Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies. Only from Platform Scholar.
Course Of The Month
6 days, 8 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Replacing 03 Server Domain Controller
Posted on 2014-12-14
So here's the skinny..
I have three servers running 03 server standard. The main server ( the domain controller ) needs to be replaced as it is just moving too slow. Besides it running the office of 25 or so computers, I have about 30 additional people who remote desktop into it daily so downtime is a big no-no. I have a new server ready to go with WIndows Server 2012 R2 on it and I want to make this transition as seamless as possible. The old domain controller works but is very bogged down and slow when it is being RDP'd into etc etc.
What do you guys propose as the best route to go here?
I have three servers running 03 server standard. The main server ( the domain controller ) needs to be replaced as it is just moving too slow. Besides it running the office of 25 or so computers, I have about 30 additional people who remote desktop into it daily so downtime is a big no-no. I have a new server ready to go with WIndows Server 2012 R2 on it and I want to make this transition as seamless as possible. The old domain controller works but is very bogged down and slow when it is being RDP'd into etc etc.
What do you guys propose as the best route to go here?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
4
-
4
2- +1
12 Comments
You'll need to let us know what's actually on this main server first before we can recommend the steps you need to take to migrate to your 2012 R2 server.
First things first, you can follow this guide to configure your new 2012 R2 server as a Domain Controller in your 2003 network.
First things first, you can follow this guide to configure your new 2012 R2 server as a Domain Controller in your 2003 network.
Besides it running the office of 25 or so computers, I have about 30 additional people who remote desktop into it daily so downtime is a big no-noThis is no good, users should never be logging into a domain controller of all places to do end-user work. You're best off setting up your new 2012 R2 server as a Hyper-V host and then firing up two 2012 R2 Virtual Machines, one as your domain controller and file server, the other as a 2012 R2 Remote Desktop Services server with the end-user applications. Microsoft will allow you to do this free of charge (as in you will not have to pay for extra licenses for the Virtual Machines) providing you do not install any other roles on the host apart from Hyper-V. You will still have to pay for Remote Desktop CALs though.
For now, and for other reasons that don't need to be explained, lets consider that the end users have to remote into the Domain Controller. (Though If you have a similar link regarding setting up the 2012 R2 server as a Hyper-V host, I'd love to review it.)
With that being said, if I follow that guide, it will make my new server a domain controller. At that point, will it duplicate the users/configuration if I were to shut down the original domain controller automatically?
With that being said, if I follow that guide, it will make my new server a domain controller. At that point, will it duplicate the users/configuration if I were to shut down the original domain controller automatically?
Active today
Completely agree - you should not be running Remote Desktop Services/Terminal Services on a domain controller. From a security and managability standpoint this is a HUGE professional no-no.
As VB ITS suggests, you want to use the PHYSICAL install of Server 2012 R2 as a Hyper-V host ONLY - no DC, no file server, no RDS, then install TWO VMs - one for your DC and one for your RDS server. From a licensing standpoint, there is ZERO additional cost for this.
As VB ITS suggests, you want to use the PHYSICAL install of Server 2012 R2 as a Hyper-V host ONLY - no DC, no file server, no RDS, then install TWO VMs - one for your DC and one for your RDS server. From a licensing standpoint, there is ZERO additional cost for this.
Active today
If you aren't familiar with proper domain/server setup and separation of services and don't have the time (or inclination to learn) I STRONGLY recommend you look for an outside consultant who can do this for you. If you have the time to learn, then I recommend setting up a test network and starting to play - install the roles, setup VMs, and ask questions as they come up.
Make sure your current DC's are fully service packed. Need down time for this.
Then Make sure you raise your domain level to windows 2003. after that all you have to do is do a dc promo on the 2012 box. This can all be done live. Also make sure you satisfy the server 2012 pre-requisites before promoting. after you are sure your 2012 server promo is successful you can transfer your FSMO's to the nser 2012 DC. would recommend you run DNS on the 2012 server as well.
Then Make sure you raise your domain level to windows 2003. after that all you have to do is do a dc promo on the 2012 box. This can all be done live. Also make sure you satisfy the server 2012 pre-requisites before promoting. after you are sure your 2012 server promo is successful you can transfer your FSMO's to the nser 2012 DC. would recommend you run DNS on the 2012 server as well.
