Migrate to 2008 or 2012 Active Directory

A year or so ago, I had a consultant do some work on my network. We were still running 2003 servers and AD at the time. He suggested to migrate over to 2008 but because it wasn't part of the scope of the project, we didn't really plan on it entirely. What I assume the consultant did was create a 2008 server and made it as one of the domain controllers, eventually making it the primary. The problem is, when I do any AD stuff (Administrative Template) I see "Classic Administration" and everything still seems to be 2003 AD.

1. How can I ultimately know if I am running on 2008 AD or 2003 AD?
2. And if I am still on 2003 AD, what is the best path of upgrading it to 2008 AD?
3. Should I stick to 2008 AD or continue migrating to 2012 AD?
4. Can I just upgrade from 2003 AD to 2012 AD?

I wanted to run the latest WSUS on 2012 but I think it is conflicting with the old 2003 AD (Not sure).
pogibear77Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
First, let me say that I can tell by your questions that you don't have a lot of experience with Active Directory. Considering AD is often the lifeblood of most networks, I'd *strongly* encourage you to bring in a consultant if you are going to make changes. Messing with your infrastructure in an inexperienced fashion is a recipe for disaster.

But to answer your questions:

1) 2003 and 2008 (and 2012) can co-exist.  The forest and domain functional levels are known by all servers involved and at a minimum must be the *lowest* version of the DCs you have. So since you have 2003, your functional levels are *at least* that low. They may even be lower (2000.)  You can view this in ADUC and AD Sites and Services, but running a lower level just prevents you from using new features (such as the recycle bin.) They can also prevent you from adding a very new DC (2012 doesn't support 2000 functional levesl, for example) but the OS will simply throw an error when you attempt to make it a DC. It isn't that it'll run and cause problems.

2) If you want a 2008 DC, simply add it. If you want 2008 functional levels, you'll have to remove all 2003 DCs then raise the functional level in the ADUC and ADSS GUIs.

3) Personal preference. It depends if you have licenses, have a reason to upgrade, (or not upgrade), and your comfort level. Both are valid choices, but I don't know your goals or budget.

4) Yes.

There is no reason why AD would cause WSUS to fail. The two are independent.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
StuartTechnical Architect - CloudCommented:
Also be aware of the compatibility of other products such as Exchange when you plan your AD upgrade. Plan in detail before you take any further steps forward and as Cliff suggested if your unsure bring in a consultant even if it is for a few days to assist with a design
0
Kash2nd Line EngineerCommented:
I could have explained but I would say the same thing as above. Get someone who knows to do it as it can go wrong.
Make sure whatever you do, there is backup to go back to. Good Luck.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

pogibear77Author Commented:
Thanks for the advice everyone. Migrating an AD is something that I don't do often so I am very rusty at this stuff. Being that said, my AD environment is not that complex as I have moved my Exchange to the cloud so that's one thing to not worry about. I've seen many step-by-step guides and I'm sure I could call MS engineer and pay them 280 bucks for them to guide me through it all the way but I'd like to take a stab at it though. All of my domain controllers are on VM's so I can do a quick snapshot and revert if needed.
0
Cliff GaliherCommented:
NNNNOOOO!!!!!!!!!

NEVER snapshot a domain controller!  That is exactly the kind of mistake that can make a small project a huge fustercluck.  As in flatten and rebuild the entire domain from scratch level corruption!
0
pogibear77Author Commented:
I've requested that this question be deleted for the following reason:

Not the solutions I am looking for
0
Cliff GaliherCommented:
You were given valid detailed answers with multiple experts chiming in. No follow-up questions were asked. You got the answers to your question so there is no reason to request the deletion.
0
Kash2nd Line EngineerCommented:
I think Cliff Galiher should be awarded points as his answer was good enough to allow to you make a decision
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.