Solved

Upgrading Primary DC's Windows OS

Posted on 2013-05-22
13
265 Views
Last Modified: 2013-06-03
Hi,

My primary domain controller for our company is a Hyper-V virtual server, running on Windows Server 2008 x64.  I've upgraded other DC's in the company to Windows Server 2008 R2 over the last 2 years, and feel that the primary should be on the same level or higher than them.  No rationale behind that thought, just makes sense in my head.

Regardless, I'm wondering what opinion's are out there for the path to do so.  Can I safely run an in-place upgrade to 2008 R2 or 2012 or should I start from scratch and build a new virtual.  Obviously the downfall to that is that I would have to demote the current and promote the new one, which has its challenges.

Any thoughts?

Thanks!
0
Comment
Question by:SGCAdmin
  • 5
  • 5
  • 3
13 Comments
 
LVL 8

Expert Comment

by:jpgobert
Comment Utility
An in-place upgrade from 08 x64 to 08 R2 or 2012 is supported.  If you want to cover your six then consider moving the FSMO roles to one of the other DC's, have fresh backups on-hand, and then run the upgrade.

I think you'll find the upgrade will go smoothly and you'll be fine.  Granted I don't know your environment but if everything is healthy  you should be fine.
0
 
LVL 1

Author Comment

by:SGCAdmin
Comment Utility
Thanks for the quick reply.  Yes, everything is healthy.  So does my rationale make sense, about the PDC being at the same level or higher of other DC's?  If it were you, would you do an in-place upgrade?

Thanks :-)
0
 
LVL 8

Accepted Solution

by:
jpgobert earned 155 total points
Comment Utility
So does my rationale make sense, about the PDC being at the same level or higher of other DC's?  

It doesn't not make sense :)  Personally I think if you have the available licensing and have no reason why it shouldn't be upgraded to match the rest of the controllers then it should be done.  Other guys would say if it isn't broken then don't change it...

If it were you, would you do an in-place upgrade?

It really depends on the age, use case and health of the box.  If the server is running well and is pretty clean (clean event logs, no sludge build up in the registry, etc.) then yeah I would.  If it were going from 2003 to 2008 R2 then no, I wouldn't.  That's just a personal preference though...

I'd definitely make sure to move the FSMO roles and take my backups first though... always better to be safe.
0
 
LVL 1

Author Comment

by:SGCAdmin
Comment Utility
Thanks for the insight.  Ok, 2 more things then while its fresh in your mind.  Not sure if your a Hyper-V person or not, but being that it is a virtual, I wonder if I can do the upgrade off-line, meaning, 1) back up the virtual server, 2) run the upgrade, 3) if something goes wrong, go back to original.  

Also, do you think I will need to run the 2 dcpromo commands if I go to 2008 R2 being that I have 3 other DC's that are already there.  I'm pretty sure no, but just want to double check.

Much appreciated.
0
 
LVL 8

Expert Comment

by:jpgobert
Comment Utility
I'm definitely a hyper-v person... big time :)

I'm not sure if it would cause a problem if you disconnected the virtual network during the upgrade.  If it were a regular member server it would be fine but with it being a DC it might throw a fit since all of the services of that role are network based... on the flip side, if it does throw a fit and fail while off the network it wouldn't have a chance to make any updates to the domain that you couldn't reverse... so what the hell, give it a shot...

I'm sure you've already done all the research but just in case you might want to give this site a once over:  Technet:  Upgrade Domain Controllers....

What DCPromo commands are you talking about?  Once you've moved the FMSO roles before the upgrade (because we're being safe) the server will still be a DC.  The upgrade to 08 R2 automatically handles the directory updates for that DC and after the last reboot it comes up as a fully functional 08 R2 DC.  Are you talking about something else that I'm not thinking of?
0
 
LVL 5

Assisted Solution

by:Eddie-Lopez
Eddie-Lopez earned 155 total points
Comment Utility
Hi there,

Sure, you should be able to back it up and restore it to the original version if you have any problems during the upgrade. Just don't use Hyper-V snapshots for that, since it's a domain controller.

