Solved

Upgrade Domain Controllers from Windows Server 2003 R2 to Windows Server 2012 R2 or 2008 R2 and Exchange 2010

Posted on 2014-01-21
7
1,844 Views
Last Modified: 2014-01-23
We have Windows Server 2003 R2 Domian Controllers, which we want to upgrade to Windows Server 2012 R2. In our environment we also have Exchange 2010 v.14.03.0.158.001

There are 2 sites
There are 2 domain controllers per site
and one exchange server that has 2 iis sites one for External clients and one for internal
We also have quite a bit of group policies that we'd like to retain
All but Exchange are VMs on VMware hosts
Our domain controllers are backed up with Veeam 7 and Exchange with Symantec BE 2012
Our Domain and Forest Functional Levels are both Windows Server 2003

Q1: I'm looking for the procedure to upgrade domain controllers and Active Directory to at least 2008 R2 functional level, given the above scenario.
Also:
Are there any underwater stones that someone doing upgrade should be aware?
What is the best way to backup and recover DCs, Exchange and AD in case of a failure?
Are there any changes to Group Policies that may happen during upgrade, which may cause them to apply in a wrong way?

Q2: Does it make sense to upgrade to 2012 R2 yet, or it's better to wait for a while till enough patches are released?
0
Comment
Question by:Alumicor
  • 3
  • 2
  • 2
7 Comments
 
LVL 18

Assisted Solution

by:irweazelwallis
irweazelwallis earned 250 total points
ID: 39798592
Ok some simple steps/guidelines

Backup - best off using Windows Serverback up for AD so that you can restore the data back into AD, as restore a virtual domain controller isn't a great plan.
here is a nice step-by-step for that http://technet.microsoft.com/en-us/magazine/2008.05.adbackup.aspx

Exchange if you only have one server then make sure you have the data from the mailboxes and any certs and custom config then you can use recover server to resintall Exchange.

Upgrade
are you looking for an inplace upgrade as that not the best plan for DC's
If you have spare Physical Kit then i suggest installing  a member server to 2012 and then promoting to a DC's (it will do a schema prep as it installs the role)

then you can move the FSMO roles onto the new DC's

leave for a few days to settle in and then you can start working your way round dcpromo out the 2008 Dc's and then replacing with new Dc's. If you decommison properly and one at a time then you can avoid have to change where servers are point for DNS etc (this was the biggest issue for us with Static IP config so i removed server completely and then reused the same IP)

server 2012 r2 is good

stick with exchange 2010 for now
0
 
LVL 18

Expert Comment

by:irweazelwallis
ID: 39798598
the only changes to group policy are improvements - you get additional templates for configuring win8 and 2012 features

you'll need 2012R2 if you have IE11 you want to control with GPO as this can only be done with Group Policy preferences and not from the old IE maintenance
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 250 total points
ID: 39798884
Answers are below...
Q1. high level steps are...
- Make sure replication is operating correctly before.
- forest/domain prep gpprep and rodc prep (using ADPREP)
- Introduce the first 2008R2 domain controller
- Add addtional DC's to your environment (i would recommend atleast 2 per site)
- Transfer the FSMO roles to a 2008R2 DC
- Configure DNS on servers to point to the new 2008R2 DC's (configure DHCP as well)
- Make sure that all DC's in your environment are GC's as well
- Decommission the 2003 DC's until they are all removed

Upgrade experience...
- When you do an upgrade from 2003 to 2008/R2 make sure that you monitor Sysvol closely. I have seen many times when you introduce 2008 into a 2003 environment not all Sysvol replicated initally to the 2008 DC's. I had to manually copy the scripts/policies to the 2008 DC's (replicaiton was working accordingly). This has happened to me twice doing upgrade.
- Also Slow Network detection GPO. If you have XP clients in your environment you will want to enable this policy as you will run into issues when all of the 2003 DC's have been eliminated with XP machines not getting drive mappings due to network connections are too fast and the drives do not map. keep that in mind.

Best way to proect AD is having multiple DC's in your environment. This allows for redundancy and also transfering roles to other DC's if something happens to your FSMO holder. You should also do a system state which is good if you are in a situation where you need to rebuild the entire domain as all of the DC's have been compromised/corrupted.

GPO's will work the same, however there are new GPO's in 2008 but your migrated ones will work accordingly.

Q2.
As for upgrade to Server 2012 or 2008R2, if i were in your position i personally would upgrade to 2012R2 because it is the latest and if you upgrade to 2008R2 you will soon be in the same situation where you will need to upgrade again. If you have the licenses for 2012R2 then upgrade. Just make sure that you have the appropriate number of CALs for the users that will authenticate againts the 2012 DC's

Will.
0
 

Author Comment

by:Alumicor
ID: 39799952
So there is no way to have exchange backed up and recovered like nothing happened? There were a lot of customization done and I'm trying to find a solution to minimize amounts of work in case of failed upgrade
Do GPO Preferences actually work now for IE in 2012R2? Will it work for IE10? We don't really plan to upgrade IE, but who knows.
What about upgrading to 2012R2, does it have those Sysvol replication issues?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39800187
•Our domain controllers are backed up with Veeam 7 and Exchange with Symantec BE 2012
You have stated that you are already using Backup Exec to take backups of your Exchange Enviornment. My personal opinion for backups for Exchange is to have an Exchange Aware Backup solution which you have. If possible based on your backup schedule you should take advantage of Symantec's GRT technology for Granular Recover for Exchange,

•Do GPO Preferences actually work now for IE in 2012R2? Will it work for IE10? We don't really plan to upgrade IE, but who knows.
I have not tested Preferences in my lab yet with 2012R2. I would assume that it works as the R2 release has changed/corrected a lot of features/functionality. But as i have stated i have not tested this myself.

•What about upgrading to 2012R2, does it have those Sysvol replication issues?
As for the Sysvol replication issues i had previously with 2008R2 i have not come across this while doing 2012 migration. This only happend a couple of times when doing 2008R2 migration so it might have been a bug at the time which now might be corrected. I just wanted to provide you with some of my own (baptism by fire experiences) the sysvol thing is something that i always look for now.


Will.
0
 
LVL 18

Expert Comment

by:irweazelwallis
ID: 39800239
if you lose the data from exchange then its not problem but there are steps for recovering an entire server and just restoring the server as is. Basically most of the config is stored in AD i.e. accepted domains, etc etc so recovering the server will pull that data out and then restored the mailboxes into that.

IE preferences do work in with my testing, the only issue is where you have a mix of clients and DC's i.e. they can only be set/controlled for IE11 from 2012 r2 and there are some issues with 2003 DC's applying them.

I have not come across any replication issues either with 2012 R2
0
 

Author Closing Comment

by:Alumicor
ID: 39803176
Thanks guys for sharing some of your experience. I understand it's hard to give more detailed answer as each environment is very unique and may carry various of other possibilities.
Your posts have given me enough info to start working with. Thank you for that!
0

Join & Write a Comment

I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now