Solved

(capt) Windows 2003 Server AD upgrade to Windows 2012

Posted on 2015-02-24
5
113 Views
Last Modified: 2015-03-03
Hi

We have an old AD environment consisting of various servers for multiple purposes:
2x Domaincontroller (AD01 and AD02)
2x FileServer
1 MS VPN Server (VP01)
1 Mailserver running Lotus Notes

I would like to minimise the amount of servers, and have already consolidated the Fileservers. Now that the 2003 Server is EOL I want to upgrade the Domaincontrollers and decommission the VPN server.

The VPN server VP01 acts as a gateway for the Users and provides the logging of Routing & Remote Access functionality. The certificates for the VPN clients are handled by the Backup DC (AD02)

And now for the very broad and general Q.....How do I upgrade the two DCs to Windows 12R2 and configure VPN? Will my other 2003 servers that I am not upgrading talk to the new servers no problem?

I appreciate that this is a very non detailed question, but as I don't even know where to start, I thought this could be an iterative process...

Thanks
capt.
0
Comment
Question by:captain
5 Comments
 
LVL 10

Assisted Solution

by:Muhammad Mulla
Muhammad Mulla earned 100 total points
ID: 40628126
A good place to start is making an audit of all the applications in your environment and checking that they will be compatible. Update any apps that might need an update.

This series of blog posts is quite good: http://blogs.technet.com/b/askpfeplat/archive/2013/06/03/upgrade-active-directory-to-windows-server-2012-phase-1-assessment.aspx
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 200 total points
ID: 40628151
How do I upgrade the two DCs to Windows 12R2 and configure VPN? Will my other 2003 servers that I am not upgrading talk to the new servers no problem?
You will not be able to do an in-place upgrade for your domain controllers. You will have to spin up new 2012 servers, and promote them as Domain Controllers in your environment.

From there 2003 and 2012 DC's will talk to each other (replicate etc) you will then need to transfer the FSMO roles to one of the 2012 servers. The next step would be configure your PDC on the 2012 server as the authoritative time source, and point your DHCP clients to the new 2012 DC's for DNS.

From there you would then ensure replication is working properly, then demote the 2003 domain controllers.

Commands to verify replicaiton
repadmin /replsum
repadmin /showrepl
repadmin /birdgeheads
dcdiag /v

Setup Authoritative Time Server for PDC
http://support.microsoft.com/kb/816042

Time Server Hierarchy explained.
http://blogs.technet.com/b/nepapfe/archive/2013/03/01/it-s-simple-time-configuration-in-active-directory.aspx

Will.
0
 
LVL 33

Assisted Solution

by:it_saige
it_saige earned 200 total points
ID: 40628235
In addition to the comments by Will, you also want to ensure that your Domain and Forest Functional levels are set to Windows Server 2003.

Understanding Active Directory Domain Services (AD DS) Functional Levels

You also may have to modify the component services on the 2003 DC that you are performing the ADPREP on.

http:/Q_28584877.html#a40514872

Finally, Kerberos authentication can fail intermittently (Microsoft has a hotfix for this issue) -

http://blogs.technet.com/b/askds/archive/2014/07/23/it-turns-out-that-weird-things-can-happen-when-you-mix-windows-server-2003-and-windows-server-2012-r2-domain-controllers.aspx

-saige-
0
 
LVL 30

Author Comment

by:captain
ID: 40628249
Thanks so far, very useful.
0
 
LVL 30

Author Closing Comment

by:captain
ID: 40641790
Thanks. This has been postponed for a couple of months.

Very helpful suggestions
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
What to do when Windows Update is not working correctly? What tools can I use to detect the cause of the malfunction problem? What does this numeric error code mean? These and other questions that you have been asking in the past are answered here (…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question