Using old 2003 domain controller for failover back up.

frewballs
frewballs used Ask the Experts™
on
I recently installed a new Server 2012 machine on a small network to replace our aging Server 2003 DC.  I have completed the migration of Active Directory, DNS, FSMO roles, made the 2012 machine the schema master, etc.  Everything has been running fine for a few days.  The only roles still left are file and print server.  Everywhere I have looked it is mentioned to remove the 2003 server from Global Catalog Server, demote it, and shut it down.  The hardware is still OK and the domain and forest functional levels are at 2003.  Is it OK to keep this 2003 server online as a failover DC to create some redundancy?  Would I need to do anything specific to ensure they get along?

Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Technical Architect - Cloud
Commented:
Should be fine together but

1- Your stuck on an older functional level
2- Your 2003 server remains out of support

Why not put 2012 on the old server?
StuartTechnical Architect - Cloud

Commented:
http://blogs.technet.com/b/askds/archive/2014/07/23/it-turns-out-that-weird-things-can-happen-when-you-mix-windows-server-2003-and-windows-server-2012-r2-domain-controllers.aspx  from a quick google, it does look like some people out there have had issues with this configuration. Proceed with caution ;)
Lee W, MVPTechnology and Business Process Advisor
Most Valuable Expert 2013
Commented:
The blog is over a year old and a patch has been issued so that's a non-starter in my opinion.

HOWEVER, the single biggest reason to get rid of the 2003 server:
It is no longer get security patches.  It's more likely to be infected and/or hacked - there are automated attacks all the time which is why patching is important - but you can't patch 2003 anymore - no more patches are being issued.  Every day you leave it on your network is another day more likely you're going to have issues.  Further, new patches on 2012 are NOT being tested with 2003 DCs so if they affect something, MS won't know and frankly, probably won't care...
If you don't have any application dependency related windows server 2003 or functional level 2003 then you can replace windows server 2003 with 2012.

Author

Commented:
Thanks everybody.  Nice to know it will work but it's a good point about the on-going vulnerability issues and patches down the road potentially causing problems with 2003 DCs.  Appreciate it!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial