AD upgrade from Windows 2003 to Windows 2012 R2 high level steps, checklist, lessons learned

Posted on 2014-11-14
Last Modified: 2014-11-17
Hi Experts,

I would like to get some sort of information[blogs, links, checklist,lessons learned] in upgrade a forest with multiple domains  from Windows 2003 to Windows 2012 R2.

Besides the links that you will attach, can someone please summarize high level steps to complete a full upgrade from Windows 2003 to 2012 R2?

Can someone also summarize all dependencies such as applications, IP helpers,  and so on?

Anybody willing to share lessons learned from previous experience? if so, can you please provide details
Question by:Jerry Seinfield
1 Comment
LVL 36

Accepted Solution

Mahesh earned 500 total points
ID: 40444177
Its seamless process.
However there are some known compatibility issues from 2003 to 2012 R2 AD upgrade

Your active directory forest functional level and domain functional level must be at least Windows Server 2003, this is minimum required functional levels to upgrade from 2003 to 2012 R2 AD
Windows 2000 DFL and FFL are not supported

If you have Exchange Server in environment, Microsoft has released Supported Exchange versions and their required Service Pack level to work with 2012 R2 AD
Exchange 2003 is no more supported with Windows 2012 \ 2012 R2 active directory and in that  case you must 1st introduce 2008 \ 2008 R2 Domain controllers in your environment, migrate exchange to Exchange 2007 \ 2010 (Exchange 2013 is also not supported as direct upgrade path)
Then migrate Exchange 2003 to Exchange 2007 \ 2010, remove 2003 boxes completely and then introduce AD 2012 R2
(Optional) You might create brand new AD forest with AD 2012 R2 and \ or Exchange 2013 and migrate all domains with mailboxes into single new forest, but this will kick entire new project which involves extensive migration work.

Also check if you have any business critical applications \ custom applications, that applications must be compatible with 2012 R2 AD
Check directory service requirements for Lync, SharePoint and any other MS applications you might have.
If Exchange is not a barrier, then this is very straight forward way to upgrade AD to windows 2012 R2

U have good opportunity to clean up any configuration mess \ AD cleanup such as lingering objects, stale objects, you can relook new DC placement, you can minimize new DC count

Check AD replication and name resolution across all domains in forest.
From forest root domain DC, AD replication and DNS name resolution should work correctly for all domains
If you face any problems here, you should resolve those 1st because schema update changes should get replicated to all domain controllers in all domains in entire forest in order to get this upgrade happen successfully.

Once AD environment is clear, you add 2012 R2 member server in forest root domain and then logon to server with account having enterprise admins, domain admins and schema admins group and insert 2012 R2 DVD
U can directly run AD DS deployment wizard from server manager on 2012 \ 2012 R2 servers as DCPromo is deprecated on these editions, which could take care of every thing, however most of the times I have seen it end up with missing sysvol\netlogon shares and DC promotion didn't get succeeded as expected.

As a fact I prefer manual method
Add 2012 R2 member server in forest root domain and all other domains and install ADDS RSAT tools on that servers from server features
logon to server with account having enterprise admins, domain admins and schema admins group and insert 2012 R2 DVD
Open cmd with elevated command prompt
Navigate to DVD drive\Support\Adprep folder and run below commands one by one
adprep /forestprep
adprep /domainprep
adprep /domainprep /gpprep
adprep /rodcprep

On every other child domain \ tree domains with domain admins, you need to run below commands
adprep /domainprep
adprep /domainprep /gpprep
adprep /rodcprep

All commands should get completed successfully, then force AD replication in entire forest and wait for some time to get it complete, you might get registry check for schema version, it should be upgraded to 69 on all domain controllers.
Check Schema version registry key HKLM\System\CurrentControlSet\Services\NTDS\Parameters
In root domain, Then add AD DS server role from server manager and once the role get installed, configure this server as ADC of existing domain
Then check AD replication and DNS name resolution is working fine
Then check if all applications are working correctly
Then transfer FSMO roles to new DC

Point your DHCP \ DNS on workstations\ client computers to new server and check if they are working as expected

Then adopt same process to add new ADCs in respective child \ tree domains

Check below links for more information


Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question