Active Directory Domain Controller Migration From Server 2003 to Server 2012

Posted on 2013-02-03
Medium Priority
Last Modified: 2013-02-05
A client has a Windows 2003 Server as their AD domain controller.  This is the only server on their network.

We have purchased a new Windows 2012 server.  The goal is to set this up on the network and have it take over as the AD domain controller.  We are not getting rid of the 2003 server right away, but it will be taken down once some applications are installed on the new server.

Can anyone recommend a good checklist or resource of the steps necessary to set up the new 2012 server on the network, replicate the AD from the existing 2013 server, and become the new primary domain controller?  Then, anything that should be done with the 2013 server before it's taken off-line.

Any guidance to help make this a smooth transition would be greatly appreciated.

Matt Mrowicki
Question by:Matt Mrowicki
LVL 30

Expert Comment

ID: 38849120
well you can join the 2012 server to the domain then start to move the fsmo roles over and then raise the domain to 2012 when the 2003 server is finally just a member server although if you want to still use it you cannot raise the domain level or it will not work

Assisted Solution

teomcam earned 500 total points
ID: 38849200
Clause 0 FULL BACKUP of your old DC
1-Assign a static IP to the new server
2-Join the new server to the domain
3-Install AD Domain services on the new server and promote it, now you have 2 DCs. Change your new DC's preferred DNS server setting from the Ip settings and put the same IP address of new DC
4-In the next day, run dcdiag /v command to check if there is any error (in elevated cmd mode)
5-Run the repadmin /replsummary   (in elevated cmd mode)
6-Run dcdiag /test:dns /v  (in elevated cmd mode)
if everything ok, go ahead
7-Move FSMO roles to the new DC (one by on and take your time no rush on this task)
8-Check if the FSMO roles transferred successfully by running netdom query fsmo command, you must see the new DCs name in there on each FSMO roles
9-Move the other roles such as print server, dhcp, CA etc. On your DHCP server, edit the preferred DNS server IP address for teh clients so their IP setting also will be updated and they will start looking to the new DC
10-Shutdown the old DC for a couple of days and observe your network if there is any issue raising. If not, prepare for removing the old DC. Go to the old DC and run dcpromo and remove the old server(note: right before removal I would recommend you to run diagnostic commands above again)
11-After removal if you are not having any issue go to the DNS server management console and check every each tree and clean any left over from the old DC (if there is)
12-If any client having issue, run gpupdate /force
13-Everything OK everyone happy so its time to elevate Forest Function Level (if you are not going to use older version DC in the future)
14-Elevate the Domain Function Level(if you are not going to use older version DC in the future)
15-Switch to the SYSVOL_DFSR which requires 4 steps tom achive (FULL BACKUP RECOMMENDED prior this task)

Note: 13, 14 and 15 is optional. You don't have to this but since you have that opportunity why not!
LVL 10

Accepted Solution

ZenVenky earned 500 total points
ID: 38850092
1. Take Systemstate backup of 2003.
2. Raise forest and domain functional to 2003.
3. Join 2012 as member server.
4. Make sure you have domain, Schema and Enteprise Admin group membership.
5. Add 2003 DNS address to 2012 NIC as preferred DNS.
6. Disable basic Firewall on 2012
7. Install ADDS role in 2012, it will update the schema on server 2003 automatically.
8. Wait for 30 minutes and check eventviewer(System, DNS, DS Logs).
9. If everything is fine then transfer FSMO roles to 2012.
10. Once you transfer FSMO rolse to 2012, make this DC as authoritative Time Server using this KB.


Note: after everything is done, run DCDiag /v >>dcdiaglog.txt to check DC's health.
IMP: Do not disable IPv6, instead make it to "obtain ip address automatically" and "obtain dns server address automatically".

Author Comment

by:Matt Mrowicki
ID: 38857632
I performed the set up and migration of the new Windows 2012 server today and the information provided in these answers was perfectly helpful.  The only piece that was missing was some information on how to transfer the FSMO roles, but I found that with a quick search and it worked great.  Both servers are now running as Domain Controllers on the network, with the new Windows Server 2012 as primary.  We'll demote the 2003 server at a later time.  (And, once the 2003 server is gone, we'll raise the forest and domain functional on the 2012 server.)

Thank you for all of your time and assistance!

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question