Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 359
  • Last Modified:

DC2003 and DC2008 combined

I have windows 2003 domain and all domain controllers are windows 2003.
I wonder if I can install windows 2008 Domain controller in the same domain as other windows 2003 DCs.
Thanks
0
jskfan
Asked:
jskfan
7 Solutions
 
KenMcFCommented:
Yes you can have both. You will need to run adprep to update your schema.
You will just need to leave the FFL and DFL at mixed mode until all DCs are 2008
http://www.petri.co.il/windows-server-2008-adprep.htm
0
 
Pete LongConsultantCommented:
Yes you can here's a walk-though I wrote a while back http://www.petenetlive.com/KB/Article/0000239.htm

Pete
0
 
gentle0000Commented:
Hi,

Of course you can install W2K8 to a W2K3 Domain Environment.

The Only thing you have to do is to prepare your W2K3 AD Forest and W2K3 AD Domain.

You have to know that the Domain Functional Level for the Domain must be at least Windows 2000 Native. So first check in AD Users and Computers to see the Domain Functional Level of your Domain is at Windows 2000 Native Mode. If not just Raise it, by right click at the Domain Name (AD Users and Computers) and choose Raise Domain Functional Level.

After that, follow the following procedure.
1. Logon to the DC with the Schema Master Role.
2. Insert the W2K8 DVD
3. Open a cmd prompt
4.. Go to d:\sources\adprep  (Where d:\ is your DVD drive letter)
5. Write:  adprep /forestprep
6. Write: adprep /domainprep

You are done.
Now you can promote any W2K8 machine to a DC in a W2K3 AD Enviroment.

With Regards.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
jskfanAuthor Commented:
what benefits do you get in this case. assuming the DFL and FFL are still windows 2003
0
 
KenMcFCommented:
One of the benifits you get if you have all 2008 DCs and FFL and DFL of 2008 is fine grained password policy. With you FFL and DFL you will not have this option.

http://technet.microsoft.com/en-us/library/cc770842(WS.10).aspx
0
 
jskfanAuthor Commented:
I meant while still in windows 2003 DFL and FFL, what benefits can I get from windows 2008 domain controller.

If the benefits are gonna be the same as having windows 2003 DC, so why should I add w2008 DC at the first place.

I know if upgrading FFL and DFL to w2008, all DCs need to be upgraded to w2008

if there are other benefits in installing w2008 in a w2003 domain while keeping FFL and DFL to 2003, please provide those benefits.
0
 
KenMcFCommented:
It depends on what you are comfortable with I guess and what your plans are to upgrade. How long will the new server be around for? 2003 will end support soon so you may be upgrading anyway.  I would recommend install the new DC as 2008 or even 2008 R2 since that is the newest OS. and work on getting all of your DCs up to that level in the next few years.

One i of the biggest benefitsI think with having a 2008 DC is the AD snapshots. You do not have to have 2008 DFL or FFL for this.

http://www.petri.co.il/working-active-directory-snapshots-windows-server-2008.htm 

There are no benefits keeping the DFL and FFL level in mixed mode, but you are not able to go to DFL or FFL 2008 until all of your DCs are 2008.

"Raising the domain and forest functional levels to Windows Server 2008 is a nonreversible task and prohibits the addition of Windows 2000–based or Windows Server 2003–based Domain Controllers to the environment. Any existing Windows 2000–based or Windows Server 2003–based Domain Controllers in the environment will no longer function, and in fact, the upgrading wizard will not allow you to continue with the operation. "

http://www.petri.co.il/raising-windows-server-2008-active-directory-domain-and-forest-functional-levels.htm

http://www.petri.co.il/understanding-windows-server-2008-active-directory-domain-and-forest-functional-levels.htm

http://support.microsoft.com/gp/lifesupsps
0
 
jskfanAuthor Commented:
If I understand:

windows 2008 DC in DFL 2003, you get :
    * Fine-grained password policies – Allows multiple password polices to be applied to different users in the same domain.
    * Read-Only Domain Controllers – Allows implementation of domain controllers that only host read-only copy of NTDS database.
    * Advanced Encryption Services – (AES 128 and 256) support for the Kerberos protocol.
    * Granular auditing – Allows history of object changes in Active Directory.
    * Distributed File System Replication (DFSR) – Allows SYSVOL to replicate using DFSR instead of older File Replication Service (FRS). It provides more robust and detailed replication of SYSVOL contents.
    * Last Interactive Logon Information – Displays the time of the last successful interactive logon for a user, from what workstation, and the number of failed logon attempts since the last logon.

Windows 2008 DC in Windows 2003 FFL you get:
    * Forest trust.
    * Domain rename.
    * Linked-value replication – Changes in group membership to store and replicate values for individual members instead of replicating the entire membership as a single unit.
    * Deployment of an RODC.
    * Intersite topology generator (ISTG) improvements – Supports a more efficient ISTG algorithm allows support for extremely large numbers of sites.
    * The ability to create instances of the dynamicObject dynamic auxiliary class.
    * The ability to convert an inetOrgPerson object instance into a User object instance, and the reverse.
    * The ability to create instances of the new group types, called application basic groups and Lightweight Directory Access Protocol (LDAP) query groups, to support role-based authorization.
    * Deactivation and redefinition of attributes and classes in the schema.


0
 
KenMcFCommented:
you will not get FGPP, this needs to be all 2008 DCs. AD snapshots is not in the list. In my option this is a big one for the 2008 DCs.

    * Fine-grained password policies – Allows multiple password polices to be applied to different users in the same domain.
0
 
jskfanAuthor Commented:
I guess the ADsnapshot requires Windows 2008 DCs DFL/FFL
0
 
KenMcFCommented:
no, AD snapshots only require a 2008 DC. You can still be in 2003 DFL and FFL
0
 
jskfanAuthor Commented:
thanks guys
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now