Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Server 2003 and 2012 Domain Controllers Concurrently?

Posted on 2015-02-17
5
Medium Priority
?
326 Views
Last Modified: 2015-02-17
Hi,

I am preparing to migrated our Active Directory environment to be hosted on 2012 servers from 2003 and there is lots of information on this process on the internet.  It seems easy enough, though not to be taken lightly.  But to "cut over" fully, that is to shut down the old 2003 servers and point everything over to the new servers is a little more involved.  IE DHCP services as well as point all static configured network devices to the new DC (also DNS) will take longer.  

I would prefer to do this in stages, IE one week, get a few additional 2012 DC joined to the domain and replicating Active Directory and DNS services.  Run that for a week to suss out any potential issues as well as not having to do too much all at once in one day (recipe for problems in my opinion).  Then the next week, spend time migrating DHCP database to the new DC as well as updating the scope settings to point to the new DCs for DNS resolution.  Changing all of the static network devices DNS settings and then having one of the new DCs takeover all FSMO roles.

First and foremost, does this seem like a logic procedure and am I missing any steps.  I am guessing the new DC will pick up to use root hints as opposed to forwarders (which is what I want) from the DNS Zone replication data?

Second, will running 2003 with 2012 DCs in tandem for a couple of weeks cause problems, or is it ok?  

Thanks
0
Comment
Question by:CnicNV
5 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 40614755
The process I would follow is below...
- Prep you 2003 DC's for 2012 DC's
- Promote the 2012 DC's to domain controllers
- verify replication it working properly
- Transfer the FSMO roles to one of your new 2012 DC's
- Update your DHCP clients to point to the new 2012 DC's
- Change all of your static IP address to point to the new DC's/DNS servers
- Demote your 2003 domain controllers
- Check and validate your replication and ensure 2003 DC's have been demoted properly
- Migrate your DHCP services to your new DC's

Post migration
- Migrate your SYSVOL Share to DFS-R
https://technet.microsoft.com/fr-ca/library/dd640019%28v=ws.10%29.aspx

Will.
0
 
LVL 3

Assisted Solution

by:Matthew Borrusso
Matthew Borrusso earned 500 total points
ID: 40614767
Will is right on the money.
The only thing I will add is that when all is said and done, to remember to up the operating level of the forest and domain to level you need it to be.
Here is all the info you will need for that.

https://msdn.microsoft.com/en-us/library/cc771294.aspx
0
 
LVL 35

Assisted Solution

by:it_saige
it_saige earned 500 total points
ID: 40614893
There are a few potential gothchas.  With regards to the promotion of the 2012 Servers:

You want to make sure that your current Forest and Domain Functional Levels are set to at least Windows Server 2003:

Understanding Active Directory Domain Services (AD DS) Functional Levels

You also may have to modify the component services on the 2003 DC that you are performing the ADPREP on.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2012/Q_28584877.html#a40514872

Finally, Kerberos authentication can fail intermittently (Microsoft has a hotfix for this issue) -

http://blogs.technet.com/b/askds/archive/2014/07/23/it-turns-out-that-weird-things-can-happen-when-you-mix-windows-server-2003-and-windows-server-2012-r2-domain-controllers.aspx

Other than those that I can think of, the comments by Will and Mathew are spot on.

-saige-
0
 
LVL 60

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 500 total points
ID: 40615108
Will's outline seems accurate. I will add one caveat though. Your initial plan to add 2012 DCs and then wait a week seems a little too cautious. A DC with nothing pointing at it adds no real benefit, and I'm not sure you'd know of any significant problems because nothing is trying to use it. 24 hours is all it should take to see any replication issues, so that additional 6 days just seems like idle time.
0
 

Author Closing Comment

by:CnicNV
ID: 40615190
Ok thanks everyone for the feedback.  It gives me more confidence going into this, I appreciate it :-)
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question