Solved

Add Windows 2008 R2 Server as DC on Windows 2000 Domain

Posted on 2013-01-30
8
329 Views
Last Modified: 2013-05-31
Good day everyone. So I am looking at eventually shifting our entire domain to a Windows 2008 R2 domain.

Currently, our DC holding all FSMO roles is a Windows 2000 Server (and I believe the entire domain is a Windows 2000 Domain). We have three other DCs which are all Windows 2003 SP2 servers.

I want to add the Windows 2008 R2 server to the domain as a DC, transfer over all FSMO roles from the Windows 2000 server, and make it our primary DC.

What steps (the more detail the better) do i need to follow to make this happen and are there any issues with doing what I want to do? Any expected downtime for our environment?
0
Comment
Question by:mig1980
  • 4
  • 3
8 Comments
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 333 total points
ID: 38836443
High level steps:

prep your forest for 2008 R2 (adprep32 in this case)
install the 2008 R2 member server (can be done before the prep too)
use dcpromo to promote the box
make the box a global catalog (does it by default in the 2008 R2dcpromo process)
if you have DNS on your 2000 box install it on the 2008 box (checkbox)
At that point you have a fully functional 2008 R2 DC
Transfer FSMO roles to 2008 box
Point clients (static and DHCP) to the new box for DNS services.
once all your 2000 DCs are demoted you can raise the functional level.

There is a lot of great info on this subject already so I won't rewrite the book.  

The official Microsoft document

·     http://www.microsoft.com/downloads/details.aspx?familyid=FA629DE2-F4DD-47AC-8D80-3DB46B2877A2&displaylang=en

 

I also really like two blog entries by MVPs on the upgrade.  One is from Meinolf the other from Sander.  

·     http://msmvps.com/blogs/mweber/archive/2010/02/10/upgrading-an-active-directory-domain-from-windows-server-2003-to-windows-server-2008-or-windows-server-2008-r2.aspx



·     http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2010/05/26/transitioning-your-active-directory-to-windows-server-2008-r2.aspx

Thanks

Mike
0
 

Author Comment

by:mig1980
ID: 38836476
Now, does it matter if the server is already part of the domain but just not a DC? Would I still have to prep the forest?
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 333 total points
ID: 38836492
yes you still have to prep your forest/domain, that is to update the schema.  You are at version 13 now and you will be at 47 after the prep.  More on the version numbers here

http://adisfun.blogspot.com/2012/09/windows-2012-ad-schema-version.html

Thanks

Mike
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:mig1980
ID: 38836569
Would I experience any downtime? I want to know if I could do this during business hours.

Also, where would you run all of the commands mentioned? On the existing FSMO DC (Windows 2000) or on the new Windows 2008 server?

I am remotely located from the servers I manage. Would I be able to perform all of the tasks needed to add the Windows 2008 server as a DC remotely without restarting the servers?

 I am planning on being onsite for the transferring of FSMO roles from the Windows 2000 server to the Windows 2008 R2.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 38836981
You should not experience downtime, having said that we always do our schema updates/promotions after hours.

adprep is run on the schema master (forestprep) and infrastructure master (domain prep)

FSMO transfer from the 2008 box.

The box will need to be promoted after you make it a DC.

Thanks

Mike
0
 
LVL 11

Accepted Solution

by:
RickSheikh earned 167 total points
ID: 38836992
No downtime is expected if you follow all the good advice Mike has provided you. Having a good recovery plan is a good idea, thus, its generally a good idea to perform such changes in off hours. All tasks are remotely doable. Sander's blog above cover where the ADPREP should be run from, ADPREP bits need to be available (found on the new media i.e ISO for W2K8 R2) and if you have the proper rights. The server you promote as the first 2008 R2 (after the ADPREP) will have to be restarted after the DCPROMO is complete.

Also, take a look at this article.

Best Practices for Implementing Schema Updates or : How I Learned to Stop Worrying and Love the Forest Recovery
http://blogs.technet.com/b/askpfeplat/archive/2012/05/28/best-practices-for-implementing-schema-updates-or-how-i-learned-to-stop-worrying-and-love-the-forest-recovery.aspx
0
 

Author Comment

by:mig1980
ID: 38915930
Will be testing this out in the next two weeks. Will report back as to what my findings are.
0
 

Author Comment

by:mig1980
ID: 39211564
Unfortunately, this project was postponed. Will create another question when the project arises again.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are client relationship the only driver of a successful MSP? While important, client relationships are only one component. Learn how else MSPs can broaden their horizon and differentiate themselves.
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question