Solved

Promoting Windows Server 2012 R2 as domain controller in Windows 2003 forest & domain ?

Posted on 2015-02-10
11
165 Views
Last Modified: 2015-03-03
Hi,

I've just rebuilt a physical server of Windows Server 2012 R2 Std. and I' about to promote it as Domain Controller and FSMO role holders, what are the caveats and pitfalls that I need to be aware of when transferring from old Windows 2003 DC ?

I'm planning to make the new 2012 R2 box as a PDC Emulator, Infrastructure and RID master.

The domain and forest functionality level is Windows 2003. Some of the domain controllers are Windows Server 2003 and the rest is Windows Server 2008 R2.

Thanks,
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +2
11 Comments
 
LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 144 total points
ID: 40600569
As long as you keep the domain and forest functional levels at the 2003 level, there is nothing to be concerned with, at least nothing I would be and can recall being concerned with.  Obviously, functionality offered by 2012 that relies on the functional levels being higher won't be available, but other than that... go for it.
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40600583
Ok so what about the FSMO role to be transferred from 2003 to this new 2012 R2 box ?

Is there any special way to do it ?
0
 
LVL 35

Assisted Solution

by:Seth Simmons
Seth Simmons earned 72 total points
ID: 40600591
you can use ntdsutil on the 2012 R2 server to transfer

Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
http://support.microsoft.com/KB/255504?wa=wsignin1.0
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 4

Assisted Solution

by:Manoj Bojewar
Manoj Bojewar earned 142 total points
ID: 40600602
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 142 total points
ID: 40600910
Just a note, if you are going to be demoting your 2003 domain controllers make sure that all of your SRV records have been cleanup accordingly (_msdcs folder).

Will.
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40601931
Thanks All for the suggestion.

@Will: Ok so as part of the old DC decommission process, do I need to manually delete the _msdcs folder or entries that point to the old DC ?
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 142 total points
ID: 40602285
Each folder under the _msdcs folder will have GC,DC, domains etc. I would go through these and make sure there are no remnants of the old domain controller in here after demotion. I have seen issues like this when demoting 2003 domain controllers.

SRV records can create a lot of issues if there are objects in there referencing services to domain controllers that do not exist.

So don't delete the folder itself go through the entires and see if there are any objects in there referencing the old DC. If there are delete them.

Will.
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40607328
Ok, so one last question:

Can I just perform the DCPromo on the new Windows Server 2012 R2 to be the additional domain controller and make it as Global Catalog during the business hour ?

or would there be any impact to the user or to the Exchange Server email flow during the day ?
0
 
LVL 4

Assisted Solution

by:Manoj Bojewar
Manoj Bojewar earned 142 total points
ID: 40607406
there is no any issue. you can add additional domain controller any time.
0
 
LVL 96

Accepted Solution

by:
Lee W, MVP earned 144 total points
ID: 40608329
BEFORE you do any promotion or demotion of a DC, I strongly recommend you review the AD health using DCDIAG /C /E /V and correcting any unexplained/unexpected errors.  If memory serves, if you have any failed DCs in AD, it won't let you add another.
0
 
LVL 8

Author Closing Comment

by:Senior IT System Engineer
ID: 40643146
Thanks !
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question