Solved

DC2003 and DC2008 combined

Posted on 2010-11-10
12
341 Views
Last Modified: 2012-05-10
I have windows 2003 domain and all domain controllers are windows 2003.
I wonder if I can install windows 2008 Domain controller in the same domain as other windows 2003 DCs.
Thanks
0
Comment
Question by:jskfan
12 Comments
 
LVL 27

Accepted Solution

by:
KenMcF earned 357 total points
ID: 34100861
Yes you can have both. You will need to run adprep to update your schema.
You will just need to leave the FFL and DFL at mixed mode until all DCs are 2008
http://www.petri.co.il/windows-server-2008-adprep.htm
0
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 72 total points
ID: 34100890
Yes you can here's a walk-though I wrote a while back http://www.petenetlive.com/KB/Article/0000239.htm

Pete
0
 
LVL 2

Assisted Solution

by:gentle0000
gentle0000 earned 71 total points
ID: 34100891
Hi,

Of course you can install W2K8 to a W2K3 Domain Environment.

The Only thing you have to do is to prepare your W2K3 AD Forest and W2K3 AD Domain.

You have to know that the Domain Functional Level for the Domain must be at least Windows 2000 Native. So first check in AD Users and Computers to see the Domain Functional Level of your Domain is at Windows 2000 Native Mode. If not just Raise it, by right click at the Domain Name (AD Users and Computers) and choose Raise Domain Functional Level.

After that, follow the following procedure.
1. Logon to the DC with the Schema Master Role.
2. Insert the W2K8 DVD
3. Open a cmd prompt
4.. Go to d:\sources\adprep  (Where d:\ is your DVD drive letter)
5. Write:  adprep /forestprep
6. Write: adprep /domainprep

You are done.
Now you can promote any W2K8 machine to a DC in a W2K3 AD Enviroment.

With Regards.
0
 

Author Comment

by:jskfan
ID: 34101008
what benefits do you get in this case. assuming the DFL and FFL are still windows 2003
0
 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 357 total points
ID: 34101202
One of the benifits you get if you have all 2008 DCs and FFL and DFL of 2008 is fine grained password policy. With you FFL and DFL you will not have this option.

http://technet.microsoft.com/en-us/library/cc770842(WS.10).aspx
0
 

Author Comment

by:jskfan
ID: 34101655
I meant while still in windows 2003 DFL and FFL, what benefits can I get from windows 2008 domain controller.

If the benefits are gonna be the same as having windows 2003 DC, so why should I add w2008 DC at the first place.

I know if upgrading FFL and DFL to w2008, all DCs need to be upgraded to w2008

if there are other benefits in installing w2008 in a w2003 domain while keeping FFL and DFL to 2003, please provide those benefits.
0
 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 357 total points
ID: 34101782
It depends on what you are comfortable with I guess and what your plans are to upgrade. How long will the new server be around for? 2003 will end support soon so you may be upgrading anyway.  I would recommend install the new DC as 2008 or even 2008 R2 since that is the newest OS. and work on getting all of your DCs up to that level in the next few years.

One i of the biggest benefitsI think with having a 2008 DC is the AD snapshots. You do not have to have 2008 DFL or FFL for this.

http://www.petri.co.il/working-active-directory-snapshots-windows-server-2008.htm

There are no benefits keeping the DFL and FFL level in mixed mode, but you are not able to go to DFL or FFL 2008 until all of your DCs are 2008.

"Raising the domain and forest functional levels to Windows Server 2008 is a nonreversible task and prohibits the addition of Windows 2000–based or Windows Server 2003–based Domain Controllers to the environment. Any existing Windows 2000–based or Windows Server 2003–based Domain Controllers in the environment will no longer function, and in fact, the upgrading wizard will not allow you to continue with the operation. "

http://www.petri.co.il/raising-windows-server-2008-active-directory-domain-and-forest-functional-levels.htm

http://www.petri.co.il/understanding-windows-server-2008-active-directory-domain-and-forest-functional-levels.htm

http://support.microsoft.com/gp/lifesupsps
0
 

Author Comment

by:jskfan
ID: 34103944
If I understand:

windows 2008 DC in DFL 2003, you get :
    * Fine-grained password policies – Allows multiple password polices to be applied to different users in the same domain.
    * Read-Only Domain Controllers – Allows implementation of domain controllers that only host read-only copy of NTDS database.
    * Advanced Encryption Services – (AES 128 and 256) support for the Kerberos protocol.
    * Granular auditing – Allows history of object changes in Active Directory.
    * Distributed File System Replication (DFSR) – Allows SYSVOL to replicate using DFSR instead of older File Replication Service (FRS). It provides more robust and detailed replication of SYSVOL contents.
    * Last Interactive Logon Information – Displays the time of the last successful interactive logon for a user, from what workstation, and the number of failed logon attempts since the last logon.

Windows 2008 DC in Windows 2003 FFL you get:
    * Forest trust.
    * Domain rename.
    * Linked-value replication – Changes in group membership to store and replicate values for individual members instead of replicating the entire membership as a single unit.
    * Deployment of an RODC.
    * Intersite topology generator (ISTG) improvements – Supports a more efficient ISTG algorithm allows support for extremely large numbers of sites.
    * The ability to create instances of the dynamicObject dynamic auxiliary class.
    * The ability to convert an inetOrgPerson object instance into a User object instance, and the reverse.
    * The ability to create instances of the new group types, called application basic groups and Lightweight Directory Access Protocol (LDAP) query groups, to support role-based authorization.
    * Deactivation and redefinition of attributes and classes in the schema.


0
 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 357 total points
ID: 34104351
you will not get FGPP, this needs to be all 2008 DCs. AD snapshots is not in the list. In my option this is a big one for the 2008 DCs.

    * Fine-grained password policies – Allows multiple password polices to be applied to different users in the same domain.
0
 

Author Comment

by:jskfan
ID: 34104385
I guess the ADsnapshot requires Windows 2008 DCs DFL/FFL
0
 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 357 total points
ID: 34104408
no, AD snapshots only require a 2008 DC. You can still be in 2003 DFL and FFL
0
 

Author Closing Comment

by:jskfan
ID: 34105646
thanks guys
0

Join & Write a Comment

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now