You have a 2003 PDC and a 2008 secondary DC. What steps would you take to turn 2003 into 2008?

Posted on 2011-10-06
Last Modified: 2012-05-12
hi peeps,

If you've got a 2003 PDC, with a 2008 secondary DC, then what would be the smoothest, best approach to upgrading that primary DC into a 2008 PDC?

How would you go about it in a live production environment? Is there anything you would watch out for especially and be careful of whilst attempting this?

Thanks a lot
Question by:Yashy
    LVL 39

    Accepted Solution

    There is no PDC/BDC right now :) DCs are working in multi-master replication topology. The only one difference is that FSMO role holder. So, if you have 2003 and 2008 DCs existing in your network, now you can transfer FSMO roles from 2003 to 2008

    Please check for that my blog at

    when you move your PDC Emulator master then you need to advertise new time server in your forest

    [...]- after transfer of the PDCEmulator role, configure the NEW PDCEmulator to an external timesource and reconfigure the old PDCEmulator to use the domainhierarchie now. Therefore run on the NEW "w32tm /config /manualpeerlist:PEERS /syncfromflags:manual /reliable:yes /update" where PEERS will be filled with the ip address or server( and on the OLD one run "w32tm /config /syncfromflags:domhier /reliable:no /update" and stop/start the time service on the old one. All commands run in an elevated command prompt without the quotes. [...]

    it's an extract from MVP blog at

    when you are sure that everything is replicated properly then you may to wish decommission the old 2003 DC

    LVL 59

    Expert Comment

    by:Darius Ghassem
    LVL 24

    Assisted Solution

    It seems you have 2003DC and 2008DC in the network and you wamt to make Win2008 DC as primary server and Win 2003DC as secondary to acieve the same you need to just transfer the FSMO role Win2008 DC and you are done.

    Refer this article:

    But if you are planning to add Win2008 Server in existing 2003 domain you need to promote the win2008 server as DC and transfer the FSMO role on 2008 DC to make it primary.

    There are a couple of very important considerations, that you should have in mind, before you proceed with your migration scenario.
    --Check, and raise, if necessary, the Domain and Forest functional levels. You cannot upgrade directly from Windows 2000 mixed, or Windows Server 2003 interim domain functional levels.

    --The first Windows Server 2008 Domain Controller in the forest must be a Global Catalog Server, and it cannot be a Read Only Domain Controller, RODC.

    --Check the FSMO roles assignments. When you prepare the existing AD, you should run adprep /forestprep on the Schema operations master, and adprep /domainprep /gpprep on the infrastructure master.In your case as there is a single Dc you need to run on the same server.

    Steps to Install Windows 2008  DC

    1.First prepare the domain.
    Insert Win 2008 R2 DVD on windows 2003 DC and execute adprep as below
    Ran D:\2008DVD\Support\Adprep\adprep32.exe /forestprep on the server holding the Schema Master role.
    Ran D:\2008DVD\Support\Adprep\adprep32.exe /domainprep /gpprep on the server holding the domain master role.

    Reference article:

    2.Install DNS role in win2k8
    Reference KB article:

    3.Once DNS role is installed.Ran dcpromo on win2k8 R2.
    Reference KB article:

    4.After the Win2k8 Dc promotion is completed restart the win2k8 DC.

    5.You must transfer the FSMO roles to the 2008 machine then the process is as outlined at

    6.Ran dcdiag /q and repadmin /replsum on DC to check for any errors.

    7.Change all of the clients (and the new 2008 DC itself), to point to the 2008 DC for their preferred DNS server this may be in DHCP options or the TCP/IP settings.

    LVL 1

    Author Comment

    Firstly, thank you for the responses. Means a lot.

    If we have a second site, located elsewhere that is part of our domain also and which are global catalog servers, then AD needs to replicate over the VPN right? So will any changes need to be made on the global catalog servers at the other end at all (they're on server 2008) once the FSMO role has been transferred from the 2003 to a 2008 server?
    LVL 39

    Expert Comment

    by:Krzysztof Pytko
    If you have promoted 2008 as DC then it by default is selected as GlobalCatalog and DNS server. When you don't change anything that you need to only wait for AD database replication between Sites.

    FSMO roles are transferred transparently and they don't need time to replicate. When you click OK, FSMO role is on the specified DC in a second :)

    However, before you will decommission the old DC run on one of your DCs (better on 2008 R2) in command-line

    repadmin /syncall

    to force AD database replication. Wait some time (depends on WAN lin between Sites; let's say 15-30 mins)

    and then run

    repadmin /showrepl /all /intersite /verbose

    check if replication occurs without any errors

    and as the last one

    dcdiag /e /c /v

    to see if there is no other forest/domain errors. After that you can start demoting old DC

    LVL 24

    Expert Comment

    Once the FSMO role is transfers wait for replication.Check all the DC are GC.
    Ran dcdiag /q to check for any errors.
    To force the replication between the DC ran repadmin /syncall /AdeP
    Ran repadmin /replsum to check the replication summary.
    If the health of the DC are OK you can proceed with removal of old DC if required.
    Note:Kindly take the backup of DC before you proceed with demotion.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
    Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
    This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
    This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now