Solved

Creating new 2012R2 domain vs. joining exisiting 2003 domain?

Posted on 2014-10-12
2
296 Views
Last Modified: 2014-10-24
I looking for advice on how to upgrade (3) File Servers for a small business. The file servers are 7+ years old and all running Windows Server 2003 (32-bit); The DC is running active-directory, DHCP, & DNS and the 2 other file servers are dedicated for applications. The domain name for this LAN environment is very lengthy and ends with a "aaaaaaaaaaaaaaaa.com" as opposed to ".pvt" and users state they have experienced DNS issues (can't view webmail or website as the public/private names are identical), since it was initially deployed.

My initial plan was to install 3 new Windows 2012 R2 virtual file servers on a VMware ESXi host and create new domain name during the process. The entire network consists of 35 PC's, 15 Printers, and 25 User Account Profiles located at 3 different office locations.

I need to replace one of the Windows 2003 Servers quickly as existing hardware is experiencing issues.
1.) Can I deploy a Windows 2012 R2 Server within an existing Windows Server 2003 (32bit) Domain as an application server?
2.) If so, will I be able demote the existing 2003 domain and promote a Windows 2012R2 afterwards?
3.) If not, are there any other recommendations/suggestions that I should follow?

Thanks,
ECSI
0
Comment
Question by:ECSI06
2 Comments
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 40376180
1) yes
2) no, not in that order
3) probably many ways to solve your problem, but that's a *big* conversation. Not a couple of lines on EE.
0
 
LVL 38

Accepted Solution

by:
Philip Elder earned 500 total points
ID: 40376305
There are a number of caveats to running DCPromo on a 2012 R2 machine into a 2003 native domain (Microsoft blog post).

If you have the resources I suggest: Set up TempDC with 2008 R2, DCPromo in, transfer FSMO, then DCPromo 2003 out. Make sure to System State backup your DC before starting. Also, verify replication is working as expected by creating a test user on each DC and a test GPO on each DC and making sure they show up on the other.

Once you have a clean 2008 DC and it is standalone elevate the forest and domain to 2008 R2 native.

From there introduce your 2012 R2 and DCPromo in. NOTE: We still experience the Kerberos 4 errors on domains that were once 2003 even though we moved to 2008 RTM/R2 native! When it strikes it requires a reboot to settle things down.

It takes a bit for the errors to settle down but they do (we've been through this quite a bit in our migrations).

How many users? If more than 10-15 keep the existing AD.

And, it is preferable to have a .com domain owned by the company than a .local for many reasons (RDS is one). If DNS is SPLIT properly then users will not have any problems. But, this requires communication between the folks that run WWW and the internal folks that run DNS.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines why you need to choose a backup solution that protects your entire environment – including your VMware ESXi and Microsoft Hyper-V virtualization hosts – not just your virtual machines.
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Advanced tutorial on how to run the esxtop command to capture a batch file in csv format in order to export the file and use it for performance analysis. He demonstrates how to download the file using a vSphere web client (or vSphere client) and exp…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question