Solved

Creating new 2012R2 domain vs. joining exisiting 2003 domain?

Posted on 2014-10-12
2
298 Views
Last Modified: 2014-10-24
I looking for advice on how to upgrade (3) File Servers for a small business. The file servers are 7+ years old and all running Windows Server 2003 (32-bit); The DC is running active-directory, DHCP, & DNS and the 2 other file servers are dedicated for applications. The domain name for this LAN environment is very lengthy and ends with a "aaaaaaaaaaaaaaaa.com" as opposed to ".pvt" and users state they have experienced DNS issues (can't view webmail or website as the public/private names are identical), since it was initially deployed.

My initial plan was to install 3 new Windows 2012 R2 virtual file servers on a VMware ESXi host and create new domain name during the process. The entire network consists of 35 PC's, 15 Printers, and 25 User Account Profiles located at 3 different office locations.

I need to replace one of the Windows 2003 Servers quickly as existing hardware is experiencing issues.
1.) Can I deploy a Windows 2012 R2 Server within an existing Windows Server 2003 (32bit) Domain as an application server?
2.) If so, will I be able demote the existing 2003 domain and promote a Windows 2012R2 afterwards?
3.) If not, are there any other recommendations/suggestions that I should follow?

Thanks,
ECSI
0
Comment
Question by:ECSI06
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40376180
1) yes
2) no, not in that order
3) probably many ways to solve your problem, but that's a *big* conversation. Not a couple of lines on EE.
0
 
LVL 39

Accepted Solution

by:
Philip Elder earned 500 total points
ID: 40376305
There are a number of caveats to running DCPromo on a 2012 R2 machine into a 2003 native domain (Microsoft blog post).

If you have the resources I suggest: Set up TempDC with 2008 R2, DCPromo in, transfer FSMO, then DCPromo 2003 out. Make sure to System State backup your DC before starting. Also, verify replication is working as expected by creating a test user on each DC and a test GPO on each DC and making sure they show up on the other.

Once you have a clean 2008 DC and it is standalone elevate the forest and domain to 2008 R2 native.

From there introduce your 2012 R2 and DCPromo in. NOTE: We still experience the Kerberos 4 errors on domains that were once 2003 even though we moved to 2008 RTM/R2 native! When it strikes it requires a reboot to settle things down.

It takes a bit for the errors to settle down but they do (we've been through this quite a bit in our migrations).

How many users? If more than 10-15 keep the existing AD.

And, it is preferable to have a .com domain owned by the company than a .local for many reasons (RDS is one). If DNS is SPLIT properly then users will not have any problems. But, this requires communication between the folks that run WWW and the internal folks that run DNS.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Advanced tutorial on how to run the esxtop command to capture a batch file in csv format in order to export the file and use it for performance analysis. He demonstrates how to download the file using a vSphere web client (or vSphere client) and exp…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question