Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Upgrading Domain Controller to Server 2012

Posted on 2013-06-06
6
Medium Priority
?
535 Views
Last Modified: 2013-06-07
We are upgrading the hardware of our Domain Controller which is Server 2008 (not R2).  We only have one DC in our domain.  What I plan to do is this...

-Install Server 2012 on new server
-Promote new server running Server 2012 to Domain Controller
-Demote old domain controller on Server 2008

Would this be the right sequence?  Will there be an issue going from Active Directory 2008 to 2012?  Anything I need to be aware of?  Do I first need to migrate AD to 2012?
0
Comment
Question by:bpl5000
6 Comments
 
LVL 16

Assisted Solution

by:uescomp
uescomp earned 200 total points
ID: 39227027
In short, yes.

Join the 2012 server, make sure to delegate all the FSMO roles, promote the new 2012 and demote the 2008.
0
 
LVL 17

Assisted Solution

by:Brad Bouchard
Brad Bouchard earned 400 total points
ID: 39227097
Your steps you described are in perfect order.

You will first:

1)  Create your new 2012 server and get it up-to-date but don't promote it yet (technically you can't)
2)  You no longer need to run adprep on another DC from the 2012 folder that is on the CD/ISO because 2012 preps things for you.
3)  Add AD DS role to your 2012 server
4)  Run DCPROMO or promot this server to a DC from the Server Manager

Once you're done, transfer all FSMO roles to your new DC.
http://www.petri.co.il/transferring_fsmo_roles.htm

After that, decomission your old DC by running DCPROMO on it.  Removing DNS will happen on it too at this time.

You should be good to go, however remember to go manually update any statically set IP addresses with the new information and update your DHCP server with the new server name/IP.
0
 
LVL 18

Assisted Solution

by:Sarang Tinguria
Sarang Tinguria earned 200 total points
ID: 39227846
A tiny but important thing is to configure new 2012 server as a authoritative domain controller

Follow below article applies to 2012 also

http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/A_10789-Time-Service-Configuration.html
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 10

Accepted Solution

by:
Zenvenky earned 1200 total points
ID: 39228594
Yes, you are doing it right way. Agree with other experts, however let me tell you how you shall complete it.

1. Install 2012 on a machine and make it member server.
2. change the DNS pointings over NIC  and make sure it is pointing to 2008 DC.
3. Now Run DCDiag in verbose mode and check the AD health on 2008DC, fix them if you see any tests failed.
4. Promote 2012 as DC to the domain, this process will tak care of schema update (you shall have domain and enterprise admin permissions to do it).
5. Wait for replication to happen (atleast 2 hours).
6. If everything is fine, then transfer FSMO roles to 2012DC.
7. Change DNS pointings and make preferred DNS as itslef.
8. Make 2012DC as authoritative Time Server as Sarang mentioned.
9. Again wait for atleast 3 hours to check DC's health as your's a single DC environment.
10. If everything is fine, then demote 2008DC.
11. You can do itfrom ADUC, just select 2008DC and delete this will complete the metadata cleanup.
12. Go to sites and service and delete 2008DC's entries.
13. In DNS console delete 2008DC's entries.
14. Take complete backup of 2012DC using Windows Server Backup (SystemState).
15. You are DONE.

Reference:

DNS Best Practices

Authoritative Time Server
0
 
LVL 5

Author Comment

by:bpl5000
ID: 39228839
I should have asked this before, but will there be any downtime?
0
 
LVL 17

Expert Comment

by:Brad Bouchard
ID: 39229188
Not if you do it right.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

876 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question