Upgrading Domain Controller to Server 2012

Posted on 2013-06-06
Medium Priority
Last Modified: 2013-06-07
We are upgrading the hardware of our Domain Controller which is Server 2008 (not R2).  We only have one DC in our domain.  What I plan to do is this...

-Install Server 2012 on new server
-Promote new server running Server 2012 to Domain Controller
-Demote old domain controller on Server 2008

Would this be the right sequence?  Will there be an issue going from Active Directory 2008 to 2012?  Anything I need to be aware of?  Do I first need to migrate AD to 2012?
Question by:bpl5000
LVL 16

Assisted Solution

uescomp earned 200 total points
ID: 39227027
In short, yes.

Join the 2012 server, make sure to delegate all the FSMO roles, promote the new 2012 and demote the 2008.
LVL 17

Assisted Solution

by:Brad Bouchard
Brad Bouchard earned 400 total points
ID: 39227097
Your steps you described are in perfect order.

You will first:

1)  Create your new 2012 server and get it up-to-date but don't promote it yet (technically you can't)
2)  You no longer need to run adprep on another DC from the 2012 folder that is on the CD/ISO because 2012 preps things for you.
3)  Add AD DS role to your 2012 server
4)  Run DCPROMO or promot this server to a DC from the Server Manager

Once you're done, transfer all FSMO roles to your new DC.

After that, decomission your old DC by running DCPROMO on it.  Removing DNS will happen on it too at this time.

You should be good to go, however remember to go manually update any statically set IP addresses with the new information and update your DHCP server with the new server name/IP.
LVL 18

Assisted Solution

by:Sarang Tinguria
Sarang Tinguria earned 200 total points
ID: 39227846
A tiny but important thing is to configure new 2012 server as a authoritative domain controller

Follow below article applies to 2012 also

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

LVL 10

Accepted Solution

ZenVenky earned 1200 total points
ID: 39228594
Yes, you are doing it right way. Agree with other experts, however let me tell you how you shall complete it.

1. Install 2012 on a machine and make it member server.
2. change the DNS pointings over NIC  and make sure it is pointing to 2008 DC.
3. Now Run DCDiag in verbose mode and check the AD health on 2008DC, fix them if you see any tests failed.
4. Promote 2012 as DC to the domain, this process will tak care of schema update (you shall have domain and enterprise admin permissions to do it).
5. Wait for replication to happen (atleast 2 hours).
6. If everything is fine, then transfer FSMO roles to 2012DC.
7. Change DNS pointings and make preferred DNS as itslef.
8. Make 2012DC as authoritative Time Server as Sarang mentioned.
9. Again wait for atleast 3 hours to check DC's health as your's a single DC environment.
10. If everything is fine, then demote 2008DC.
11. You can do itfrom ADUC, just select 2008DC and delete this will complete the metadata cleanup.
12. Go to sites and service and delete 2008DC's entries.
13. In DNS console delete 2008DC's entries.
14. Take complete backup of 2012DC using Windows Server Backup (SystemState).
15. You are DONE.


DNS Best Practices

Authoritative Time Server

Author Comment

ID: 39228839
I should have asked this before, but will there be any downtime?
LVL 17

Expert Comment

by:Brad Bouchard
ID: 39229188
Not if you do it right.

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Scripts are great for performing batch jobs against users, however sometimes the GUI is all you need.
Seizing the Operation Master Roles in Windows Server 2016 in case of FSMO holder failure.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question