Solved

Active Directory Domain Controller Migration From Server 2003 to Server 2012

Posted on 2013-02-03
4
2,016 Views
Last Modified: 2013-02-05
A client has a Windows 2003 Server as their AD domain controller.  This is the only server on their network.

We have purchased a new Windows 2012 server.  The goal is to set this up on the network and have it take over as the AD domain controller.  We are not getting rid of the 2003 server right away, but it will be taken down once some applications are installed on the new server.

Can anyone recommend a good checklist or resource of the steps necessary to set up the new 2012 server on the network, replicate the AD from the existing 2013 server, and become the new primary domain controller?  Then, anything that should be done with the 2013 server before it's taken off-line.

Any guidance to help make this a smooth transition would be greatly appreciated.

Matt Mrowicki
0
Comment
Question by:Matt Mrowicki
4 Comments
 
LVL 30

Expert Comment

by:IanTh
Comment Utility
well you can join the 2012 server to the domain then start to move the fsmo roles over and then raise the domain to 2012 when the 2003 server is finally just a member server although if you want to still use it you cannot raise the domain level or it will not work
0
 
LVL 8

Assisted Solution

by:teomcam
teomcam earned 125 total points
Comment Utility
Clause 0 FULL BACKUP of your old DC
1-Assign a static IP to the new server
2-Join the new server to the domain
3-Install AD Domain services on the new server and promote it, now you have 2 DCs. Change your new DC's preferred DNS server setting from the Ip settings and put the same IP address of new DC
4-In the next day, run dcdiag /v command to check if there is any error (in elevated cmd mode)
5-Run the repadmin /replsummary   (in elevated cmd mode)
6-Run dcdiag /test:dns /v  (in elevated cmd mode)
if everything ok, go ahead
7-Move FSMO roles to the new DC (one by on and take your time no rush on this task)
8-Check if the FSMO roles transferred successfully by running netdom query fsmo command, you must see the new DCs name in there on each FSMO roles
9-Move the other roles such as print server, dhcp, CA etc. On your DHCP server, edit the preferred DNS server IP address for teh clients so their IP setting also will be updated and they will start looking to the new DC
10-Shutdown the old DC for a couple of days and observe your network if there is any issue raising. If not, prepare for removing the old DC. Go to the old DC and run dcpromo and remove the old server(note: right before removal I would recommend you to run diagnostic commands above again)
11-After removal if you are not having any issue go to the DNS server management console and check every each tree and clean any left over from the old DC (if there is)
12-If any client having issue, run gpupdate /force
13-Everything OK everyone happy so its time to elevate Forest Function Level (if you are not going to use older version DC in the future)
14-Elevate the Domain Function Level(if you are not going to use older version DC in the future)
15-Switch to the SYSVOL_DFSR which requires 4 steps tom achive (FULL BACKUP RECOMMENDED prior this task)

Note: 13, 14 and 15 is optional. You don't have to this but since you have that opportunity why not!
0
 
LVL 9

Accepted Solution

by:
Zenvenky earned 125 total points
Comment Utility
1. Take Systemstate backup of 2003.
2. Raise forest and domain functional to 2003.
3. Join 2012 as member server.
4. Make sure you have domain, Schema and Enteprise Admin group membership.
5. Add 2003 DNS address to 2012 NIC as preferred DNS.
6. Disable basic Firewall on 2012
7. Install ADDS role in 2012, it will update the schema on server 2003 automatically.
8. Wait for 30 minutes and check eventviewer(System, DNS, DS Logs).
9. If everything is fine then transfer FSMO roles to 2012.
10. Once you transfer FSMO rolse to 2012, make this DC as authoritative Time Server using this KB.

http://support.microsoft.com/kb/816042

Note: after everything is done, run DCDiag /v >>dcdiaglog.txt to check DC's health.
IMP: Do not disable IPv6, instead make it to "obtain ip address automatically" and "obtain dns server address automatically".
0
 

Author Comment

by:Matt Mrowicki
Comment Utility
I performed the set up and migration of the new Windows 2012 server today and the information provided in these answers was perfectly helpful.  The only piece that was missing was some information on how to transfer the FSMO roles, but I found that with a quick search and it worked great.  Both servers are now running as Domain Controllers on the network, with the new Windows Server 2012 as primary.  We'll demote the 2003 server at a later time.  (And, once the 2003 server is gone, we'll raise the forest and domain functional on the 2012 server.)

Thank you for all of your time and assistance!
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Learn about cloud computing and its benefits for small business owners.
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now