AD upgrade from Windows 2003 to Windows 2012 R2 high level steps, checklist, lessons learned

Posted on 2014-11-14
Last Modified: 2014-11-17
Hi Experts,

I would like to get some sort of information[blogs, links, checklist,lessons learned] in upgrade a forest with multiple domains  from Windows 2003 to Windows 2012 R2.

Besides the links that you will attach, can someone please summarize high level steps to complete a full upgrade from Windows 2003 to 2012 R2?

Can someone also summarize all dependencies such as applications, IP helpers,  and so on?

Anybody willing to share lessons learned from previous experience? if so, can you please provide details
Question by:Jerry Seinfield
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
LVL 37

Accepted Solution

Mahesh earned 500 total points
ID: 40444177
Its seamless process.
However there are some known compatibility issues from 2003 to 2012 R2 AD upgrade

Your active directory forest functional level and domain functional level must be at least Windows Server 2003, this is minimum required functional levels to upgrade from 2003 to 2012 R2 AD
Windows 2000 DFL and FFL are not supported

If you have Exchange Server in environment, Microsoft has released Supported Exchange versions and their required Service Pack level to work with 2012 R2 AD
Exchange 2003 is no more supported with Windows 2012 \ 2012 R2 active directory and in that  case you must 1st introduce 2008 \ 2008 R2 Domain controllers in your environment, migrate exchange to Exchange 2007 \ 2010 (Exchange 2013 is also not supported as direct upgrade path)
Then migrate Exchange 2003 to Exchange 2007 \ 2010, remove 2003 boxes completely and then introduce AD 2012 R2
(Optional) You might create brand new AD forest with AD 2012 R2 and \ or Exchange 2013 and migrate all domains with mailboxes into single new forest, but this will kick entire new project which involves extensive migration work.

Also check if you have any business critical applications \ custom applications, that applications must be compatible with 2012 R2 AD
Check directory service requirements for Lync, SharePoint and any other MS applications you might have.
If Exchange is not a barrier, then this is very straight forward way to upgrade AD to windows 2012 R2

U have good opportunity to clean up any configuration mess \ AD cleanup such as lingering objects, stale objects, you can relook new DC placement, you can minimize new DC count

Check AD replication and name resolution across all domains in forest.
From forest root domain DC, AD replication and DNS name resolution should work correctly for all domains
If you face any problems here, you should resolve those 1st because schema update changes should get replicated to all domain controllers in all domains in entire forest in order to get this upgrade happen successfully.

Once AD environment is clear, you add 2012 R2 member server in forest root domain and then logon to server with account having enterprise admins, domain admins and schema admins group and insert 2012 R2 DVD
U can directly run AD DS deployment wizard from server manager on 2012 \ 2012 R2 servers as DCPromo is deprecated on these editions, which could take care of every thing, however most of the times I have seen it end up with missing sysvol\netlogon shares and DC promotion didn't get succeeded as expected.

As a fact I prefer manual method
Add 2012 R2 member server in forest root domain and all other domains and install ADDS RSAT tools on that servers from server features
logon to server with account having enterprise admins, domain admins and schema admins group and insert 2012 R2 DVD
Open cmd with elevated command prompt
Navigate to DVD drive\Support\Adprep folder and run below commands one by one
adprep /forestprep
adprep /domainprep
adprep /domainprep /gpprep
adprep /rodcprep

On every other child domain \ tree domains with domain admins, you need to run below commands
adprep /domainprep
adprep /domainprep /gpprep
adprep /rodcprep

All commands should get completed successfully, then force AD replication in entire forest and wait for some time to get it complete, you might get registry check for schema version, it should be upgraded to 69 on all domain controllers.
Check Schema version registry key HKLM\System\CurrentControlSet\Services\NTDS\Parameters
In root domain, Then add AD DS server role from server manager and once the role get installed, configure this server as ADC of existing domain
Then check AD replication and DNS name resolution is working fine
Then check if all applications are working correctly
Then transfer FSMO roles to new DC

Point your DHCP \ DNS on workstations\ client computers to new server and check if they are working as expected

Then adopt same process to add new ADCs in respective child \ tree domains

Check below links for more information


Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question