to 2008 server

our windows 2003 server are out of warranty and business is dictating that we need to move across to windows 2008 -
I currently have 3 windows 2003 servers and we plan to buy 4 new servers with 2008 on them - what's the cleanest way to move everythign across to the new windows 2008 servers keeping our current domain
Who is Participating?

OK, it sounds like having 3 physical servers might be a good idea for you then. You seem to be a big enough network to require replication and high availability of services, but not so large that you have so many roles they would need to be virtualised!

The procedure for migrating Active Directory to one of the new servers is posted at the end of this article. Once you have one DC running Active Directory, you can simply follow the procedure again for another server, joining it to the domain, installing DNS and making it a Global Catalog. You only need to transfer the FSMO roles to one of the new servers though, since each role can only ever exist on one server at a time (and in smaller single domain networks you are best just keeping them on one DC).

Gaining replication - or high availability - of your Exchange Servers is most commonly achieved through Microsoft's clustering technologies. Be aware that this can be EXPENSIVE. You need a shared storage disk array, such as a SAN, and the Enterprise Editions of both Exchange 2007 and Server 2008 in order for you to unlock the Clustering and Replication features. New features in Exchange 2007 such as CCR replication (continuous cluster replication) help because you wouldn't need a SAN if you deployed that configuration, but you still need the Enterprise Edition of all the software. If you still want high availability, I would probably suggest you look at a product such as DoubleTake to do it for you instead;


Install Windows Server 2008 onto the new server which is intended to be promoted as a Domain Controller. Ensure the new server is assigned a routable static IP address on your IP subnet. Ensure the IP address is not included in any of your existing DHCP scopes. The only DNS server entry at this stage should be the IP address of one of the Domain Controllers which is running the DNS server service on your network.

After installation, join the new machine to the existing domain as a member server. This procedure is exactly the same as joining a workstation to the domain.

Since you are upgrading the Operating System on the new Domain Controller, you will need to add some values to the existing Active Directory schema, in order for the new server to become a Domain Controller. Windows Server 2008 supports more functionality than before, so a schema upgrade for the domain and forest is required to facilitate this and make this new feature set fully functional on the domain. To make the necessary changes, you must be logged on as the built-in Administrator user account, or a user with Domain, Schema and Enterprise Admin privileges.

Insert the Windows Server 2008 media into your current server which is holding the Schema Master Operations Role (FSMO role). Open a command prompt and browse to sources\adprep folder within the Windows Server 2008 DVD media. Execute the command adprep /forestprep. Once complete, you must wait for the changes to be replicated to all domain controllers in the domain and forest before you can continue.

Next, execute adprep /domainprep . You must be logged on as a Domain Admin user for these steps to work correctly. Once these commands have run and replication has taken place your Active Directory schema will have been extended to support Windows Server 2008 as a Domain Controller.

Promote the new server as a Domain Controller for the domain. Enter dcpromo at a command prompt and follow the wizard. When prompted, select the option for an additional domain controller in an existing domain. After the wizard completes, the new server will be acting as a Domain Controller for your domain. It is necessary at this point to restart the server for these changes to be applied.

In a single-domain Active Directory forest, all servers should also be Global Catalog servers. The Global Catalog is a required component of Active Directory which is used during logins to establish universal group membership for a user account. To promote the new server as a Global Catalog, open Active Directory Sites and Services from the Administrative Tools container within Control Panel or on the Start Menu. Double-click Sites, then Servers, followed by the name of the new server. Next, right-click "NTDS Settings" and select Properties. On the General tab, check the Global Catalog checkbox. Restart the new Domain Controller for changes to take effect.

Since you intend on removing the old Domain Controller from the domain, you need to transfer all the Operations (FSMO) roles to the new Domain Controller.

The current FSMO role configuration for your network can be found by running the command "netdom query fsmo" at a command prompt on a Domain Controller.

