Upgrading to Active Directory 2008

Hi All,

I have a few questions regarding our move to Active directory 2008 from Active Directory 2003:

1. Can we introduce 2008 and 2008 R2 domain controllers into the domain and keep the functional level at 2003 until we're ready?
2. Is it ok to have a mix of 2003, 2008 and 2008R2 domain controllers? (we plan to move them all over eventually to at least 2008)
3. Are there any major 'gotchas' I should look out for in this upgrade?  The main servers that we have that rely on Active Directory are SQL 2005/2008 servers and Exchange 2003.

Thanks a lot!

Rob
LVL 1
robclarke41Asked:
Who is Participating?
 
Mike KlineCommented:
1.  Yes that is fine and the normal way it is done...staggered(not all at once)

2.  Yes ok to have a mix

3.  As long as your exchange 2003 servers have SP2 installed you should be fine there.  Good matrix of exchange here

http://technet.microsoft.com/en-us/library/ff728623.aspx

Thanks


Mike
0
 
jzaniewskiCommented:
1. Yes, the functional level would be fine to leave at 2003 (although it will need to be 2003 R2)
2. I have run in this scenario without issue and it is fine to run this way until you're ready to upgrade the level.
3. SQL and Exchange versions that you are running should work fine. Remember, you're not changing the functional level so everything would be status quo.
0
 
AhmedHERMICommented:
1- Yes it's working
2- yes it's working fine and without any problem
3- it's working too.

But before making the Upgrade i want to advise you to check this link, so help-full:
http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2008/04/08/upgrading-your-active-directory-to-windows-server-2008.aspx

Best Regards.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
robclarke41Author Commented:
Thanks guys, that's all really useful and very reassuring!
Jzaniewski, what did you mean when you said that the functional level would be fine to leave at 2003 but would need to be 2003 R2? I didn't realise there was a 2003 R2 functional level?!!!
0
 
robclarke41Author Commented:
Also if I'm just adding a 2008 domain controller to a 2003 domain do I still need to run the forestprep and domainprep commands? or do I only do this when I'm ready to raise the functional level?
0
 
satishpetaCommented:
It will not allow you to promote the dc as domain controller until you run forestprep and domainprep. Also, keep in mind that it has to be ran on schema role holder DC.

adprep32 for 32-bits and adprep.exe for 64-bit.

Complete info with pictures can be found here:
http://www.petri.co.il/prepare-for-server-2008-r2-domain-controller.htm
0
 
jzaniewskiCommented:
Are you running Windows 2003 or Windows 2003 R2?
0
 
robclarke41Author Commented:
Our current domain controllers are just Windows 2003 - is this a problem for upgrading to 2008?
0
 
AhmedHERMICommented:
You can simply reuse your existing Windows Server 2003  Domain Controllers as Windows Server 2008 Domain Controllers.
0
 
jzaniewskiCommented:
You would need to make sure that if you're only on Windows 2003 Server, that you have all of your updates and service packs installed, including SP2.
Check out this page for steps on how to integrate and upgrade your DCs  http://technet.microsoft.com/en-us/library/cc731188(WS.10).aspx
0
 
robclarke41Author Commented:
Just one more question if I may!  Is it safe to run the forestprep and domainprep commands during working hours when the servers are in use or should this be run out of working hours because it causes disruption?
0
 
jzaniewskiCommented:
It's really going to depend on the size of the domain.  Performing either of these will lock the domain until the task is complete.  This means that no authentication can take place.  So if someone tries to logon while this task is taking place, they would end up using cached credentials and possibly not gain access to GPOs or redirected folders.

My recommendation is to perform these tasks during off hours.  If it's a small environment, the process shouldn't take more that 5 - 10 min each.
0
 
robclarke41Author Commented:
great, thanks for the tip!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.