You have a 2003 PDC and a 2008 secondary DC. What steps would you take to turn 2003 into 2008?

hi peeps,

If you've got a 2003 PDC, with a 2008 secondary DC, then what would be the smoothest, best approach to upgrading that primary DC into a 2008 PDC?

How would you go about it in a live production environment? Is there anything you would watch out for especially and be careful of whilst attempting this?

Thanks a lot
Yashy
LVL 1
YashyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Krzysztof PytkoSenior Active Directory EngineerCommented:
There is no PDC/BDC right now :) DCs are working in multi-master replication topology. The only one difference is that FSMO role holder. So, if you have 2003 and 2008 DCs existing in your network, now you can transfer FSMO roles from 2003 to 2008

Please check for that my blog at
http://kpytko.wordpress.com/2011/08/26/transferring-fsmo-roles-from-gui/
http://kpytko.wordpress.com/2011/08/26/transferring-fsmo-roles-from-command-line/

when you move your PDC Emulator master then you need to advertise new time server in your forest

[...]- after transfer of the PDCEmulator role, configure the NEW PDCEmulator to an external timesource and reconfigure the old PDCEmulator to use the domainhierarchie now. Therefore run on the NEW "w32tm /config /manualpeerlist:PEERS /syncfromflags:manual /reliable:yes /update" where PEERS will be filled with the ip address or server(time.windows.com) and on the OLD one run "w32tm /config /syncfromflags:domhier /reliable:no /update" and stop/start the time service on the old one. All commands run in an elevated command prompt without the quotes. [...]

it's an extract from MVP blog at
http://msmvps.com/blogs/mweber/archive/2010/02/10/upgrading-an-active-directory-domain-from-windows-server-2003-to-windows-server-2008-or-windows-server-2008-r2.aspx

when you are sure that everything is replicated properly then you may to wish decommission the old 2003 DC
http://kpytko.wordpress.com/2011/08/29/decommissioning-the-old-domain-controller/

Regards,
Krzysztof
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SandeshdubeySenior Server EngineerCommented:
It seems you have 2003DC and 2008DC in the network and you wamt to make Win2008 DC as primary server and Win 2003DC as secondary to acieve the same you need to just transfer the FSMO role Win2008 DC and you are done.

Refer this article:http://www.petri.co.il/transferring_fsmo_roles.htm

But if you are planning to add Win2008 Server in existing 2003 domain you need to promote the win2008 server as DC and transfer the FSMO role on 2008 DC to make it primary.

There are a couple of very important considerations, that you should have in mind, before you proceed with your migration scenario.
--Check, and raise, if necessary, the Domain and Forest functional levels. You cannot upgrade directly from Windows 2000 mixed, or Windows Server 2003 interim domain functional levels.

--The first Windows Server 2008 Domain Controller in the forest must be a Global Catalog Server, and it cannot be a Read Only Domain Controller, RODC.

--Check the FSMO roles assignments. When you prepare the existing AD, you should run adprep /forestprep on the Schema operations master, and adprep /domainprep /gpprep on the infrastructure master.In your case as there is a single Dc you need to run on the same server.


Steps to Install Windows 2008  DC

1.First prepare the domain.
Insert Win 2008 R2 DVD on windows 2003 DC and execute adprep as below
Ran D:\2008DVD\Support\Adprep\adprep32.exe /forestprep on the server holding the Schema Master role.
Ran D:\2008DVD\Support\Adprep\adprep32.exe /domainprep /gpprep on the server holding the domain master role.

Reference article:http://www.petri.co.il/prepare-for-server-2008-r2-domain-controller.htm

2.Install DNS role in win2k8
Reference KB article:http://technet.microsoft.com/en-us/library/cc725925.aspx

3.Once DNS role is installed.Ran dcpromo on win2k8 R2.
Reference KB article:http://technet.microsoft.com/en-us/library/cc753720(WS.10).aspx

4.After the Win2k8 Dc promotion is completed restart the win2k8 DC.

5.You must transfer the FSMO roles to the 2008 machine then the process is as outlined at http://www.petri.co.il/transferring_fsmo_roles.htm

6.Ran dcdiag /q and repadmin /replsum on DC to check for any errors.

7.Change all of the clients (and the new 2008 DC itself), to point to the 2008 DC for their preferred DNS server this may be in DHCP options or the TCP/IP settings.


0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

YashyAuthor Commented:
Firstly, thank you for the responses. Means a lot.

If we have a second site, located elsewhere that is part of our domain also and which are global catalog servers, then AD needs to replicate over the VPN right? So will any changes need to be made on the global catalog servers at the other end at all (they're on server 2008) once the FSMO role has been transferred from the 2003 to a 2008 server?
0
Krzysztof PytkoSenior Active Directory EngineerCommented:
If you have promoted 2008 as DC then it by default is selected as GlobalCatalog and DNS server. When you don't change anything that you need to only wait for AD database replication between Sites.

FSMO roles are transferred transparently and they don't need time to replicate. When you click OK, FSMO role is on the specified DC in a second :)

However, before you will decommission the old DC run on one of your DCs (better on 2008 R2) in command-line

repadmin /syncall

to force AD database replication. Wait some time (depends on WAN lin between Sites; let's say 15-30 mins)

and then run

repadmin /showrepl /all /intersite /verbose

check if replication occurs without any errors

and as the last one

dcdiag /e /c /v

to see if there is no other forest/domain errors. After that you can start demoting old DC

Krzysztof
0
SandeshdubeySenior Server EngineerCommented:
Once the FSMO role is transfers wait for replication.Check all the DC are GC.
Ran dcdiag /q to check for any errors.
To force the replication between the DC ran repadmin /syncall /AdeP
Ran repadmin /replsum to check the replication summary.
If the health of the DC are OK you can proceed with removal of old DC if required.
Note:Kindly take the backup of DC before you proceed with demotion.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.