To transfer these FSMO roles to the new domain controller, follow the information detailed in the following Microsoft Support article: Please ensure any other information you follow is information regarding the TRANSFER of FSMO roles. Seizing FSMO roles is an emergency operation which should not be performed during this procedure.

DNS is a critical component of your Active Directory network. The easiest way to install the DNS role onto the new server is to follow the instructions outlined at You should be already using Active Directory-integrated DNS zones, which is the easiest method of allowing DNS replication to occur - DNS information is stored in Active Directory and replicates with Domain Controller replication traffic. To check if your DNS zones are AD-integrated (and convert them if not), please follow

You probably want to enable DNS forwarding in the DNS console on the server, too. This forwards lookups for external domains to a DNS server at your ISP, which allows the server to effectively resolve DNS for external domains. More information on forwarders can be found at

To move DHCP to the new server, you will need to first install the role. To install the role in Windows Server 2008, check the DHCP Server role option within the Add Roles wizard in the Server Manager. To correctly configure DHCP after the role is installed on your new server, you will need to ensure you configure it to distribute IP addresses which are in a different range to the IP scope defined on the other DHCP servers. You should also ensure the correct DNS and WINS servers are entered into the scope options. Remember that the only DNS servers which should be configured on workstations are the Domain Controllers which are also acting as DNS servers - no ISP DNS server should ever be set through DHCP.

Once all of these steps have been completed, you should have successfully transferred all of the Active Directory roles to the new domain controller. At this stage, I would suggest you shut down the old domain controller and check to ensure all services on workstations and servers are working correctly - including logins. If they are, you should be safe to switch the old DC back on, run dcpromo and demote it from its Domain Controller role. This will remove the DC as a Domain Controller, leaving it as a member server on the network.

To completely remove the DC from the network, you will need to remember that any other data - including folder redirection folders and user profiles - should be replicated or otherwise transferred to either the new server or another location on the network.

Because I don't know what kind of applications are running on your current servers, a general list:
First server: make it DC in current AD and transfert FSMO roles
Add roles: DHCP, WINS,...
Other servers: I would add a second DC
File server: migrate files eg with File Migration toolkit
Exchange: Since exchange 2003 can't be installed on windows 2008, you have to upgrade to exchange 2007 (unless you keep a windows 2003 server). For Exchange 2007, you normaly have multiple servers for the different exchange roles (one for mailbox, one for cas/hub).
SQL: install sql on new server, after that, you have multiple options : backup/restore or detach/attach
For more advice, you should give more information on your current servers.
Darius GhassemCommented:
Look over this post which will give you all the information you need.
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.


Can you clarify exactly what roles each of those 4 servers you are purchasing will be running? The only reason I ask is that the 2008 Servers are probably going to be a lot more powerful than your older 2003 Servers, and thus you may not need any more than 2 - 3 since roles could be consolidated a little. Of course, 4 may be the correct number, I'm just curious and eager to save you some money :). You also have the new Hyper-V Virtualisation role in Server 2008 to consider, too.

The procedure for migrating Active Directory is quite simple. Dariusg has posted a link above to one of my articles which details the procedure. If you have Exchange, then be extra careful if it is installed on a Domain Controller - REMEMBER that you must never run dcpromo on ANY server which has Exchange installed, no question about it. Also, remember you must move to Exchange 2007 SP1 if you go to all Server 2008 servers. While Exchange 2003 is supported in a Server 2008 Active Directory domain, you cannot install it directly on Server 2008 machines.

edel7Author Commented:
hi there,
we haven't got exchange YET, this won't be implemented until after the 2008 upgrade, in our current environmnet we have 3 servers 1 is our main server and the 2nd one is a mirror image of 1, plus we use it to store extra data our 3rd server is our mail server running mdaemon and this is just dedicated to mdaemon.
with the new servers we were going to have servers 1 & 2 as before and the 3rd one would run exchange - we may purchase a 4th one to be our backup for exchange but we are not 100% sure we will do this.
on our 2003 servers we have AD running on all of them - we have no terminal servers
edel7Author Commented:
tigermatt thank you so much
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.