Solved

domain functional level 2003 to 2008

Posted on 2011-09-17
3
463 Views
Last Modified: 2012-06-27
Hi,

we have approximately 10 DCs with server 2003 operating systems and have started introducing 2008 R2 as our OS server replacement. Domain functional level is obviously still 2003.

i was wondering if you have gone through the domain functional level upgrade project and if so, what approach did you take; what issues/road blocks did you come across during the project?

Thanks
0
Comment
Question by:kengo007
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 9

Assisted Solution

by:ghodder
ghodder earned 50 total points
ID: 36555407
All you need to do is update all your DCs to *AT LEAST* Windows 2008 and it's 2 or 3 clicks to raise the functional level. The actual update takes all of 2mins. The only problem you will have is if you upgrade the functional level before you have updated all your DCs.

If your DCs are only handling DC duties and not multi-purposed as file/print servers, application servers, etc then it should be fairly straight forward to build a new DC for each site, bring it online then decommision the old DC. If you need to move file shares etc, I would recommend Robocopy or XXCopy.

Technet article on how to demote a DC.

Occaisionally I have experienced stubborn DCs that don't demote properly but MS have a procedure for manual cleanup.

0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 400 total points
ID: 36555447
There are a couple of very important considerations, that you should have in mind, before you proceed with your migration scenario.
--Check, and raise, if necessary, the Domain and Forest functional levels. You cannot upgrade directly from Windows 2000 mixed, or Windows Server 2003 interim domain functional levels.

--The first Windows Server 2008 Domain Controller in the forest must be a Global Catalog Server, and it cannot be a Read Only Domain Controller, RODC.

--Check the FSMO roles assignments. When you prepare the existing AD, you should run adprep /forestprep on the Schema operations master, and adprep /domainprep /gpprep on the infrastructure master.In your case as there is a single Dc you need to run on the same server.


Steps to Install Windows 2008 R2 DC

1.First prepare the domain.
Insert Win 2008 R2 DVD on windows 2003 DC and execute adprep as below
Ran D:\2008DVD\Support\Adprep\adprep32.exe /forestprep on the server holding the Schema Master role.
Ran D:\2008DVD\Support\Adprep\adprep32.exe /domainprep /gpprep on the server holding the domain master role.

Reference article:http://www.petri.co.il/prepare-for-server-2008-r2-domain-controller.htm

2.Install DNS role in win2k8
Reference KB article:http://technet.microsoft.com/en-us/library/cc725925.aspx

3.Once DNS role is installed.Ran dcpromo on win2k8 R2.
Reference KB article:http://technet.microsoft.com/en-us/library/cc753720(WS.10).aspx

4.After the Win2k8 Dc promotion is completed restart the win2k8 DC.

5.You must transfer the FSMO roles to the 2008 machine then the process is as outlined at http://www.petri.co.il/transferring_fsmo_roles.htm

6.Ran dcdiag /q and repadmin /replsum on DC to check for any errors.

7.Change all of the clients (and the new 2008 DC itself), to point to the 2008 DC for their preferred DNS server this may be in DHCP options or the TCP/IP settings.
0
 
LVL 10

Assisted Solution

by:abhijitwaikar
abhijitwaikar earned 50 total points
ID: 36557480
i was wondering if you have gone through the domain functional level upgrade project and if so, what approach did you take; what issues/road blocks did you come across during the project?

Raising functional levels is very simple process as ghodder said 2 or 3 clicks.

Raising the domain functional level
Only after you've successfully upgraded the last Windows Server 2003 Domain Controller for a specific domain (or you don't feel the need to ever add pre-Windows Server 2008 Domain Controllers to your Active Directory environment) you're ready to raise the Domain functional level of that domain.


Raising the forest functional level
After you've successfully raised the domain functional level of all the domains in your Active Directory forest you're ready to upgrade the Forest functional level. This will not add any features, but will result in all domains that are subsequently added to the forest will operate at the Windows Server 2008 domain functional level by default.

Note:
Till windows 2008 raising the functional level was a one way procedure. Once you've raised your forest functional level there's no way to return to the previous forest or domain functional levels however with Windows Server 2008 R2, you can now revert back or lower both the Domain Functional Level and Forest Functional Level of your domain

Some conditions and limitations of this new feature of 2008R2 described below article:
http://social.technet.microsoft.com/wiki/contents/articles/how-to-revert-back-or-lower-the-active-directory-forest-and-domain-functional-levels-in-windows-server-2008-r2.aspx

Understanding Active Directory Domain Services (AD DS) Functional Levels
http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels(WS.10).aspx
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question