Upgrading Domain Controller in Branch Location from Server 2003 to 2008 R2

Hi all.
We have 1 domain environment with 3 subnets (branch locations) here.
There are 2 domain controllers in each branch (one primary DC and one backup DC).
All of them are running either Server 2003 or 2003 R2.
I'd like to start upgrading them to Server 2008 R2 and figured starting with a backup DC would cause the least disruption.
I was thinking about bringing one of the backup DCs to my location, demoting it, installing Server 2008 R2 onto it, giving it the same name, doing as much of the configuration as I could here, then bringing it back to its proper subnet, changing the static IP and finishing up the configuration.
Does this make sense at all?
Or is it more logical to do EVERYTHING in that branch location on its own subnet?
The issue I have is time.  It's nearly a 2 hour drive to that location and if I try to do everything in that location any issues could complicate matters causing me to either get home much later than normal or have to make an additional trip there to finish the job.
I've rebuilt domain controllers before with the same Operating System but have never created a DC on Server 2008 R2.

That brings me to my next question. I'm thinking I'll need to upgrade the AD schema or something as well.  I was looking at THIS article and was wondering if I'm supposed to be performing all 3 commands or only the middle one (I only have 1 domain / forest).

This is a learning experience for me but I don't want to bring the company to a grinding halt or introduce all kinds of new issues.

Maybe there's someone on here I could bounce ideas with back and forth, etc.
LVL 1
homerslmpsonAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
That brings me to my next question. I'm thinking I'll need to upgrade the AD schema or something as well

You do in fact need to prepare the forest/domain before you can introduce a 2008 R2 DC into the environment.

As for the upgrade because you have 2 DC's at each location and if you plan to reuse the hardware then you can do this as you have stated.
- Demote one of the DC's at the branch site (leaving one for users to authenticate to)
- Make sure that you delete the 2003 computer object for this DC you have demoted
- completely format/install 2008R2 on the hardware
- add the machine to the domain (you can use the same IP as the old machine)
- promote this DC at the branch site
- continue the process for the second DC at the site

You also might want to configure your DHCP scopes as well, for your clients DNS settings. It is cleaner if your clients are not trying to point to a DNS server that is not online, it will fail to the next one in the list but there will be a delay as there is a timeout period for this.

Other than that its pretty straightforward.

Will.
0
homerslmpsonAuthor Commented:
Thanks for the reply.

So I take it I'm to run adprep /domainprep /gpprep on the Server 2008 R2 DC before promoting it?

Or could I just run it from another Server 2008 R2 server on my domain?

Are there any common complications that arise when upgrading the AD schema? Or are there only issues in very strange/unique circumstances?

It looks like RODCs might be the way to go for the branch DCs.  This is a "new" feature in Server 2008.
The DCs here have a few roles assigned to them including DNS, DHCP, file and print sharing.
Any reason someone WOULDN'T make the branch DCs read-only?
0
Will SzymkowskiSenior Solution ArchitectCommented:
So I take it I'm to run adprep /domainprep /gpprep
If you are using AD 2003 32-bit you will need to use adprep32.exe

To perform the Schema update you need to be part of the Schema Admins, Domain Admins and Enterprise Admins Group.

You then need to login to the Schema Master Role Holder and run the commands. See the link below for full details.
https://technet.microsoft.com/en-ca/library/cc753437(v=ws.10).aspx

Make sure that you backup your DC's using a System State backup before modifying the Schema (this change is not reversable and you will need to restore using system state backup if you need to revert back).

It looks like RODCs might be the way to go for the branch DCs.
Personally i would not use RODC's they are not worth the setup. If you need a DC at a branch office then you a Read/Write DC not an RODC.

Also if you have Exchange in the Branch office RODC will not work with Exchange, you need a Read/Write DC.

If you do however need to configure an RODC you need to also prep the domain form them as well adprep /rodc

Another note would be to make sure that your replicaiton of your current 2003 environment is replicating properly and that there are no errors. Use the below commands to check...
Repadmin /replsum
Repadmin /showrepl
Repadmin /bridgeheads
DCDiag /v

Also to check your FSMO Role holder use the following command
netdom query fsmo

Will.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

homerslmpsonAuthor Commented:
OK well all the commands you suggested I run came back good.
I've attached them in case you're bored lol.

We only have Exchange in the main branch here but I'll do some more research on the RODCs before making a decision.

I have the old school Windows NT Backup for each DC's System State scheduled for various times throughout tonight.

The FSMO role holder is a local server running 32-bit Windows Server 2003 R2.  Where am I finding adprep32.exe?
Is it on the Server 2008 R2 CD?
Replication-Results.txt
0
Will SzymkowskiSenior Solution ArchitectCommented:
The FSMO role holder is a local server running 32-bit Windows Server 2003 R2.  Where am I finding adprep32.exe?

This is located on teh installation media. The link that i had referenced on my first post illustrates all of the steps a long with the location where the adprep32.exe is.

Also your txt results look good.

Will.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
homerslmpsonAuthor Commented:
Thanks for your help with this.
I'm still deciding if I want to go to the branch and try and bang everything out in one day or have the server get sent back here and take my time with it.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.