I am a new member, so steer me in the right direction if needed.
We are replacing a third party application that does many functions that can be accomplished through AD group policy.
We have seven 2008 DCs, and one 2003 DC. I want to upgrade the domain function level to 2008, but have been asked for a contingency plan in the event that anything goes wrong.
All research indicates that domain function level upgrades go well, and I have nothing to worry about.
I have a question regarding a potential contingency plan, and a question about group policy.
Take one of the FSMO roles (RID master) and transfer it to the 2003 domain controller. Then shut him down and perform the upgrade. If things go well, retire him and seize the RID master role from one of the 2008 DCs. I know it is better to transfer rather than seize, but I don’t know why.
If things don’t go well, shut down all the 2008 DCs, bring the RID master (2003) back on line and begin seizing all the other roles. Then begin rebuilding new DCs.
Does anyone see any problems with this?
I am wondering whether I will experience any issues when trying to utilize some of the new group policy functionality combined with group policy objects that were in place prior to the upgrade. In short, do I need to create new group policy objects to utilize the expanded functionality, and run those in addition to the existing production GPOs.
I don’t know whether the existing GPOs have new features in them, or if I have to create new GPOs and run those alongside the old ones.
I know there are two questions, but they are integral. 125 per relevant answer.