SGCAdmin
asked on
Upgrading Primary DC's Windows OS
Hi,
My primary domain controller for our company is a Hyper-V virtual server, running on Windows Server 2008 x64. I've upgraded other DC's in the company to Windows Server 2008 R2 over the last 2 years, and feel that the primary should be on the same level or higher than them. No rationale behind that thought, just makes sense in my head.
Regardless, I'm wondering what opinion's are out there for the path to do so. Can I safely run an in-place upgrade to 2008 R2 or 2012 or should I start from scratch and build a new virtual. Obviously the downfall to that is that I would have to demote the current and promote the new one, which has its challenges.
Any thoughts?
Thanks!
My primary domain controller for our company is a Hyper-V virtual server, running on Windows Server 2008 x64. I've upgraded other DC's in the company to Windows Server 2008 R2 over the last 2 years, and feel that the primary should be on the same level or higher than them. No rationale behind that thought, just makes sense in my head.
Regardless, I'm wondering what opinion's are out there for the path to do so. Can I safely run an in-place upgrade to 2008 R2 or 2012 or should I start from scratch and build a new virtual. Obviously the downfall to that is that I would have to demote the current and promote the new one, which has its challenges.
Any thoughts?
Thanks!
ASKER
Thanks for the quick reply. Yes, everything is healthy. So does my rationale make sense, about the PDC being at the same level or higher of other DC's? If it were you, would you do an in-place upgrade?
Thanks :-)
Thanks :-)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the insight. Ok, 2 more things then while its fresh in your mind. Not sure if your a Hyper-V person or not, but being that it is a virtual, I wonder if I can do the upgrade off-line, meaning, 1) back up the virtual server, 2) run the upgrade, 3) if something goes wrong, go back to original.
Also, do you think I will need to run the 2 dcpromo commands if I go to 2008 R2 being that I have 3 other DC's that are already there. I'm pretty sure no, but just want to double check.
Much appreciated.
Also, do you think I will need to run the 2 dcpromo commands if I go to 2008 R2 being that I have 3 other DC's that are already there. I'm pretty sure no, but just want to double check.
Much appreciated.
I'm definitely a hyper-v person... big time :)
I'm not sure if it would cause a problem if you disconnected the virtual network during the upgrade. If it were a regular member server it would be fine but with it being a DC it might throw a fit since all of the services of that role are network based... on the flip side, if it does throw a fit and fail while off the network it wouldn't have a chance to make any updates to the domain that you couldn't reverse... so what the hell, give it a shot...
I'm sure you've already done all the research but just in case you might want to give this site a once over: Technet: Upgrade Domain Controllers....
What DCPromo commands are you talking about? Once you've moved the FMSO roles before the upgrade (because we're being safe) the server will still be a DC. The upgrade to 08 R2 automatically handles the directory updates for that DC and after the last reboot it comes up as a fully functional 08 R2 DC. Are you talking about something else that I'm not thinking of?
I'm not sure if it would cause a problem if you disconnected the virtual network during the upgrade. If it were a regular member server it would be fine but with it being a DC it might throw a fit since all of the services of that role are network based... on the flip side, if it does throw a fit and fail while off the network it wouldn't have a chance to make any updates to the domain that you couldn't reverse... so what the hell, give it a shot...
I'm sure you've already done all the research but just in case you might want to give this site a once over: Technet: Upgrade Domain Controllers....
What DCPromo commands are you talking about? Once you've moved the FMSO roles before the upgrade (because we're being safe) the server will still be a DC. The upgrade to 08 R2 automatically handles the directory updates for that DC and after the last reboot it comes up as a fully functional 08 R2 DC. Are you talking about something else that I'm not thinking of?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Actually, forget what I said about dcpromo. I was asking about the adprep commands : /forestprep and /domainprep. But I'm fairly sure that I only need to run that once for each OS level I go to and I've already got 3 of 6 DC's @ 2008 R2. Also, any chance you have a 'best practice' walk through of moving the FMSO roles from one DC to another?
