Solved

Windows Domain Controller -- upgrade ?

Posted on 2014-07-25
5
201 Views
Last Modified: 2014-08-10
What articles do you recommend for a "Windows 2003 to 2012" domain controller update ?

http://technet.microsoft.com/library/hh994618.aspx
0
Comment
Question by:finance_teacher
  • 2
  • 2
5 Comments
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 125 total points
ID: 40220062
Do you mean 2003 to 2012 R2?

I'd start with this one:
http://blogs.technet.com/b/askds/archive/2014/07/23/it-turns-out-that-weird-things-can-happen-when-you-mix-windows-server-2003-and-windows-server-2012-r2-domain-controllers.aspx

And I'd suggest using downgrade rights and upgrade the DC to 2008 R2 instead in order to get rid of the 2003 DCs first.  Even if the above article wasn't a problem, you're jumping 5 versions if you're going 2003 (pre R2) to 2012 R2 and for me, it feels more comfortable going 2-3 versions not 5.  (I'd just have more confidence in the process because keep in mind, your network has evolved differently from my network and that fact that I may not have any issues doesn't mean you won't.
0
 
LVL 11

Assisted Solution

by:NetoMeter Screencasts
NetoMeter Screencasts earned 250 total points
ID: 40221075
Right now, there is an issue when you mix 2003 and 2012 R2 Domain Controllers - everybody is talking about this on the Internet:

http://blogs.technet.com/b/askds/archive/2014/07/23/it-turns-out-that-weird-things-can-happen-when-you-mix-windows-server-2003-and-windows-server-2012-r2-domain-controllers.aspx

You need to apply one of the three workarounds or if you are not pressed on time, wait for the hotfix to be released. A lot of people hit this issue and open support cases with Microsoft, so i guess the hotfix will be released quite soon.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 40221390
Wow,,, you completely missed my comment NetoMeter?
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 125 total points
ID: 40221457
I see no problem in just doing it.  Add the new one to the domain, promote it, add the IP of the new one as second DNS server entry at the clients. Test it, then demote the old one and set the new one's IP as first DNS server at the clients.
If you are afraid, stage it in a virtual test environment. But I don't see what one should be afraid off. All that is done to the old one is a schema upgrade.

The (double-)linked article shows a problem, but it is unlikely to even happen if you don't run the old and the new together for just a short while as computer account passwords are changed only every 30 days. But to make sure, you could adjust that time by GPO to, say, 60 days and so you will be able to test (running both old and new together) for a whole month (and then you can reset that policy) http://technet.microsoft.com/en-us/library/jj852252(v=ws.10).aspx
0
 
LVL 11

Assisted Solution

by:NetoMeter Screencasts
NetoMeter Screencasts earned 250 total points
ID: 40221628
Lee, I apologize for the double posting. I got under the impression that you are providing a link with instructions about the upgrade and figured out that it's the same link post-factum.

If it's a small environment and no co-existence is required - just one old 2003 DC with nothing else that's needed on it, I would agree with McKnife.

In real life, usually you need to have coexistence and move additional services like DHCP (with the scopes and leases), file shares, applications etc.

If this is the case, I would rather go with:
- Option 1: for a small network - get the list of machines with expiring passwords and reset the passwords manually.
- Option 2 or 3: for a large number of clients.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Synchronize a new Active Directory domain with an existing Office 365 tenant
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now