And I second your thought of upgrading your PDC. If you have all your DCs on 2008R2 except your PDC, you will have to keep you Forest/Domain functionality at 2008 or lower. This may cause problems in the future if you need to install a new application that need a higher functionality level, plus you will be missing some nice new features that comes with 2008R2 functionality (like the AD Recycle Bin, for example).

Hope this helps,

Eddie
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 1

Author Comment

by:SGCAdmin
Comment Utility
Actually, forget what I said about dcpromo.  I was asking about the adprep commands : /forestprep and /domainprep.  But I'm fairly sure that I only need to run that once for each OS level I go to and I've already got 3 of 6 DC's @ 2008 R2.  Also, any chance you have a 'best practice' walk through of moving the FMSO roles from one DC to another?


Eddie,   Yeah, I dont use snapshots anyway.  Just nightly backups using a Hyper-V agent for BE 2012.  And yep, thats what my brain is saying too about my rationale of upgrading.  My only question is whether I go to Server 2012 or not at this point.  I would have to buy user cals for the entire company, which can get pricey, but I have to do it at some point.
0
 
LVL 8

Expert Comment

by:jpgobert
Comment Utility
I could look one up for you (best practice guide) but from my experience here's the key things:
Never assume you know what roles are held by what servers.  Always check first.
Verify replication is working by running dcdiag /test:replications
Take action on any problems you find
Decide which DC you want to transfer the roles to
Go ahead and perform the transfers

The following KB from Microsoft provides the steps to transfer the roles using ntdsutil:  Using Ntdsutil.exe to transfer or seize FSMO roles

The following TechNet page shows step by step on transferring the roles using the GUI AD management tools:  Transferring FSMO Roles in Windows Server 2008
0
 
LVL 5

Expert Comment

by:Eddie-Lopez
Comment Utility
Here's some info about transferring FSMO roles:

http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/e4c605ff-b74c-46d5-b72a-f0033e4412fa

If you can do the investment, I would go directly to 2012. And you can go from 2008 to 2012 directly, as long as your 2008 environment is 64 bits. More info on that:

http://technet.microsoft.com/en-us/library/hh994618.aspx
0
 
LVL 1

Author Comment

by:SGCAdmin
Comment Utility
Great, thanks guys.  I need to convince the CIO that Server 2012 is worth going to, but he's in the mindset to wait for SP1.  I am going to leave this open for a couple days in case there is any more suggestions/feedback, but I appreciate all the helpful comments.  

Thanks again.
0
 
LVL 8

Expert Comment

by:jpgobert
Comment Utility
I can help you there easily.

Put the information together on the advances in hyper-v for 2012.  Also explain to him about the new licensing schema and the fact that 2012 Standard and Datacenter have absolutely no feature differences anymore.  The only difference is in the number of VM's you're licensed for with each license you buy,

For 2-socket systems:

One Standard = bare metal install + 2 VM's on the same box.
One Datacenter = bare metal install + unlimited VM's on the same box.

I'm telling you man you can sell him on it... just gotta play your cards right :)
0
 
LVL 5

Expert Comment

by:Eddie-Lopez
Comment Utility
That's a common mindset ("let's wait until SP1 is out before implementing it"), and it is not necessarily a bad practice. But at least I can give you my personal experience, we started implementing WS2012 about 1 month after launch. So far we got about 50 servers (both physical and virtual) running WS2012, including Domain Controllers, Hyper-V Hosts, DHCP, WSUS, Application Servers, Web Servers, etc. and no OS-related issues so far.
0
 
LVL 1

Author Closing Comment

by:SGCAdmin
Comment Utility
Thanks to all for your knowledgeable and quick answers.  I will be upgrading before the end of the month.

Much appreciated!
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Why should I virtualize?  It’s a question that’s asked often enough.  My response is usually “Why SHOULDN’T you virtualize?”
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now