Solved

Replacing windows 2000 server domain controller with new hardware running server 2012 r2.  best/easiest procedure

Posted on 2015-02-13
14
130 Views
Last Modified: 2015-04-17
Replacing  Domain controller currently running Server 2000 on ancient hardware with new hardware. The new hardware will be running windows server 2012 R2.  What is the best way to go about this?  It is a small network with about 25 clients.  The clients are mostly Windows 7 Pro.
0
Comment
Question by:gpwalk
  • 6
  • 5
  • 2
  • +1
14 Comments
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 40608953
Build the new server.
Join it to the domain.
Promote it to a domain controller.
Move all the FSMO roles from the server being replaced to the new server.
Demote the old server.
Remove the old server from the domain.

FWIW, I strongly recommend at least two DCs for fault tolerance.  If you don't have two DCs, have very good backups.
0
 

Author Comment

by:gpwalk
ID: 40608956
Some additional information:  there are two addition servers on the network.  Both are configured as application servers, both running server server 2003. one is x64, the other is 32 bit.
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 40608959
The other member servers won't change the procedure.
0
 
LVL 2

Assisted Solution

by:Marc L
Marc L earned 250 total points
ID: 40608963
2012 domain controllers need at least a 2003 domain, so you'll have to first upgrade to 2003, but the basic procedure would be:

1. Install domain controllers that run Windows Server 2003 or later. These domain controllers can be deployed on an evaluation version of Windows Server. This step also requires running adprep.exe for that operating system release as a prerequisite.
2. Remove the Windows 2000 domain controllers. Specifically, gracefully demote or forcibly remove Windows Server 2000 domain controllers from the domain and used Active Directory Users and Computers to remove the domain controller accounts for all removed domain controllers.
3. Raise the forest functional level to Windows Server 2003 or higher.
4. Install domain controllers that run Windows Server 2012.
5. Remove domain controllers that run earlier versions of Windows Server.

https://technet.microsoft.com/en-us/library/hh994618.aspx
0
 
LVL 33

Accepted Solution

by:
it_saige earned 250 total points
ID: 40608970
The application servers will not affect the process and should not be affected by the process.  The only items affected are the DC's, however, I think you may be in a catch 22 as Server 2012 requires that your Forest and Domain Functional Levels be at least Windows Server 2003.  This means that you will *have* to use an intermediary server (Windows Server 2003 or Windows Server 2008) in order to proceed.

Essentially you will still use Paul's steps, but you would first add the intermediary.  Once the intermediary is in place (using Paul's steps).  Demote the 2000 Server, raise the Forest and Domain Functional Levels and then use Paul's steps again to add the 2012 Server.

-saige-
0
 

Author Comment

by:gpwalk
ID: 40608976
That seems simple enough but:
What about the machine name of the servers. Does the matter as long as they are not the same?
What about the SIDs?  and share name the clients are linked to?
I'm not sure how to identify all of the FSMO roles.
0
 

Author Comment

by:gpwalk
ID: 40608982
Now this is beginning to NOT sound simple enough.
I have 24 hours to accomplish this once I begin.
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 33

Expert Comment

by:it_saige
ID: 40608983
There are 5 FSMO Roles (PDC Emulator, Domain Naming Master, Infrastructure Master, RID Master and Schema Master).  

Transferring them is a well documented process:
http://support.microsoft.com/kb/255690
http://support.microsoft.com/KB/255504
http://www.petri.com/transferring_fsmo_roles.htm

As for the Machine Name, you are correct, they cannot be the same.
Don't concern yourself with the SIDs.  These are generated in AD and since you are not creating a new Domain, they will not be affected.

-saige-
0
 
LVL 33

Expert Comment

by:it_saige
ID: 40608985
What version of 2012 R2 are you going to use (Standard or DataCenter)?

-saige-
0
 
LVL 33

Expert Comment

by:it_saige
ID: 40608987
Also you mentioned Shares.  Do you have shares on your existing DC?

-saige-
0
 

Author Comment

by:gpwalk
ID: 40609954
it Sage
2012 R2 is standard
Yes the current 2000 domain controller is a data server as well, with shared drives.
0
 

Author Comment

by:gpwalk
ID: 40620177
What would be the pitfalls of just creating a new domain using the 2012 server?
Since the entire Domain consists of 4 servers(One is the win 2K controller and the others are 2003 servers)
Other than:
1. New SIDs, which would be a new desktop on each client there are 24 clients total.
2. Possibly having to reinstall networked applications
3 New user profile.
4 Moving the shared data on the old controller(WIN2K) to the new controller/
0
 
LVL 33

Expert Comment

by:it_saige
ID: 40621272
Ultimately, I think this would cause more work than you realize and you would not be able to get this completed in a 24hour period.  You would end up with literally days [if not weeks] of clean-up work because this user is missing this or that user is missing that, etc...

No, if you can't promote one of your existing 2003 servers to a domain controller, I was thinking of leveraging Hyper-V on the new server (unless someone else has a better idea).

In a nutshell, here are the steps involved:

1.  Install Server 2012.
2.  Join the server to the domain as a member server.
3.  Add the Hyper-V role (and only the Hyper-V role).
4.  Create a virtual guest for a 2003 Server.
5.  Install the 2003 server OS and join it to the domain.
6.  Promote the 2003 server to a DC.
7.  Transfer your FSMO roles.
8.  Ensure correct replication.
9.  Demote the 2000 server (but leave it online).
10. Raise the Forest and Domain Functional Levels to Windows Server 2003.
11.  Create a virtual guest for a 2012 Server.
12.  Install the 2012 server OS and join it to the domain.
13.  Promote the 2012 server to a DC.
14.  Repeat steps 7 and 8.
15.  Demote the 2003 server and remove it from the domain.
16.  Remove the 2003 guest from the Hyper-V console.

As I said this is just a quick summary of the steps, there is a lot of work to do and I don't want you to do anything that you are not comfortable with.  If you feel that you can create a new domain and accomplish everything, then I want you to do that.

-saige-
0
 

Author Closing Comment

by:gpwalk
ID: 40730551
My ultimate decision was to build a new forest and DC, then move the users and PC to the new domain.
Thank you all.  It came down to business decision rather than a technical solution only.  There were very few technical issues
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hyper-convergence systems have taken the IT world by storm and have quickly started to change our point of view of how the data center should and could be architected. In this article, I’ll explain the benefits of employing a hyper-converged system …
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…
A short film showing how OnPage and Connectwise integration works.

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now