Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

AD upgrade from Windows 2003 to Windows 2012 R2 high level steps, checklist, lessons learned

Posted on 2014-11-14
1
Medium Priority
?
2,611 Views
Last Modified: 2014-11-17
Hi Experts,

I would like to get some sort of information[blogs, links, checklist,lessons learned] in upgrade a forest with multiple domains  from Windows 2003 to Windows 2012 R2.

Besides the links that you will attach, can someone please summarize high level steps to complete a full upgrade from Windows 2003 to 2012 R2?

Can someone also summarize all dependencies such as applications, IP helpers,  and so on?

Anybody willing to share lessons learned from previous experience? if so, can you please provide details
0
Comment
Question by:Jerry Seinfield
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 37

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 40444177
Its seamless process.
However there are some known compatibility issues from 2003 to 2012 R2 AD upgrade
http://blogs.technet.com/b/askds/archive/2014/07/23/it-turns-out-that-weird-things-can-happen-when-you-mix-windows-server-2003-and-windows-server-2012-r2-domain-controllers.aspx

Your active directory forest functional level and domain functional level must be at least Windows Server 2003, this is minimum required functional levels to upgrade from 2003 to 2012 R2 AD
Windows 2000 DFL and FFL are not supported

If you have Exchange Server in environment, Microsoft has released Supported Exchange versions and their required Service Pack level to work with 2012 R2 AD
http://technet.microsoft.com/en-us/library/ff728623(v=exchg.150).aspx
Exchange 2003 is no more supported with Windows 2012 \ 2012 R2 active directory and in that  case you must 1st introduce 2008 \ 2008 R2 Domain controllers in your environment, migrate exchange to Exchange 2007 \ 2010 (Exchange 2013 is also not supported as direct upgrade path)
Then migrate Exchange 2003 to Exchange 2007 \ 2010, remove 2003 boxes completely and then introduce AD 2012 R2
OR
(Optional) You might create brand new AD forest with AD 2012 R2 and \ or Exchange 2013 and migrate all domains with mailboxes into single new forest, but this will kick entire new project which involves extensive migration work.

Also check if you have any business critical applications \ custom applications, that applications must be compatible with 2012 R2 AD
Check directory service requirements for Lync, SharePoint and any other MS applications you might have.
If Exchange is not a barrier, then this is very straight forward way to upgrade AD to windows 2012 R2

U have good opportunity to clean up any configuration mess \ AD cleanup such as lingering objects, stale objects, you can relook new DC placement, you can minimize new DC count

Steps
Check AD replication and name resolution across all domains in forest.
From forest root domain DC, AD replication and DNS name resolution should work correctly for all domains
If you face any problems here, you should resolve those 1st because schema update changes should get replicated to all domain controllers in all domains in entire forest in order to get this upgrade happen successfully.

Once AD environment is clear, you add 2012 R2 member server in forest root domain and then logon to server with account having enterprise admins, domain admins and schema admins group and insert 2012 R2 DVD
U can directly run AD DS deployment wizard from server manager on 2012 \ 2012 R2 servers as DCPromo is deprecated on these editions, which could take care of every thing, however most of the times I have seen it end up with missing sysvol\netlogon shares and DC promotion didn't get succeeded as expected.

As a fact I prefer manual method
Add 2012 R2 member server in forest root domain and all other domains and install ADDS RSAT tools on that servers from server features
logon to server with account having enterprise admins, domain admins and schema admins group and insert 2012 R2 DVD
Open cmd with elevated command prompt
Navigate to DVD drive\Support\Adprep folder and run below commands one by one
adprep /forestprep
adprep /domainprep
adprep /domainprep /gpprep
adprep /rodcprep

On every other child domain \ tree domains with domain admins, you need to run below commands
adprep /domainprep
adprep /domainprep /gpprep
adprep /rodcprep

All commands should get completed successfully, then force AD replication in entire forest and wait for some time to get it complete, you might get registry check for schema version, it should be upgraded to 69 on all domain controllers.
Check Schema version registry key HKLM\System\CurrentControlSet\Services\NTDS\Parameters
In root domain, Then add AD DS server role from server manager and once the role get installed, configure this server as ADC of existing domain
Then check AD replication and DNS name resolution is working fine
Then check if all applications are working correctly
Then transfer FSMO roles to new DC

Point your DHCP \ DNS on workstations\ client computers to new server and check if they are working as expected

Then adopt same process to add new ADCs in respective child \ tree domains

Check below links for more information
http://technet.microsoft.com/en-in/library/jj574166.aspx
http://blogs.technet.com/b/canitpro/archive/2014/04/02/step-by-step-active-directory-migration-from-windows-server-2003-to-windows-server-2012.aspx

Mahesh.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question