Replacing windows 2000 server domain controller with new hardware running server 2012 r2.  best/easiest procedure

Posted on 2015-02-13
Last Modified: 2015-04-17
Replacing  Domain controller currently running Server 2000 on ancient hardware with new hardware. The new hardware will be running windows server 2012 R2.  What is the best way to go about this?  It is a small network with about 25 clients.  The clients are mostly Windows 7 Pro.
Question by:gpwalk
  • 6
  • 5
  • 2
  • +1
LVL 33

Expert Comment

ID: 40608953
Build the new server.
Join it to the domain.
Promote it to a domain controller.
Move all the FSMO roles from the server being replaced to the new server.
Demote the old server.
Remove the old server from the domain.

FWIW, I strongly recommend at least two DCs for fault tolerance.  If you don't have two DCs, have very good backups.

Author Comment

ID: 40608956
Some additional information:  there are two addition servers on the network.  Both are configured as application servers, both running server server 2003. one is x64, the other is 32 bit.
LVL 33

Expert Comment

ID: 40608959
The other member servers won't change the procedure.

Assisted Solution

by:Marc L
Marc L earned 250 total points
ID: 40608963
2012 domain controllers need at least a 2003 domain, so you'll have to first upgrade to 2003, but the basic procedure would be:

1. Install domain controllers that run Windows Server 2003 or later. These domain controllers can be deployed on an evaluation version of Windows Server. This step also requires running adprep.exe for that operating system release as a prerequisite.
2. Remove the Windows 2000 domain controllers. Specifically, gracefully demote or forcibly remove Windows Server 2000 domain controllers from the domain and used Active Directory Users and Computers to remove the domain controller accounts for all removed domain controllers.
3. Raise the forest functional level to Windows Server 2003 or higher.
4. Install domain controllers that run Windows Server 2012.
5. Remove domain controllers that run earlier versions of Windows Server.
LVL 32

Accepted Solution

it_saige earned 250 total points
ID: 40608970
The application servers will not affect the process and should not be affected by the process.  The only items affected are the DC's, however, I think you may be in a catch 22 as Server 2012 requires that your Forest and Domain Functional Levels be at least Windows Server 2003.  This means that you will *have* to use an intermediary server (Windows Server 2003 or Windows Server 2008) in order to proceed.

Essentially you will still use Paul's steps, but you would first add the intermediary.  Once the intermediary is in place (using Paul's steps).  Demote the 2000 Server, raise the Forest and Domain Functional Levels and then use Paul's steps again to add the 2012 Server.


Author Comment

ID: 40608976
That seems simple enough but:
What about the machine name of the servers. Does the matter as long as they are not the same?
What about the SIDs?  and share name the clients are linked to?
I'm not sure how to identify all of the FSMO roles.

Author Comment

ID: 40608982
Now this is beginning to NOT sound simple enough.
I have 24 hours to accomplish this once I begin.
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

LVL 32

Expert Comment

ID: 40608983
There are 5 FSMO Roles (PDC Emulator, Domain Naming Master, Infrastructure Master, RID Master and Schema Master).  

Transferring them is a well documented process:

As for the Machine Name, you are correct, they cannot be the same.
Don't concern yourself with the SIDs.  These are generated in AD and since you are not creating a new Domain, they will not be affected.

LVL 32

Expert Comment

ID: 40608985
What version of 2012 R2 are you going to use (Standard or DataCenter)?

LVL 32

Expert Comment

ID: 40608987
Also you mentioned Shares.  Do you have shares on your existing DC?


Author Comment

ID: 40609954
it Sage
2012 R2 is standard
Yes the current 2000 domain controller is a data server as well, with shared drives.

Author Comment

ID: 40620177
What would be the pitfalls of just creating a new domain using the 2012 server?
Since the entire Domain consists of 4 servers(One is the win 2K controller and the others are 2003 servers)
Other than:
1. New SIDs, which would be a new desktop on each client there are 24 clients total.
2. Possibly having to reinstall networked applications
3 New user profile.
4 Moving the shared data on the old controller(WIN2K) to the new controller/
LVL 32

Expert Comment

ID: 40621272
Ultimately, I think this would cause more work than you realize and you would not be able to get this completed in a 24hour period.  You would end up with literally days [if not weeks] of clean-up work because this user is missing this or that user is missing that, etc...

No, if you can't promote one of your existing 2003 servers to a domain controller, I was thinking of leveraging Hyper-V on the new server (unless someone else has a better idea).

In a nutshell, here are the steps involved:

1.  Install Server 2012.
2.  Join the server to the domain as a member server.
3.  Add the Hyper-V role (and only the Hyper-V role).
4.  Create a virtual guest for a 2003 Server.
5.  Install the 2003 server OS and join it to the domain.
6.  Promote the 2003 server to a DC.
7.  Transfer your FSMO roles.
8.  Ensure correct replication.
9.  Demote the 2000 server (but leave it online).
10. Raise the Forest and Domain Functional Levels to Windows Server 2003.
11.  Create a virtual guest for a 2012 Server.
12.  Install the 2012 server OS and join it to the domain.
13.  Promote the 2012 server to a DC.
14.  Repeat steps 7 and 8.
15.  Demote the 2003 server and remove it from the domain.
16.  Remove the 2003 guest from the Hyper-V console.

As I said this is just a quick summary of the steps, there is a lot of work to do and I don't want you to do anything that you are not comfortable with.  If you feel that you can create a new domain and accomplish everything, then I want you to do that.


Author Closing Comment

ID: 40730551
My ultimate decision was to build a new forest and DC, then move the users and PC to the new domain.
Thank you all.  It came down to business decision rather than a technical solution only.  There were very few technical issues

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

this article is a guided solution for most of the common server issues in server hardware tasks we are facing in our routine job works. the topics in the following article covered are, 1) dell hardware raidlevel (Perc) 2) adding HDD 3) how t…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now