?
Solved

Windows Domain Controller -- upgrade ?

Posted on 2014-07-25
5
Medium Priority
?
240 Views
Last Modified: 2014-08-10
What articles do you recommend for a "Windows 2003 to 2012" domain controller update ?

http://technet.microsoft.com/library/hh994618.aspx
0
Comment
Question by:finance_teacher
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 96

Accepted Solution

by:
Lee W, MVP earned 500 total points
ID: 40220062
Do you mean 2003 to 2012 R2?

I'd start with this one:
http://blogs.technet.com/b/askds/archive/2014/07/23/it-turns-out-that-weird-things-can-happen-when-you-mix-windows-server-2003-and-windows-server-2012-r2-domain-controllers.aspx

And I'd suggest using downgrade rights and upgrade the DC to 2008 R2 instead in order to get rid of the 2003 DCs first.  Even if the above article wasn't a problem, you're jumping 5 versions if you're going 2003 (pre R2) to 2012 R2 and for me, it feels more comfortable going 2-3 versions not 5.  (I'd just have more confidence in the process because keep in mind, your network has evolved differently from my network and that fact that I may not have any issues doesn't mean you won't.
0
 
LVL 11

Assisted Solution

by:NetoMeter Screencasts
NetoMeter Screencasts earned 1000 total points
ID: 40221075
Right now, there is an issue when you mix 2003 and 2012 R2 Domain Controllers - everybody is talking about this on the Internet:

http://blogs.technet.com/b/askds/archive/2014/07/23/it-turns-out-that-weird-things-can-happen-when-you-mix-windows-server-2003-and-windows-server-2012-r2-domain-controllers.aspx

You need to apply one of the three workarounds or if you are not pressed on time, wait for the hotfix to be released. A lot of people hit this issue and open support cases with Microsoft, so i guess the hotfix will be released quite soon.
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 40221390
Wow,,, you completely missed my comment NetoMeter?
0
 
LVL 56

Assisted Solution

by:McKnife
McKnife earned 500 total points
ID: 40221457
I see no problem in just doing it.  Add the new one to the domain, promote it, add the IP of the new one as second DNS server entry at the clients. Test it, then demote the old one and set the new one's IP as first DNS server at the clients.
If you are afraid, stage it in a virtual test environment. But I don't see what one should be afraid off. All that is done to the old one is a schema upgrade.

The (double-)linked article shows a problem, but it is unlikely to even happen if you don't run the old and the new together for just a short while as computer account passwords are changed only every 30 days. But to make sure, you could adjust that time by GPO to, say, 60 days and so you will be able to test (running both old and new together) for a whole month (and then you can reset that policy) http://technet.microsoft.com/en-us/library/jj852252(v=ws.10).aspx
0
 
LVL 11

Assisted Solution

by:NetoMeter Screencasts
NetoMeter Screencasts earned 1000 total points
ID: 40221628
Lee, I apologize for the double posting. I got under the impression that you are providing a link with instructions about the upgrade and figured out that it's the same link post-factum.

If it's a small environment and no co-existence is required - just one old 2003 DC with nothing else that's needed on it, I would agree with McKnife.

In real life, usually you need to have coexistence and move additional services like DHCP (with the scopes and leases), file shares, applications etc.

If this is the case, I would rather go with:
- Option 1: for a small network - get the list of machines with expiring passwords and reset the passwords manually.
- Option 2 or 3: for a large number of clients.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses
Course of the Month9 days, 23 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question