Replacing windows 2000 server domain controller with new hardware running server 2012 r2.  best/easiest procedure

Posted on 2015-02-13
Last Modified: 2015-04-17
Replacing  Domain controller currently running Server 2000 on ancient hardware with new hardware. The new hardware will be running windows server 2012 R2.  What is the best way to go about this?  It is a small network with about 25 clients.  The clients are mostly Windows 7 Pro.
Question by:gpwalk
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 2
  • +1
LVL 34

Expert Comment

by:Paul MacDonald
ID: 40608953
Build the new server.
Join it to the domain.
Promote it to a domain controller.
Move all the FSMO roles from the server being replaced to the new server.
Demote the old server.
Remove the old server from the domain.

FWIW, I strongly recommend at least two DCs for fault tolerance.  If you don't have two DCs, have very good backups.

Author Comment

ID: 40608956
Some additional information:  there are two addition servers on the network.  Both are configured as application servers, both running server server 2003. one is x64, the other is 32 bit.
LVL 34

Expert Comment

by:Paul MacDonald
ID: 40608959
The other member servers won't change the procedure.
Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.


Assisted Solution

by:Marc L
Marc L earned 250 total points
ID: 40608963
2012 domain controllers need at least a 2003 domain, so you'll have to first upgrade to 2003, but the basic procedure would be:

1. Install domain controllers that run Windows Server 2003 or later. These domain controllers can be deployed on an evaluation version of Windows Server. This step also requires running adprep.exe for that operating system release as a prerequisite.
2. Remove the Windows 2000 domain controllers. Specifically, gracefully demote or forcibly remove Windows Server 2000 domain controllers from the domain and used Active Directory Users and Computers to remove the domain controller accounts for all removed domain controllers.
3. Raise the forest functional level to Windows Server 2003 or higher.
4. Install domain controllers that run Windows Server 2012.
5. Remove domain controllers that run earlier versions of Windows Server.
LVL 34

Accepted Solution

it_saige earned 250 total points
ID: 40608970
The application servers will not affect the process and should not be affected by the process.  The only items affected are the DC's, however, I think you may be in a catch 22 as Server 2012 requires that your Forest and Domain Functional Levels be at least Windows Server 2003.  This means that you will *have* to use an intermediary server (Windows Server 2003 or Windows Server 2008) in order to proceed.

Essentially you will still use Paul's steps, but you would first add the intermediary.  Once the intermediary is in place (using Paul's steps).  Demote the 2000 Server, raise the Forest and Domain Functional Levels and then use Paul's steps again to add the 2012 Server.


Author Comment

ID: 40608976
That seems simple enough but:
What about the machine name of the servers. Does the matter as long as they are not the same?
What about the SIDs?  and share name the clients are linked to?
I'm not sure how to identify all of the FSMO roles.

Author Comment

ID: 40608982
Now this is beginning to NOT sound simple enough.
I have 24 hours to accomplish this once I begin.
LVL 34

Expert Comment

ID: 40608983
There are 5 FSMO Roles (PDC Emulator, Domain Naming Master, Infrastructure Master, RID Master and Schema Master).  

Transferring them is a well documented process:

As for the Machine Name, you are correct, they cannot be the same.
Don't concern yourself with the SIDs.  These are generated in AD and since you are not creating a new Domain, they will not be affected.

LVL 34

Expert Comment

ID: 40608985
What version of 2012 R2 are you going to use (Standard or DataCenter)?

LVL 34

Expert Comment

ID: 40608987
Also you mentioned Shares.  Do you have shares on your existing DC?


Author Comment

ID: 40609954
it Sage
2012 R2 is standard
Yes the current 2000 domain controller is a data server as well, with shared drives.

Author Comment

ID: 40620177
What would be the pitfalls of just creating a new domain using the 2012 server?
Since the entire Domain consists of 4 servers(One is the win 2K controller and the others are 2003 servers)
Other than:
1. New SIDs, which would be a new desktop on each client there are 24 clients total.
2. Possibly having to reinstall networked applications
3 New user profile.
4 Moving the shared data on the old controller(WIN2K) to the new controller/
LVL 34

Expert Comment

ID: 40621272
Ultimately, I think this would cause more work than you realize and you would not be able to get this completed in a 24hour period.  You would end up with literally days [if not weeks] of clean-up work because this user is missing this or that user is missing that, etc...

No, if you can't promote one of your existing 2003 servers to a domain controller, I was thinking of leveraging Hyper-V on the new server (unless someone else has a better idea).

In a nutshell, here are the steps involved:

1.  Install Server 2012.
2.  Join the server to the domain as a member server.
3.  Add the Hyper-V role (and only the Hyper-V role).
4.  Create a virtual guest for a 2003 Server.
5.  Install the 2003 server OS and join it to the domain.
6.  Promote the 2003 server to a DC.
7.  Transfer your FSMO roles.
8.  Ensure correct replication.
9.  Demote the 2000 server (but leave it online).
10. Raise the Forest and Domain Functional Levels to Windows Server 2003.
11.  Create a virtual guest for a 2012 Server.
12.  Install the 2012 server OS and join it to the domain.
13.  Promote the 2012 server to a DC.
14.  Repeat steps 7 and 8.
15.  Demote the 2003 server and remove it from the domain.
16.  Remove the 2003 guest from the Hyper-V console.

As I said this is just a quick summary of the steps, there is a lot of work to do and I don't want you to do anything that you are not comfortable with.  If you feel that you can create a new domain and accomplish everything, then I want you to do that.


Author Closing Comment

ID: 40730551
My ultimate decision was to build a new forest and DC, then move the users and PC to the new domain.
Thank you all.  It came down to business decision rather than a technical solution only.  There were very few technical issues

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor ( Top Charts is a view in which you can set seve…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question