Active Directory Domain Controller Migration From Server 2003 to Server 2012

Posted on 2013-02-03
Medium Priority
Last Modified: 2013-02-05
A client has a Windows 2003 Server as their AD domain controller.  This is the only server on their network.

We have purchased a new Windows 2012 server.  The goal is to set this up on the network and have it take over as the AD domain controller.  We are not getting rid of the 2003 server right away, but it will be taken down once some applications are installed on the new server.

Can anyone recommend a good checklist or resource of the steps necessary to set up the new 2012 server on the network, replicate the AD from the existing 2013 server, and become the new primary domain controller?  Then, anything that should be done with the 2013 server before it's taken off-line.

Any guidance to help make this a smooth transition would be greatly appreciated.

Matt Mrowicki
Question by:Matt Mrowicki
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 30

Expert Comment

ID: 38849120
well you can join the 2012 server to the domain then start to move the fsmo roles over and then raise the domain to 2012 when the 2003 server is finally just a member server although if you want to still use it you cannot raise the domain level or it will not work

Assisted Solution

teomcam earned 500 total points
ID: 38849200
Clause 0 FULL BACKUP of your old DC
1-Assign a static IP to the new server
2-Join the new server to the domain
3-Install AD Domain services on the new server and promote it, now you have 2 DCs. Change your new DC's preferred DNS server setting from the Ip settings and put the same IP address of new DC
4-In the next day, run dcdiag /v command to check if there is any error (in elevated cmd mode)
5-Run the repadmin /replsummary   (in elevated cmd mode)
6-Run dcdiag /test:dns /v  (in elevated cmd mode)
if everything ok, go ahead
7-Move FSMO roles to the new DC (one by on and take your time no rush on this task)
8-Check if the FSMO roles transferred successfully by running netdom query fsmo command, you must see the new DCs name in there on each FSMO roles
9-Move the other roles such as print server, dhcp, CA etc. On your DHCP server, edit the preferred DNS server IP address for teh clients so their IP setting also will be updated and they will start looking to the new DC
10-Shutdown the old DC for a couple of days and observe your network if there is any issue raising. If not, prepare for removing the old DC. Go to the old DC and run dcpromo and remove the old server(note: right before removal I would recommend you to run diagnostic commands above again)
11-After removal if you are not having any issue go to the DNS server management console and check every each tree and clean any left over from the old DC (if there is)
12-If any client having issue, run gpupdate /force
13-Everything OK everyone happy so its time to elevate Forest Function Level (if you are not going to use older version DC in the future)
14-Elevate the Domain Function Level(if you are not going to use older version DC in the future)
15-Switch to the SYSVOL_DFSR which requires 4 steps tom achive (FULL BACKUP RECOMMENDED prior this task)

Note: 13, 14 and 15 is optional. You don't have to this but since you have that opportunity why not!

Accepted Solution

Zenvenky earned 500 total points
ID: 38850092
1. Take Systemstate backup of 2003.
2. Raise forest and domain functional to 2003.
3. Join 2012 as member server.
4. Make sure you have domain, Schema and Enteprise Admin group membership.
5. Add 2003 DNS address to 2012 NIC as preferred DNS.
6. Disable basic Firewall on 2012
7. Install ADDS role in 2012, it will update the schema on server 2003 automatically.
8. Wait for 30 minutes and check eventviewer(System, DNS, DS Logs).
9. If everything is fine then transfer FSMO roles to 2012.
10. Once you transfer FSMO rolse to 2012, make this DC as authoritative Time Server using this KB.


Note: after everything is done, run DCDiag /v >>dcdiaglog.txt to check DC's health.
IMP: Do not disable IPv6, instead make it to "obtain ip address automatically" and "obtain dns server address automatically".

Author Comment

by:Matt Mrowicki
ID: 38857632
I performed the set up and migration of the new Windows 2012 server today and the information provided in these answers was perfectly helpful.  The only piece that was missing was some information on how to transfer the FSMO roles, but I found that with a quick search and it worked great.  Both servers are now running as Domain Controllers on the network, with the new Windows Server 2012 as primary.  We'll demote the 2003 server at a later time.  (And, once the 2003 server is gone, we'll raise the forest and domain functional on the 2012 server.)

Thank you for all of your time and assistance!

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question