Eddie, Yeah, I dont use snapshots anyway. Just nightly backups using a Hyper-V agent for BE 2012. And yep, thats what my brain is saying too about my rationale of upgrading. My only question is whether I go to Server 2012 or not at this point. I would have to buy user cals for the entire company, which can get pricey, but I have to do it at some point.
Eddie, Yeah, I dont use snapshots anyway. Just nightly backups using a Hyper-V agent for BE 2012. And yep, thats what my brain is saying too about my rationale of upgrading. My only question is whether I go to Server 2012 or not at this point. I would have to buy user cals for the entire company, which can get pricey, but I have to do it at some point.
I could look one up for you (best practice guide) but from my experience here's the key things:
The following KB from Microsoft provides the steps to transfer the roles using ntdsutil: Using Ntdsutil.exe to transfer or seize FSMO roles
The following TechNet page shows step by step on transferring the roles using the GUI AD management tools: Transferring FSMO Roles in Windows Server 2008
Never assume you know what roles are held by what servers. Always check first.
Verify replication is working by running dcdiag /test:replications
Take action on any problems you find
Decide which DC you want to transfer the roles to
Go ahead and perform the transfers
The following KB from Microsoft provides the steps to transfer the roles using ntdsutil: Using Ntdsutil.exe to transfer or seize FSMO roles
The following TechNet page shows step by step on transferring the roles using the GUI AD management tools: Transferring FSMO Roles in Windows Server 2008
Here's some info about transferring FSMO roles:
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/e4c605ff-b74c-46d5-b72a-f0033e4412fa
If you can do the investment, I would go directly to 2012. And you can go from 2008 to 2012 directly, as long as your 2008 environment is 64 bits. More info on that:
http://technet.microsoft.com/en-us/library/hh994618.aspx
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/e4c605ff-b74c-46d5-b72a-f0033e4412fa
If you can do the investment, I would go directly to 2012. And you can go from 2008 to 2012 directly, as long as your 2008 environment is 64 bits. More info on that:
http://technet.microsoft.com/en-us/library/hh994618.aspx
ASKER
Great, thanks guys. I need to convince the CIO that Server 2012 is worth going to, but he's in the mindset to wait for SP1. I am going to leave this open for a couple days in case there is any more suggestions/feedback, but I appreciate all the helpful comments.
Thanks again.
Thanks again.
I can help you there easily.
Put the information together on the advances in hyper-v for 2012. Also explain to him about the new licensing schema and the fact that 2012 Standard and Datacenter have absolutely no feature differences anymore. The only difference is in the number of VM's you're licensed for with each license you buy,
For 2-socket systems:
One Standard = bare metal install + 2 VM's on the same box.
One Datacenter = bare metal install + unlimited VM's on the same box.
I'm telling you man you can sell him on it... just gotta play your cards right :)
Put the information together on the advances in hyper-v for 2012. Also explain to him about the new licensing schema and the fact that 2012 Standard and Datacenter have absolutely no feature differences anymore. The only difference is in the number of VM's you're licensed for with each license you buy,
For 2-socket systems:
One Standard = bare metal install + 2 VM's on the same box.
One Datacenter = bare metal install + unlimited VM's on the same box.
I'm telling you man you can sell him on it... just gotta play your cards right :)
That's a common mindset ("let's wait until SP1 is out before implementing it"), and it is not necessarily a bad practice. But at least I can give you my personal experience, we started implementing WS2012 about 1 month after launch. So far we got about 50 servers (both physical and virtual) running WS2012, including Domain Controllers, Hyper-V Hosts, DHCP, WSUS, Application Servers, Web Servers, etc. and no OS-related issues so far.
ASKER
Thanks to all for your knowledgeable and quick answers. I will be upgrading before the end of the month.
Much appreciated!
Much appreciated!
I think you'll find the upgrade will go smoothly and you'll be fine. Granted I don't know your environment but if everything is healthy you should be fine.