Solved

How to upgrade the Active Directory in our environment from 2003 to 2008R2

Posted on 2011-02-10
10
256 Views
Last Modified: 2012-05-11
Our topology consists of 7 Servers.

1 - Server 2003 SP2, GC/DC
1 - Server 2003 SP2, DC
1 - Server 2003 R2, DC, Exchange Server
1 - Server 2003 R2, Member Server
1 - Server 2003 SP2, File Server
1 - Server 2008 R2, Terminal Server
1 - Server 2008 R2, File Server

Our current forest level is 2000, and the domain level is 2003.  Is it save to say that I can just put a 2008 R2 cd in the GC/DC and run the forest prep and ad prep commands to upgrade the levels?  If there is anything else that we need to be aware of so we dont break the domain, that would be appreciated. Thanks.
0
Comment
Question by:jhuntin
10 Comments
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 334 total points
ID: 34867436
Dependas.  Are you UPGRADING the domain to AD 2008 native mode or do you just want to add a 2008 R2 DC?  If you upgrade AD, then your 2003 DCs will no longer replicate with AD.  If you just prep the domain and add a 2008 R2 DC, that's fine.

I would, of course, run some diags first - DCDIAG and such to verify the AD is healthy.
0
 

Author Comment

by:jhuntin
ID: 34867534
I want to eventually turn the 2003 GC/DC to a 2008 R2 GC/DC but at this point i just wanted to upgrade the domain to support DFS that I am trying to get working on the two 2008 servers.  I cant get them to work properly together because I dont think the AD is supporting it.
0
 

Author Comment

by:jhuntin
ID: 34867828
Also, my forest level is 2000. Should I move that to 2003 right now?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 334 total points
ID: 34867854
If you're looking to support DFS-R you need 2003 R2 or later.

If you have no 2000 DCs and don't plan on ever making them, then I'd make the domain 2003 native.

Note you CANNOT upgrade 2003 DCs to 2008 R2 as there is no 32 to 64 bit upgrade path.  You CAN MIGRATE - but a Migration is NOT an upgrade.
0
 

Author Comment

by:jhuntin
ID: 34867879
Ok, so what would you say is the best way to migrate that 2003 GC/DC to to 2008? I can migrate the roles to a new 2008 GC/DC box, but I need to eventually get the 2008 box to work at the same IP address that the decomissioned 2003 box was at.  Also, what do should I be concerned with on the other DC's that are 2003 and 2003 R2 for the exchange server? Can those be DC's with the newly 2008?
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 34867923
> but I need to eventually get the 2008 box to work at the same IP
> address that the decomissioned 2003 box was at
Why?  Why do you need to keep the same IPs?  

So long as the mode of the domain is not higher than an existing DC, all DCs should be able to communicate with each other, assuming you have everything setup properly.
0
 

Author Comment

by:jhuntin
ID: 34867947
Well all of the workstations that are on the network are pointed to that DNS server which is the GC/DC for authentication. So it would be necessary I suppose in order for them to authenticate, right?
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 166 total points
ID: 34872320
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35339979
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question