Though If you have a similar link regarding setting up the 2012 R2 server as a Hyper-V host, I'd love to review itIt's as simple as installing the Hyper-V role through Server Manager. Step by step instructions can be found here: http://technet.microsoft.com/en-au/library/hh846766.aspx#BKMK_SERVER
With that being said, if I follow that guide, it will make my new server a domain controller. At that point, will it duplicate the users/configuration if I were to shut down the original domain controller automatically?No, it will just replicate AD data such as user accounts, security groups, computer objects, etc.
What exactly do you need replicated from the old server to the new 2012 R2 server? Files shares? Programs? Shared printers?
To be honest, I'm starting to agree with Lee in that if you don't feel you are well equipped to do this migration at this point in time it might be best to hire an external consultant to do the grunt work for you. That way if anything goes wrong, the blame isn't squarely placed on you!
Okay, again, for the sake of my actual question, lets put the hyper-v recommendation aside. Either way I want a backup DC.
My question is once I promote the new server as a domain controller, would all the users/configuration duplicate if I were to physical shut down the original DC?
My question is once I promote the new server as a domain controller, would all the users/configuration duplicate if I were to physical shut down the original DC?
VBS IT I understand where you are coming from and I already have a plan of action. But I also posed the questions to pick your brains and get some fresh input.
No you need to manually transfer the FSMO roles to the new DC before shutting the old server down. Also make sure you DCPROMO the old Server to remove as DC. Make sure you configure the new DC as a Global Catalog. If you just shut down the old server you going to have a dirty AD and possible replication errors
My question is once I promote the new server as a domain controller, would all the users/configuration duplicate if I were to physical shut down the original DC?Yes it will duplicate the Active Directory data from your 2003 server to your 2012 R2 server once it has been setup correctly, providing nothing hampers AD replication. As for other roles that may be installed on your 2003 server such as DNS, DHCP, RRAS, file shares etc. only you would be able to answer that question as we don't have physical access to your server to determine what else needs to be migrated over. I suppose you could always shut down the old server after you've made the 2012 R2 server a DC and see what breaks (after hours obviously!)
And regarding the Hyper-V, Why wouldn't you recommend that I just make the Hyper-V server the host and DC and create a VM for just RDS?
Because Microsoft allows you to have up to two Server 2012 R2 Hyper-V virtual machines at no cost, providing you have purchased Server 2012 R2 Standard. Why not make use of this free license? Again this is all dependant on the fact that you have no other roles installed on the host apart from the Hyper-V role. The moment you install any other role on the host you are violating Microsoft's licensing terms and be liable to fines by Microsoft should they perform an audit on your business.
Virtual machines can be more easily restored to different hardware in the event of a DR scenario, and that's probably the major benefit in my eyes. Say your physical server goes down tomorrow, providing you've got proper backups of your virtual machine, you can just have it up and running again within minutes on a separate server or even a powerful desktop PC that supports virtualization (which almost all new PCs do these days).
There's also the fact that once you make the host a DC, you are violating Microsoft's licensing terms the moment you use the same 2012 R2 license key for your RDS VM (as mentioned earlier in my post). If you purchase a different 2012 R2 license for your RDS machine though then you're good to go, but then again that'd be a waste of a free 2012 R2 VM that's on offer isn't it? :)
Virtual machines can be more easily restored to different hardware in the event of a DR scenario, and that's probably the major benefit in my eyes. Say your physical server goes down tomorrow, providing you've got proper backups of your virtual machine, you can just have it up and running again within minutes on a separate server or even a powerful desktop PC that supports virtualization (which almost all new PCs do these days).
There's also the fact that once you make the host a DC, you are violating Microsoft's licensing terms the moment you use the same 2012 R2 license key for your RDS VM (as mentioned earlier in my post). If you purchase a different 2012 R2 license for your RDS machine though then you're good to go, but then again that'd be a waste of a free 2012 R2 VM that's on offer isn't it? :)
Featured Post
We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Are you ready to implement Active Directory best practices without reading 300+ pages?
You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses
Course of the Month6 days, 8 hours left to enroll
726 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.