How to upgrade the Active Directory in our environment from 2003 to 2008R2

Posted on 2011-02-10
Last Modified: 2012-05-11
Our topology consists of 7 Servers.

1 - Server 2003 SP2, GC/DC
1 - Server 2003 SP2, DC
1 - Server 2003 R2, DC, Exchange Server
1 - Server 2003 R2, Member Server
1 - Server 2003 SP2, File Server
1 - Server 2008 R2, Terminal Server
1 - Server 2008 R2, File Server

Our current forest level is 2000, and the domain level is 2003.  Is it save to say that I can just put a 2008 R2 cd in the GC/DC and run the forest prep and ad prep commands to upgrade the levels?  If there is anything else that we need to be aware of so we dont break the domain, that would be appreciated. Thanks.
Question by:jhuntin
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 96

Accepted Solution

Lee W, MVP earned 334 total points
ID: 34867436
Dependas.  Are you UPGRADING the domain to AD 2008 native mode or do you just want to add a 2008 R2 DC?  If you upgrade AD, then your 2003 DCs will no longer replicate with AD.  If you just prep the domain and add a 2008 R2 DC, that's fine.

I would, of course, run some diags first - DCDIAG and such to verify the AD is healthy.

Author Comment

ID: 34867534
I want to eventually turn the 2003 GC/DC to a 2008 R2 GC/DC but at this point i just wanted to upgrade the domain to support DFS that I am trying to get working on the two 2008 servers.  I cant get them to work properly together because I dont think the AD is supporting it.

Author Comment

ID: 34867828
Also, my forest level is 2000. Should I move that to 2003 right now?
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 334 total points
ID: 34867854
If you're looking to support DFS-R you need 2003 R2 or later.

If you have no 2000 DCs and don't plan on ever making them, then I'd make the domain 2003 native.

Note you CANNOT upgrade 2003 DCs to 2008 R2 as there is no 32 to 64 bit upgrade path.  You CAN MIGRATE - but a Migration is NOT an upgrade.

Author Comment

ID: 34867879
Ok, so what would you say is the best way to migrate that 2003 GC/DC to to 2008? I can migrate the roles to a new 2008 GC/DC box, but I need to eventually get the 2008 box to work at the same IP address that the decomissioned 2003 box was at.  Also, what do should I be concerned with on the other DC's that are 2003 and 2003 R2 for the exchange server? Can those be DC's with the newly 2008?
LVL 96

Expert Comment

by:Lee W, MVP
ID: 34867923
> but I need to eventually get the 2008 box to work at the same IP
> address that the decomissioned 2003 box was at
Why?  Why do you need to keep the same IPs?  

So long as the mode of the domain is not higher than an existing DC, all DCs should be able to communicate with each other, assuming you have everything setup properly.

Author Comment

ID: 34867947
Well all of the workstations that are on the network are pointed to that DNS server which is the GC/DC for authentication. So it would be necessary I suppose in order for them to authenticate, right?
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 166 total points
ID: 34872320
LVL 74

Expert Comment

by:Glen Knight
ID: 35339979
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question