AD from 2003 R2 to 2008 R2

Posted on 2013-09-24
Medium Priority
Last Modified: 2013-10-14
Hi All,

The company I work for currently has a server running windows 2003 R2 Standard.  This server is running active directory, DHCP and DNS.  It’s also a file server.  We just got a new server running windows 2008 R2 standard.  I want the new 2008 R2 to be our new domain controller.  How do I configure the new server to be the new domain controller and demote the current 2003 to be just a file server?

Please help, thanks in advance.
Question by:Reyesrj
LVL 29

Assisted Solution

becraig earned 500 total points
ID: 39519796
You will need to migrate the FSMO roles to the new server:
I found a really neat blog on this:
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 500 total points
ID: 39519804
How many DCs do you have now?  You always want at least two DCs.

High level steps:

prep your forest for 2008 R2 (use adprep32 if your current DC is 32 bit)
install the 2008 member server (can be done before the prep too)
use dcpromo to promote the box
make the box a global catalog (does it by default in the 2008 R2 dcpromo process)
if you have DNS on your 2003 box install it on the 2008 box
At that point you have a fully functional 2008 DC
Transfer FSMO roles to 2008 box
Point clients (static and DHCP) to the new box for DNS services.
You can demote your 2003 DC...but once again try to have two DCs

There is a lot of great info on this subject already so I won't rewrite the book.  

The official Microsoft document

·     http://www.microsoft.com/downloads/details.aspx?familyid=FA629DE2-F4DD-47AC-8D80-3DB46B2877A2&displaylang=en


I also really like two blog entries by MVPs on the upgrade.  One is from Meinolf the other from Sander.  

·     http://msmvps.com/blogs/mweber/archive/2010/02/10/upgrading-an-active-directory-domain-from-windows-server-2003-to-windows-server-2008-or-windows-server-2008-r2.aspx

·     http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2010/05/26/transitioning-your-active-directory-to-windows-server-2008-r2.aspx


LVL 36

Assisted Solution

by:Seth Simmons
Seth Simmons earned 500 total points
ID: 39519824
in addition, you probably want to relocate your dhcp configuration


once your 2008 domain controller is running, let it run for at least a few days to make sure there aren't any issues before you demote your 2003 server and have problems; you would want to use dcdiag to make sure the domain controllers are working well together.  resolve any issues before demoting the 2003 server

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why


Author Comment

ID: 39519842
Thanks All!
We have 1 DC and a replicating DC.  We have two offices that are connected via metro e.  The 2003 DC is in one location and the replicating server is in the other.  But eventually we will switch the two sine there are more users at the location where the replicating server is at.

I will start reading the links and hopefully start working on this tonight.

Thanks Again, more feed back is highly welcomed!
LVL 24

Accepted Solution

Sandeshdubey earned 500 total points
ID: 39519899
I will recommend to have two DCs in main site and one DC at other.This is the correct time to seperate file server role from DC.You need to prepare the domain by adprep tool and promote the new server as DC.First verify the health of existing DC by dcdiag /a and repadmin /replsum and if the health is good take the backup of DC and then proceed with new DC promotion.http://blogs.technet.com/b/askds/archive/2011/03/22/what-does-dcdiag-actually-do.aspx

Prepare a Windows 2000 or Windows Server 2003 Forest Schema for a Domain Controller That Runs Windows Server 2008 or Windows Server 2008 R2

Adding first Windows Server 2008 R2 Domain Controller within Windows 2003 network

You must transfer the FSMO roles to the 2008 machine then the process is as outlined at http://www.petri.co.il/transferring_fsmo_roles.htm

Also dont forget to configure authorative time server on the PDC role holder server below is the KB article for the same. http://support.microsoft.com/kb/816042

Change all of the clients (and the new 2008 DC itself), to point to the 2008 DC for their preferred DNS server this may be in DHCP options or the TCP/IP settings.

How to demote/decommision the Servers
http://technet.microsoft.com/en-us/library/cc740017(WS.10).aspx (how to demote a DC)
http://technet.microsoft.com/en-us/library/cc755937(WS.10).aspx (how to decommisioning a DC)
http://technet.microsoft.com/en-us/library/cc771844(WS.10).aspx (how to removing a DC from a Domain)

How to move a DHCP database from a computer that is running Windows Server 2003 to Windows Server 2008:http://support.microsoft.com/kb/962355

Hope this helps

Author Closing Comment

ID: 39572871
Thanks All!

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Native ability to set a user account password via AD GPO was removed because the passwords can be easily decrypted by any authenticated user in the domain. Microsoft recommends LAPS as a replacement and I have written an article that does something …
If you need to implement application level security in an Access database application or other VBA code, I strongly encourage you to take advantage of Active Directory groups.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

619 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question