Solved

Windows Domain Controller -- upgrade ?

Posted on 2014-07-25
5
220 Views
Last Modified: 2014-08-10
What articles do you recommend for a "Windows 2003 to 2012" domain controller update ?

http://technet.microsoft.com/library/hh994618.aspx
0
Comment
Question by:finance_teacher
  • 2
  • 2
5 Comments
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 125 total points
ID: 40220062
Do you mean 2003 to 2012 R2?

I'd start with this one:
http://blogs.technet.com/b/askds/archive/2014/07/23/it-turns-out-that-weird-things-can-happen-when-you-mix-windows-server-2003-and-windows-server-2012-r2-domain-controllers.aspx

And I'd suggest using downgrade rights and upgrade the DC to 2008 R2 instead in order to get rid of the 2003 DCs first.  Even if the above article wasn't a problem, you're jumping 5 versions if you're going 2003 (pre R2) to 2012 R2 and for me, it feels more comfortable going 2-3 versions not 5.  (I'd just have more confidence in the process because keep in mind, your network has evolved differently from my network and that fact that I may not have any issues doesn't mean you won't.
0
 
LVL 11

Assisted Solution

by:NetoMeter Screencasts
NetoMeter Screencasts earned 250 total points
ID: 40221075
Right now, there is an issue when you mix 2003 and 2012 R2 Domain Controllers - everybody is talking about this on the Internet:

http://blogs.technet.com/b/askds/archive/2014/07/23/it-turns-out-that-weird-things-can-happen-when-you-mix-windows-server-2003-and-windows-server-2012-r2-domain-controllers.aspx

You need to apply one of the three workarounds or if you are not pressed on time, wait for the hotfix to be released. A lot of people hit this issue and open support cases with Microsoft, so i guess the hotfix will be released quite soon.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 40221390
Wow,,, you completely missed my comment NetoMeter?
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 125 total points
ID: 40221457
I see no problem in just doing it.  Add the new one to the domain, promote it, add the IP of the new one as second DNS server entry at the clients. Test it, then demote the old one and set the new one's IP as first DNS server at the clients.
If you are afraid, stage it in a virtual test environment. But I don't see what one should be afraid off. All that is done to the old one is a schema upgrade.

The (double-)linked article shows a problem, but it is unlikely to even happen if you don't run the old and the new together for just a short while as computer account passwords are changed only every 30 days. But to make sure, you could adjust that time by GPO to, say, 60 days and so you will be able to test (running both old and new together) for a whole month (and then you can reset that policy) http://technet.microsoft.com/en-us/library/jj852252(v=ws.10).aspx
0
 
LVL 11

Assisted Solution

by:NetoMeter Screencasts
NetoMeter Screencasts earned 250 total points
ID: 40221628
Lee, I apologize for the double posting. I got under the impression that you are providing a link with instructions about the upgrade and figured out that it's the same link post-factum.

If it's a small environment and no co-existence is required - just one old 2003 DC with nothing else that's needed on it, I would agree with McKnife.

In real life, usually you need to have coexistence and move additional services like DHCP (with the scopes and leases), file shares, applications etc.

If this is the case, I would rather go with:
- Option 1: for a small network - get the list of machines with expiring passwords and reset the passwords manually.
- Option 2 or 3: for a large number of clients.
0

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question