Solved

Adding a new Svr2008 R2 DC to 2003 domain func level env

Posted on 2010-11-16
11
314 Views
Last Modified: 2012-05-10
SETUP:
1 forest
2 DC/GC (I believe all are 2003 Std R2 SP2+
2003 func level
Both with DNS svrs AD integrated and set to the other as primary then themselves
1 first instance of exchange 2003 Std R2 SP2+ behind the firewall.
2 webservers; one in the dmz one unavoidably behind the firewall.
(1 behind the fw is a CRM mission critical svr w/Svr2003 Std SP updated)
a few other member servers that are 2003 housing db sw, etc..

Questions:
I am looking to implement a new 2008 R2 STd server and replace one demote one of the 2003 svrs DC.   I have several new win7 I had to deploy to users for various reason, new hire/replacements, etc...

We are looking to eventually move all our stuff to hosted solution by end of next year, but I want and need to incorporate the 2008 DC now.   What are some things I need to be aware of based on the env I have and doing this?  We had no plans to do any further updates  exchange at this time.  The new DC 08 will be a GC too was the plan, while I realize I will not be able to update the domain func level to 2008, but will I be able to take advantage of some of the new AD features and administer to win7 machines?  If anyone is going to say I really need to move to 2010 exchange, the best I'd possibly be able to do would be a "IN PLACE" if that is even possible 2007 upgrade, so please advise on that only if it's an absolute to my being able to do the new 08 DC svr R2 implement I'm asking about and need to do!   I’m looking for insights to what to look out for, consider, etc… from people that have been dealing with integrating 2008 dc in their env already.  


Thanks!
0
Comment
Question by:dee30
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +1
11 Comments
 
LVL 26

Assisted Solution

by:Tony Johncock
Tony Johncock earned 200 total points
ID: 34145526
Well you'll benefit from a 64bit DC which will generally outperform 32 bit equivalents (can hold more of the catalogue in RAM).

Plus yes,  you get the updated group policies and management features.

You can't do an in place upgrade of Exchange, but there is no reason adding a new DC requires you to go down this route for now anyway.

You'll have to update the schema to support the 2008 extensions but you don't have to raise the functional level. I'm assuming it's at 2003 already.

Did I read correctly that you will eventually just have the one DC? I'd always recommend two.

Oh and it would make sense to put all the FSMO roles onto the 2008 infrastructure too.
0
 

Accepted Solution

by:
0441 earned 300 total points
ID: 34145578
Hello,

it should be no problem including the first Server 2008 R2 DC into the domain.
You need to do a schema update, so you will first have a backup, in case of emergency.
See this, this and this article for the neccessary steps.

Keep in mid that you will not need to upgrade to 2008 domain function level for using Win7 Clients.

As for Exchange, there is no in-place upgrade to Exchange 2010.

Hope this helped a bit.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34145656
Upgrade the Exchange server is no required.

Here are the steps on moving to adding a Windows 2008 Server as a DC to an existing Windows 2003 domain.
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_23665224.html

Below is an article that describe the changes with adprep in Windows 2008 Server R2

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_3644-Windows-2008-Server-R2-adprep-adprep32.html
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 26

Expert Comment

by:Tony Johncock
ID: 34145731
Hopefully the links provided help to confirm my original points.
0
 

Author Comment

by:dee30
ID: 34145735
Tony1044, 0441,

Thanks for the replies... yes these insights are helping with clarity.    0441, I would never just have one DC, always at least two.   I had three, got rid of one and have two 2003, plan is to setup the new 2008 with new corp.domain.com domain and migrate all users over to the new domain.  Wow just remembered I was creating a brand new domian and doing away with the old.. ROFL.   So, based on that originally ommitted info, any additional recommendations on that deployment/plannning?  I will have to give thought and plan for switching exchange to the new domain and how that will work,  getting my users over to the new domain and figuring out what will happen to thier profiles/desktop. We have local profiles not roaming or nw stored profiles now, etc...

Also on a different note, is it recommended that your 08 dc not be your remote desktop admin role machine.  I want to set that up and deploy some apps and look into the TS gateway feature, too.

Thanks!  
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34145775
Remote Desktop Admin Mode is fine for a Windows 2008 Server running as a Domain Controller. RemoteApps is not recommended on a Domain Controller though

The link provides detailed steps to add a 2008 Server as a Domain Controller doesn't help confirm but shows the steps
0
 
LVL 26

Expert Comment

by:Tony Johncock
ID: 34145805
You used to get into permission issues with running Terminal Server on a DC as users wouldn't have remote desktop access amongst other things, but I believe this is no longer an issues with RDS.

Generally not recommended to have anything other than domain services on a DC though.

Have you considered running a free hypervisor and running your machines in that environment?
0
 

Author Comment

by:dee30
ID: 34148020
K, so with some clearer thought today after reading all comments based on my original setup

1 forest
2 DC/GC (I believe all are 2003 Std R2 SP2+
DC1 holding all FSMO roles
2003 func level
Both with DNS svrs AD integrated
I now remember I am
domain name: domain.com (presently a registered public domain name, but not associated with our company and not my setup).
IP scheme 192.168.122.0/24
03 exchange

PLAN and new ? :

new svr 08 R2 x64
new sub domain name to our real public reg domain... e.g. corp.realpubdomainname.com  
WIth the entire new domain, single forest and dc, I had wanted to keep both nw up and running and not change IP/nw scheme, but dont' think "ll be able to do this without introducing a new IP e.g. 192.168.123.0/24 for config of DNS and DHCP on this new server.   It's been a while since I greated a new Domain and this is my first day trying to start my planning, so any heads up will be appreciated.  THx
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34148210
Why do all of that you don't have too?
0
 

Author Comment

by:dee30
ID: 34148798
Darius, that question doesn't help me give you more info.  My goal is to get a new 08svr with a new correctly named domain, going from fish.com to corp.meat.com, while my posting is to help me figure out the best plan to accomplish that.   At this step of the thought process for me I'm just wondering how to do this while maintainng the same nw ip scheme, which I'd not planned on changing, but wth the need for DNS and DHCP config on the new 08, not sure how best to approach!?  Looking for 'hey consider this', 'hey possibly do this first and then do this...', etc... from experts.  Thank YOu!
0
 

Author Closing Comment

by:dee30
ID: 34149522
Thank you I'll post again for more insights to my thought on restructuring the domain.  
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Let's recap what we learned from yesterday's Skyport Systems webinar.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question