Replacing windows 2000 server domain controller with new hardware running server 2012 r2.  best/easiest procedure

Posted on 2015-02-13
Last Modified: 2015-04-17
Replacing  Domain controller currently running Server 2000 on ancient hardware with new hardware. The new hardware will be running windows server 2012 R2.  What is the best way to go about this?  It is a small network with about 25 clients.  The clients are mostly Windows 7 Pro.
Question by:gpwalk
  • 6
  • 5
  • 2
  • +1
LVL 34

Expert Comment

by:Paul MacDonald
ID: 40608953
Build the new server.
Join it to the domain.
Promote it to a domain controller.
Move all the FSMO roles from the server being replaced to the new server.
Demote the old server.
Remove the old server from the domain.

FWIW, I strongly recommend at least two DCs for fault tolerance.  If you don't have two DCs, have very good backups.

Author Comment

ID: 40608956
Some additional information:  there are two addition servers on the network.  Both are configured as application servers, both running server server 2003. one is x64, the other is 32 bit.
LVL 34

Expert Comment

by:Paul MacDonald
ID: 40608959
The other member servers won't change the procedure.
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!


Assisted Solution

by:Marc L
Marc L earned 250 total points
ID: 40608963
2012 domain controllers need at least a 2003 domain, so you'll have to first upgrade to 2003, but the basic procedure would be:

1. Install domain controllers that run Windows Server 2003 or later. These domain controllers can be deployed on an evaluation version of Windows Server. This step also requires running adprep.exe for that operating system release as a prerequisite.
2. Remove the Windows 2000 domain controllers. Specifically, gracefully demote or forcibly remove Windows Server 2000 domain controllers from the domain and used Active Directory Users and Computers to remove the domain controller accounts for all removed domain controllers.
3. Raise the forest functional level to Windows Server 2003 or higher.
4. Install domain controllers that run Windows Server 2012.
5. Remove domain controllers that run earlier versions of Windows Server.
LVL 33

Accepted Solution

it_saige earned 250 total points
ID: 40608970
The application servers will not affect the process and should not be affected by the process.  The only items affected are the DC's, however, I think you may be in a catch 22 as Server 2012 requires that your Forest and Domain Functional Levels be at least Windows Server 2003.  This means that you will *have* to use an intermediary server (Windows Server 2003 or Windows Server 2008) in order to proceed.

Essentially you will still use Paul's steps, but you would first add the intermediary.  Once the intermediary is in place (using Paul's steps).  Demote the 2000 Server, raise the Forest and Domain Functional Levels and then use Paul's steps again to add the 2012 Server.


Author Comment

ID: 40608976
That seems simple enough but:
What about the machine name of the servers. Does the matter as long as they are not the same?
What about the SIDs?  and share name the clients are linked to?
I'm not sure how to identify all of the FSMO roles.

Author Comment

ID: 40608982
Now this is beginning to NOT sound simple enough.
I have 24 hours to accomplish this once I begin.
LVL 33

Expert Comment

ID: 40608983
There are 5 FSMO Roles (PDC Emulator, Domain Naming Master, Infrastructure Master, RID Master and Schema Master).  

Transferring them is a well documented process:

As for the Machine Name, you are correct, they cannot be the same.
Don't concern yourself with the SIDs.  These are generated in AD and since you are not creating a new Domain, they will not be affected.

LVL 33

Expert Comment

ID: 40608985
What version of 2012 R2 are you going to use (Standard or DataCenter)?

LVL 33

Expert Comment

ID: 40608987
Also you mentioned Shares.  Do you have shares on your existing DC?


Author Comment

ID: 40609954
it Sage
2012 R2 is standard
Yes the current 2000 domain controller is a data server as well, with shared drives.

Author Comment

ID: 40620177
What would be the pitfalls of just creating a new domain using the 2012 server?
Since the entire Domain consists of 4 servers(One is the win 2K controller and the others are 2003 servers)
Other than:
1. New SIDs, which would be a new desktop on each client there are 24 clients total.
2. Possibly having to reinstall networked applications
3 New user profile.
4 Moving the shared data on the old controller(WIN2K) to the new controller/
LVL 33

Expert Comment

ID: 40621272
Ultimately, I think this would cause more work than you realize and you would not be able to get this completed in a 24hour period.  You would end up with literally days [if not weeks] of clean-up work because this user is missing this or that user is missing that, etc...

No, if you can't promote one of your existing 2003 servers to a domain controller, I was thinking of leveraging Hyper-V on the new server (unless someone else has a better idea).

In a nutshell, here are the steps involved:

1.  Install Server 2012.
2.  Join the server to the domain as a member server.
3.  Add the Hyper-V role (and only the Hyper-V role).
4.  Create a virtual guest for a 2003 Server.
5.  Install the 2003 server OS and join it to the domain.
6.  Promote the 2003 server to a DC.
7.  Transfer your FSMO roles.
8.  Ensure correct replication.
9.  Demote the 2000 server (but leave it online).
10. Raise the Forest and Domain Functional Levels to Windows Server 2003.
11.  Create a virtual guest for a 2012 Server.
12.  Install the 2012 server OS and join it to the domain.
13.  Promote the 2012 server to a DC.
14.  Repeat steps 7 and 8.
15.  Demote the 2003 server and remove it from the domain.
16.  Remove the 2003 guest from the Hyper-V console.

As I said this is just a quick summary of the steps, there is a lot of work to do and I don't want you to do anything that you are not comfortable with.  If you feel that you can create a new domain and accomplish everything, then I want you to do that.


Author Closing Comment

ID: 40730551
My ultimate decision was to build a new forest and DC, then move the users and PC to the new domain.
Thank you all.  It came down to business decision rather than a technical solution only.  There were very few technical issues

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange 2010 smtp and senderbase ratings 3 72
BGP routing on Windows 2016 7 123
Dell R710 raid config 9 87
Run Server 2012 on PowerEdge 2950 13 34
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question