Adding Windows 2008 R2 as, domain controller to Windows 2003 domain

I have 1 Window Server 2003 R2 64 bit SP2 and Window Server 2003 Standard E. 32 bit SP2. I would like to add new Window Server 2008 R2, and make it as the primary domain controller. I would then like to install DNS and DHCP on this new server, and point our exchange 2007 (no SP installed), SSL/VPN, Spam Firewall, and Firewall to this new Widow Server 2008 R2.
tomfontanillaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AnuroopsunddCommented:
You will require to do adprep /forestprep  for adding 2008 DC to your existing 2003 Domain.
0
Lee W, MVPTechnology and Business Process AdvisorCommented:
Impossible.  You cannot make the 2008 R2 server the Primary Domain Controller (PDC) because such a thing doesn't exist in Active Directory.

You CAN install 2008 R2 as a domain controller - the act of doing so should install DNS for you - and subsequently make it a global catalog, FSMO master, and DHCP server.

Why on earth would you be running Exchange 2007 with a service pack?  You should be fully patched - this is EXTREMELY unwise and dangerous.

Active Directory is a MULTIPLE MASTER system and whichever DC answers first is the DC that the service requesting DC services uses.  You can set the GC that Exchange uses - see http://www.windowsitpro.com/article/tips/q-how-can-i-specify-the-global-catalog-gc-that-i-want-my-microsoft-exchange-server-system-to-use-
0
CarlosDominguezCommented:
This is the documentation you need to do so:
http://technet.microsoft.com/en-us/library/upgrade-domain-controllers-to-windows-server-2008-r2(v=ws.10).aspx

If you prefer a shorter list, for your reference, I think this one could be valid for you:

Pre- Installation Verification checklist
o    Install Windows Server 2008 R2 as Domain Server (1)
o    Verify that your Domain and Forest Levels are full Windows Server 2003 and not Mixed or Interim Mode
o    Check Domain Schema version using regedit  
o    Verify the fsmo roles of all domain controllers.  Use netdom /query fsmo to see who holds what roles (you will use this again to verify new roles after promotion of 2008 DC)
o    Copy adprep directory from Windows 2008 Server Media to 2003DC (the schema owner and master) as we will use this to prepare the forest and domain for upgrade to 2008 DC.

Preparation of the Active Directory Environment prior to installing a 2008 DC
o    Run adprep to prepare 2003 Active Directory environment for 2008.  It is a good idea to verify that each of these are completed and replicated before going to the next step. All of these will run on your 2003DC.  You can use replmon or repadmin to verify replication.  Recommendation is to let set for 24 hours for each command but this might be overkill for some.
o    Adprep.exe /forestprep - to verify this go to the registry key above in the Pre-installation list and verify that the Schema version is now 44 on your 2003DC
o    Adprep.exe /domainprep
o    Adprep.exe /domainprep /gpprep.
o    Verify all changes have been made by reviewing event logs and the dcpromo.log and the dcpromoui.log.

Install AD Services on New Windows 2008 DC (DCPROMO)
o    Install AD Services
o    Install DNS Service
o    Make sure to add this server to the existing domain and not as a new DC
o    Make the new DC a Global Catalog Server in NTDS Settings in Sites and Services Admin Tool

Transfer FSMO roles to New Windows 2008 DC
o    Print out a copy of this Microsoft Tech document to walk through using the schmmgmt.dll for migrating fsmo roles (Installed and registered on Fiona).  This is for a 2003 DC but the procedures are the same for 2008 -  http://support.microsoft.com/kb/324801 .  Each role below should be moved to the new DC.
o    Schema Master Role
o    Domain Naming Master Role
o    RID Master/PDC Emulator/Infrastructure Master Roles
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

tomfontanillaAuthor Commented:
Leew,

I inherited this infrastructure with lots of issues 3 months ago, I fixing it as I go. That being said, I will try Carlos opinion.

Keep in mind my goal here is to replace one of the Window server 2003 as the master operator, and use it as DRP DC off site.

Carlos,

Thanks for the info,  I will review the link.

http://technet.microsoft.com/en-us/library/upgrade-domain-controllers-to-windows-server-2008-r2(v=ws.10).aspx
0
Lee W, MVPTechnology and Business Process AdvisorCommented:
I neglected to mention adprep but if you want good advice in general you need to understand the terminology and the technology.
0
tomfontanillaAuthor Commented:
Thank you Carlos.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.