replace server 2003 domain ctrl with server 2008

ndedham1 used Ask the Experts™
I have a server 2003 domain ctrl that is noticeably old.  Time to replace with server 2008 domain ctrl.  Few questions: (primary question) What is best procedure for this?  (Secondary questions) .  Assuming that is done, what is best practice for backup domain ctrl?.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Is the 2003 DC that you are talking about the only DC you have? If not, do you know is what DC the FSMO rolls are?
Quick steps:
- upgrade 2003 AD scheme to be compatible with 2008 R2 scheme
- setup 2008 R2 server, then "dcpromo" it to existing domain as second DC
- make a plan what to do with DHCP role. IF you have DHCP range more than 50% free, then you may run both servers with DHCP role, one serving lower part of IP range, while other serving with higher range of IP addresses. Test and see how clients connect, watch for potential problems.
- let it run for few days, observe logs, see potential erros
- then move FSMO roles from old DC 2003 to new DC 2008
- wait few days to see if all runs fine
- SHARES...well,you may use MS tool for migrating shared folders to new server, but this is one of most annoying part, because you will break many existing user's links, which probably point to \\OLD-SERVER\
- when everything works fine on new server (you may also disconnect OLD one for few hours, connect few clients, login, logoff, test)
- when you are sure that NEW server is ready, then "dcpromo" old server out of the domain.

If you are brave enough, you may also afterwards RENAME new server to have the same name as old one, but before that be sure there is no trace of old one in AD database (use ADSI edit to explore database). But be aware, this is risky in many cases, and may lead to complications if not properly done.

That are main steps.
I suggest you Google each step for MS documents and step-by-step instructions.
Krzysztof PytkoSenior Active Directory Engineer
Top Expert 2012

please visit my blog and read article for this process at

then transfer all FSMO roles from the old DC to the new one

when you transfer PDC Emulator role, you need to advertise new time server in your forest

[...]- after transfer of the PDCEmulator role, configure the NEW PDCEmulator to an external timesource and reconfigure the old PDCEmulator to use the domainhierarchie now. Therefore run on the NEW "w32tm /config /manualpeerlist:PEERS /syncfromflags:manual /reliable:yes /update" where PEERS will be filled with the ip address or server( and on the OLD one run "w32tm /config /syncfromflags:domhier /reliable:no /update" and stop/start the time service on the old one. All commands run in an elevated command prompt without the quotes.[...]

it's an extract from MVP blog at

and if you wish you can add another 2008 DC

at the end, when you have more than 1 DC with 2008/2008R2 OS, you can demote the old one

and regarding DCs backup. Do regularly system state backup of each Domain Controller and store it in safe place to be able to restore AD database/objects in quick way.

On 2008/2008R2 you can use Windows Backup (wbadmin) which is available as feature

Question :What is best procedure for this?  

 As you are adding windows server 2008 in your environment , you need to prepare your AD by running ADprep command lines.

After this your AD schema version will be update to 44.

You should follow below article to understand this better.

You need to run Adprep command line on below FSMO roles holding DC

adprep.exe /forestprep                                            Schema Master
adprep.exe /domainprep                                        Infrastructure Master
adprep.exe /domainprep /gpprep                       Infrastructure Master
adprep.exe /rodcprep *                                           Domain Naming Master

 you can go ahead and skip adprep.exe /rodprep , if you are not planning or dont have RODC in your AD.

 Are adding a new hardware of you just want to upgrade it?

 If you are adding a new Hardware (new server), then just run dcrpromo on it and wait for replication. Once the Domain controller are in sync then you can safely demote the old windows server 2003 by running DCpromo on it

If you are upgarding the old server to new one , then above links will explain step by step procedure to accomplish this task.

what is best practice for backup domain ctrl?.

  All the DC's will be in sync due to replication, You can perform system state backup on any of the DC and utlise it in case of disaster.




All, thank you for commenting and I apologize for my lack of follow up.  I will digest these and create new questions if need be.  I am reveres engineering a domain enviroment but need to keep systems up 24/7.  It is a police dept.  One day at a time.......Thank you.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial