Solved

Adding Windows 2008 R2 as, domain controller to Windows 2003 domain

Posted on 2012-04-02
6
792 Views
Last Modified: 2012-08-14
I have 1 Window Server 2003 R2 64 bit SP2 and Window Server 2003 Standard E. 32 bit SP2. I would like to add new Window Server 2008 R2, and make it as the primary domain controller. I would then like to install DNS and DHCP on this new server, and point our exchange 2007 (no SP installed), SSL/VPN, Spam Firewall, and Firewall to this new Widow Server 2008 R2.
0
Comment
Question by:tomfontanilla
6 Comments
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37798925
You will require to do adprep /forestprep  for adding 2008 DC to your existing 2003 Domain.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 37798926
Impossible.  You cannot make the 2008 R2 server the Primary Domain Controller (PDC) because such a thing doesn't exist in Active Directory.

You CAN install 2008 R2 as a domain controller - the act of doing so should install DNS for you - and subsequently make it a global catalog, FSMO master, and DHCP server.

Why on earth would you be running Exchange 2007 with a service pack?  You should be fully patched - this is EXTREMELY unwise and dangerous.

Active Directory is a MULTIPLE MASTER system and whichever DC answers first is the DC that the service requesting DC services uses.  You can set the GC that Exchange uses - see http://www.windowsitpro.com/article/tips/q-how-can-i-specify-the-global-catalog-gc-that-i-want-my-microsoft-exchange-server-system-to-use-
0
 
LVL 5

Accepted Solution

by:
CarlosDominguez earned 500 total points
ID: 37800346
This is the documentation you need to do so:
http://technet.microsoft.com/en-us/library/upgrade-domain-controllers-to-windows-server-2008-r2(v=ws.10).aspx

If you prefer a shorter list, for your reference, I think this one could be valid for you:

Pre- Installation Verification checklist
o    Install Windows Server 2008 R2 as Domain Server (1)
o    Verify that your Domain and Forest Levels are full Windows Server 2003 and not Mixed or Interim Mode
o    Check Domain Schema version using regedit  
o    Verify the fsmo roles of all domain controllers.  Use netdom /query fsmo to see who holds what roles (you will use this again to verify new roles after promotion of 2008 DC)
o    Copy adprep directory from Windows 2008 Server Media to 2003DC (the schema owner and master) as we will use this to prepare the forest and domain for upgrade to 2008 DC.

Preparation of the Active Directory Environment prior to installing a 2008 DC
o    Run adprep to prepare 2003 Active Directory environment for 2008.  It is a good idea to verify that each of these are completed and replicated before going to the next step. All of these will run on your 2003DC.  You can use replmon or repadmin to verify replication.  Recommendation is to let set for 24 hours for each command but this might be overkill for some.
o    Adprep.exe /forestprep - to verify this go to the registry key above in the Pre-installation list and verify that the Schema version is now 44 on your 2003DC
o    Adprep.exe /domainprep
o    Adprep.exe /domainprep /gpprep.
o    Verify all changes have been made by reviewing event logs and the dcpromo.log and the dcpromoui.log.

Install AD Services on New Windows 2008 DC (DCPROMO)
o    Install AD Services
o    Install DNS Service
o    Make sure to add this server to the existing domain and not as a new DC
o    Make the new DC a Global Catalog Server in NTDS Settings in Sites and Services Admin Tool

Transfer FSMO roles to New Windows 2008 DC
o    Print out a copy of this Microsoft Tech document to walk through using the schmmgmt.dll for migrating fsmo roles (Installed and registered on Fiona).  This is for a 2003 DC but the procedures are the same for 2008 -  http://support.microsoft.com/kb/324801 .  Each role below should be moved to the new DC.
o    Schema Master Role
o    Domain Naming Master Role
o    RID Master/PDC Emulator/Infrastructure Master Roles
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:tomfontanilla
ID: 37803991
Leew,

I inherited this infrastructure with lots of issues 3 months ago, I fixing it as I go. That being said, I will try Carlos opinion.

Keep in mind my goal here is to replace one of the Window server 2003 as the master operator, and use it as DRP DC off site.

Carlos,

Thanks for the info,  I will review the link.

http://technet.microsoft.com/en-us/library/upgrade-domain-controllers-to-windows-server-2008-r2(v=ws.10).aspx
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 37804122
I neglected to mention adprep but if you want good advice in general you need to understand the terminology and the technology.
0
 

Author Closing Comment

by:tomfontanilla
ID: 37805686
Thank you Carlos.
0

Featured Post

Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

Join & Write a Comment

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found listed in my profile here: http:…
Preface There are many applications where some computing systems need have their system clocks running synchronized within a small margin and eventually need to be in sync with the global time. There are different solutions for this, i.e. the W3…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now