Solved

Promoting Windows Server 2012 R2 as domain controller in Windows 2003 forest & domain ?

Posted on 2015-02-10
11
160 Views
Last Modified: 2015-03-03
Hi,

I've just rebuilt a physical server of Windows Server 2012 R2 Std. and I' about to promote it as Domain Controller and FSMO role holders, what are the caveats and pitfalls that I need to be aware of when transferring from old Windows 2003 DC ?

I'm planning to make the new 2012 R2 box as a PDC Emulator, Infrastructure and RID master.

The domain and forest functionality level is Windows 2003. Some of the domain controllers are Windows Server 2003 and the rest is Windows Server 2008 R2.

Thanks,
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +2
11 Comments
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 144 total points
ID: 40600569
As long as you keep the domain and forest functional levels at the 2003 level, there is nothing to be concerned with, at least nothing I would be and can recall being concerned with.  Obviously, functionality offered by 2012 that relies on the functional levels being higher won't be available, but other than that... go for it.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40600583
Ok so what about the FSMO role to be transferred from 2003 to this new 2012 R2 box ?

Is there any special way to do it ?
0
 
LVL 34

Assisted Solution

by:Seth Simmons
Seth Simmons earned 72 total points
ID: 40600591
you can use ntdsutil on the 2012 R2 server to transfer

Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
http://support.microsoft.com/KB/255504?wa=wsignin1.0
0
Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

 
LVL 4

Assisted Solution

by:Manoj Bojewar
Manoj Bojewar earned 142 total points
ID: 40600602
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 142 total points
ID: 40600910
Just a note, if you are going to be demoting your 2003 domain controllers make sure that all of your SRV records have been cleanup accordingly (_msdcs folder).

Will.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40601931
Thanks All for the suggestion.

@Will: Ok so as part of the old DC decommission process, do I need to manually delete the _msdcs folder or entries that point to the old DC ?
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 142 total points
ID: 40602285
Each folder under the _msdcs folder will have GC,DC, domains etc. I would go through these and make sure there are no remnants of the old domain controller in here after demotion. I have seen issues like this when demoting 2003 domain controllers.

SRV records can create a lot of issues if there are objects in there referencing services to domain controllers that do not exist.

So don't delete the folder itself go through the entires and see if there are any objects in there referencing the old DC. If there are delete them.

Will.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40607328
Ok, so one last question:

Can I just perform the DCPromo on the new Windows Server 2012 R2 to be the additional domain controller and make it as Global Catalog during the business hour ?

or would there be any impact to the user or to the Exchange Server email flow during the day ?
0
 
LVL 4

Assisted Solution

by:Manoj Bojewar
Manoj Bojewar earned 142 total points
ID: 40607406
there is no any issue. you can add additional domain controller any time.
0
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 144 total points
ID: 40608329
BEFORE you do any promotion or demotion of a DC, I strongly recommend you review the AD health using DCDIAG /C /E /V and correcting any unexplained/unexpected errors.  If memory serves, if you have any failed DCs in AD, it won't let you add another.
0
 
LVL 7

Author Closing Comment

by:Senior IT System Engineer
ID: 40643146
Thanks !
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question