Adding first 2008 DC into a 2003 domain

Posted on 2008-11-03
Last Modified: 2010-05-14
I have a Windows Server 2003 domain with 2 DC's in it.  I am getting ready to add my first Windows Server 2008 server and would like to make it a DC.  Is there anything I should be making sure I do in preparation for this?  I have been researching it and it seems straight forward with using the forest prep, etc... and then using DCpromo to promote the servers.  Then moving the FSMO roles over.  Do you have any suggestions or tips?
Question by:gtc-tech
    LVL 18

    Assisted Solution

    LVL 70

    Accepted Solution

    Note that you will have to ADPREP your domain before adding any 2008 DCs

    The installation of Windows 2008 into the domain and migration is quite simple.
    First you need to Adprep your 2003 Domain by running
    adprep /forestprep    and
    adprep /domainprep   and
    adprep /gpprep

    from the 2008 DVD on the Windows 2003 DC  - adprep is in the SOURCES folder on the DVD.

    Next install 2008 server on the new machine. You need to assign the 2008 new computer an IP address and subnet mask on the existing network. Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller)

    Join the new 2008 machine to the existing domain as a member server

    From the command line promote the new machine to a domain controller with the DCPROMO command from the command line Select "Additional Domain Controller in an existing Domain"

    Once Active Directory is installed then to make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the"Global Catalog" checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

    If necessary install DNS on the new server. Assuming that you were using Active Directory Integrated DNS on the first Domain Controller, DNS will automatically replicate to the new domain controller along with Active Directory. Set up forewarders as detailed at

    You must transfer the FSMO roles to the 2008 machine then the process is as outlined at

    You then need to install DHCP on the new 2008 server (if used) and set up a scope, activate it and authorize the server.

    Change all of the clients (and the new 2008 DC itself), to point to the 2008 DC for their preferred DNS server this may be in DHCP options or the TCP/IP settings.

    You can then transfer any data to the new server

    Before removing the old DC from the domain, run DCPROMO on it to remove Active Directory.

    Netometer has a nice video -
    LVL 58

    Assisted Solution


    It's a reasonably easy procedure, but the main point I would suggest is that you allow plenty of time to do so, and preferably do it out of hours.

    I would suggest that you ensure that your domain is running at least Windows 2000 Native Mode for the Functional Level. A Server 2008 DC CANNOT be promoted in a Mixed Mode domain, since Mixed Mode supports NT4 DCs, and Server 2008 does not. Promote the Functional Level and allow replication between all DCs as necessary before starting on the Server 2008.


    Install Windows Server 2008 onto the new server which is intended to be promoted as a Domain Controller. Ensure the new server is assigned a routable static IP address on your IP subnet. Ensure the IP address is not included in any of your existing DHCP scopes. The only DNS server entry at this stage should be the IP address of the existing domain controller on your network.

    After installation, join the new machine to the existing domain as a member server. This procedure is exactly the same as joining a workstation to the domain.

    Since you are upgrading the Operating System on the new Domain Controller, you will need to add some values to the existing Active Directory schema, in order for the new server to become a Domain Controller. Windows Server 2008 supports more functionality than before, so a schema upgrade for the domain and forest is required to facilitate this and make this new feature set fully functional on the domain. To make the necessary changes, you must be logged on as the built-in Administrator user account, or a user with Domain, Schema and Enterprise Admin privileges.

    Insert the Windows Server 2008 media into your current server . Open a command prompt and browse to sources\adprep folder within the Windows Server 2008 DVD media. Execute the command adprep /forestprep.

    Next, execute adprep /domainprep . You must be logged on as a Domain Admin user for these steps to work correctly. Once these commands have run your Active Directory schema will have been extended to support Windows Server 2008 as a Domain Controller.

    Promote the new server as a Domain Controller for the domain. Enter dcpromo at a command prompt and follow the wizard. When prompted, select the option for an additional domain controller in an existing domain. After the wizard completes, the new server will be acting as a Domain Controller for your domain. It is necessary at this point to restart the server for these changes to be applied.

    In a single-domain Active Directory forest, all servers should also be Global Catalog servers. The Global Catalog is a required component of Active Directory which is used during logins to establish universal group membership for a user account. To promote the new server as a Global Catalog, open Active Directory Sites and Services from the Administrative Tools container within Control Panel or on the Start Menu. Double-click Sites, then Servers, followed by the name of the new server. Next, right-click "NTDS Settings" and select Properties. On the General tab, check the Global Catalog checkbox. Restart the new Domain Controller for changes to take effect.

    If you wish the new server to become the holder of one or more Operations (FSMO) roles, you will need to transfer these roles to the new server. In a single-domain environment, you gain no benefits from spreading FSMO roles between Domain Controllers

    The current FSMO role configuration for your network can be found by running the command "netdom query fsmo" at a command prompt on a Domain Controller.

    To transfer one or more of these FSMO roles to the new domain controller, follow the information detailed in the following Microsoft Support article: Please ensure any other information you follow is information regarding the TRANSFER of FSMO roles. Seizing FSMO roles is an emergency operation which should not be performed during this procedure.

    DNS is a critical component of your Active Directory network. The easiest way to install the DNS role onto the new server is to follow the instructions outlined at You should be already using Active Directory-integrated DNS zones, which is the easiest method of allowing DNS replication to occur - DNS information is stored in Active Directory and replicates with Domain Controller replication traffic. To check if your DNS zones are AD-integrated (and convert them if not), please follow

    You probably want to enable DNS forwarding in the DNS console on the server, too. This forwards lookups for external domains to a DNS server at your ISP, which allows the server to effectively resolve DNS for external domains. More information on forwarders can be found at

    To move DHCP to the new server, you will need to first install the role. To install the role in Windows Server 2008, check the DHCP Server role option within the Add Roles wizard in the Server Manager. To correctly configure DHCP after the role is installed on your new server, you will need to ensure you configure it to distribute IP addresses which are in a different range to the IP scope defined on the other DHCP server. You should also ensure the correct DNS and WINS servers are entered into the scope options. Remember that the only DNS servers which should be configured on workstations are the Domain Controllers which are also acting as DNS servers - no ISP DNS server should ever be set through DHCP.


    Author Closing Comment

    Thank you all for your help.  It is greatly appreciated.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Suggested Solutions

    Title # Comments Views Activity
    ntp settings vcenter 4 45
    ADFS 3.0 with a One-Way Forest Trust 1 19
    Exchange 2007 13 17
    Remote install of MSI file 4 18
    I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
    Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now