Solved

(capt) Windows 2003 Server AD upgrade to Windows 2012

Posted on 2015-02-24
5
103 Views
Last Modified: 2015-03-03
Hi

We have an old AD environment consisting of various servers for multiple purposes:
2x Domaincontroller (AD01 and AD02)
2x FileServer
1 MS VPN Server (VP01)
1 Mailserver running Lotus Notes

I would like to minimise the amount of servers, and have already consolidated the Fileservers. Now that the 2003 Server is EOL I want to upgrade the Domaincontrollers and decommission the VPN server.

The VPN server VP01 acts as a gateway for the Users and provides the logging of Routing & Remote Access functionality. The certificates for the VPN clients are handled by the Backup DC (AD02)

And now for the very broad and general Q.....How do I upgrade the two DCs to Windows 12R2 and configure VPN? Will my other 2003 servers that I am not upgrading talk to the new servers no problem?

I appreciate that this is a very non detailed question, but as I don't even know where to start, I thought this could be an iterative process...

Thanks
capt.
0
Comment
Question by:captain
5 Comments
 
LVL 9

Assisted Solution

by:Muhammad Mulla
Muhammad Mulla earned 100 total points
ID: 40628126
A good place to start is making an audit of all the applications in your environment and checking that they will be compatible. Update any apps that might need an update.

This series of blog posts is quite good: http://blogs.technet.com/b/askpfeplat/archive/2013/06/03/upgrade-active-directory-to-windows-server-2012-phase-1-assessment.aspx
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 200 total points
ID: 40628151
How do I upgrade the two DCs to Windows 12R2 and configure VPN? Will my other 2003 servers that I am not upgrading talk to the new servers no problem?
You will not be able to do an in-place upgrade for your domain controllers. You will have to spin up new 2012 servers, and promote them as Domain Controllers in your environment.

From there 2003 and 2012 DC's will talk to each other (replicate etc) you will then need to transfer the FSMO roles to one of the 2012 servers. The next step would be configure your PDC on the 2012 server as the authoritative time source, and point your DHCP clients to the new 2012 DC's for DNS.

From there you would then ensure replication is working properly, then demote the 2003 domain controllers.

Commands to verify replicaiton
repadmin /replsum
repadmin /showrepl
repadmin /birdgeheads
dcdiag /v

Setup Authoritative Time Server for PDC
http://support.microsoft.com/kb/816042

Time Server Hierarchy explained.
http://blogs.technet.com/b/nepapfe/archive/2013/03/01/it-s-simple-time-configuration-in-active-directory.aspx

Will.
0
 
LVL 32

Assisted Solution

by:it_saige
it_saige earned 200 total points
ID: 40628235
In addition to the comments by Will, you also want to ensure that your Domain and Forest Functional levels are set to Windows Server 2003.

Understanding Active Directory Domain Services (AD DS) Functional Levels

You also may have to modify the component services on the 2003 DC that you are performing the ADPREP on.

http:/Q_28584877.html#a40514872

Finally, Kerberos authentication can fail intermittently (Microsoft has a hotfix for this issue) -

http://blogs.technet.com/b/askds/archive/2014/07/23/it-turns-out-that-weird-things-can-happen-when-you-mix-windows-server-2003-and-windows-server-2012-r2-domain-controllers.aspx

-saige-
0
 
LVL 30

Author Comment

by:captain
ID: 40628249
Thanks so far, very useful.
0
 
LVL 30

Author Closing Comment

by:captain
ID: 40641790
Thanks. This has been postponed for a couple of months.

Very helpful suggestions
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now