?
Solved

Server 2012 R2 DC Upgrade

Posted on 2014-03-18
4
Medium Priority
?
5,300 Views
Last Modified: 2014-03-19
I currently have 2 domain controllers running Server 2008 SP2 STD.

I would like to install a 3rd DC running Server 2012R2.

I have successfully prepared for this by doing the following on an existing DC...:

adprep /forestprep

adprep /domainprep

adprep /domainprep /gpprep

Once I run DCPROMO on the new Server 2012R2 installation I get a warning message abbout the crypto security...

Is the upgrade safe?

Anything I should be concerned about?

My goal is to demote one of the 2008 DCs and upgrade the other once this new one is in place and functioning properly.

Both my Domain and forest function level are Server 2003.

Please assist!!
0
Comment
Question by:BSModlin
  • 2
4 Comments
 
LVL 85

Expert Comment

by:David Johnson, CD, MVP
ID: 39938824
what was the warning?
0
 
LVL 39

Expert Comment

by:Mahesh
ID: 39939043
With windows 2012 R2 active directory, windows server 2003 DFL and FFL are deprecated and you will be notified about that

In future you need to consider upgrading functional levels to atlest 2008

Are you talking about that

Mahesh
0
 

Author Comment

by:BSModlin
ID: 39939667
Here is the message I get from the prerequisite check:

Windows Server 2012 R2 domain controllers have a default for the security setting named "Allow cryptography algorithms compatible with Windows NT 4.0" that prevents weaker cryptography algorithms when establishing security channel sessions.

For more information about this setting, see Knowledge Base article 942564 (http://go.microsoft.com/fwlink/?LinkId=104751).

Should I be concerned...
0
 
LVL 39

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 39939893
Beginning with Windows Server 2008, the operating system stopped using “legacy” cryptography algorithms for secure channel communications. By default, Windows NT 4.0 (and other applications/OS’s that use this algorithm) will not be able to establish a secure channel (or otherwise authenticate) with a Windows Server 2008, or higher, domain controller. There is a configuration setting/GPO that can reverse this behaviour – “Allow cryptography algorithms compatible with Windows NT 4.0”. Be warned; however, that even this configuration option will not allow Windows Server 2008 R2 and NT 4.0 to work across a trust relationship.

I don't think you are having windows NT4 client \ server machines
You don't need to worry about above setting
http://blogs.technet.com/b/askpfeplat/archive/2013/06/03/upgrade-active-directory-to-windows-server-2012-phase-1-assessment.aspx

Mahesh
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question