Upgrading Domain Controller from 2003 to 2012


I have 7 DC distributed across different locations. ALL DCs are Server 2008 except two DC. Two DC are Server 2003. My FSMO Roles are assigned to my Server 2008 DCs. I will be looking to upgrade the server 2003, and I'd like to know what is the best plan on doing the upgrade. I'd like to know if I should upgrade to Server 2012 and then plan on upgrading my Server 2008 next?
Jaime CamposAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Upgrading DC means just to install a new Server and promote it as DC....
After that, you degrade the older ones...

If all old DCs are out, you can raise the Forest and Domain Functional Level to the lowest version of the older servers. Means as long as you have 2003 DCs in place, you can not raise the functional level.

Higher functional level means some more features in AD.
..and..., of course...
Start with the oldest ones...
Jaime CamposAuthor Commented:
I couldn't use the same physical server by upgrading to Server 2008 or 2012?
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
Going forward your enviroment should be virtualised 100% ideally or partially virutalised.
some of these physical servers should be retired, become host servers where capable, also they can become like monitoring servers for your virtual environment.
You can also go into the other direction...
Make sure no server / service is connected to this dedicated DC...
(Some servers like exchange allow to directly attach them to a DC...)
Make sure the DC doesn't hold any FSMO roles...
(move them to a different DC if needed...)
Demote the old DC....
Make sure replication has reached all other servers and the old DC is completely away...
Check event log for replication errors....
You may also check the containers in AD for DCs....
Remove the server from AD
Reinstall the machine, new OS...
Add the server again to AD.
Promote it as DC....

If you are sure, that no fragments are left over from the old DC, you even can keep the name and IP.
Works as long as you have at least one DC with all FSMO roles and the global catalog online.
Oh, just to answer your question....
There is no inplace upgrade.... DCs are all the time new....
Jaime CamposAuthor Commented:
Great!! How do I ensure it isn't replicating to this server?
Jaime CamposAuthor Commented:
Should I upgrade to 2012 or 2008 if all my other servers are 2008?
The first step is to invest the event logs for AD related replication errors...
Also goto AD Sites and Services. There you find all DCs.
If you demote a DC, it should go away, or at least the NTDS Settings (the replication connections) should go away.

Note for the AD view as well as the event logs, that you should check all remaining / existing DCs. If you connect to Sites and Services, you see only the actual connected DC. You can change the DC by right click on Active Directory Site and Services - Select Domain Controller. This way you can have a look, if all DCs look equal.

Removing the DC too early may lead to a inconsistent state and replication errors. If this happens, some handwork is necessary to remove all left over fragments.

Also before you change anything, if you see inconsistent properties (one DC have them, others not) or you see replication errors on one of the DCs, try to solve them first before you demote a DC.

A simple replication test is just to change something on one DC (i.e. create a new user) and then check all other DCs, if the user is there after some time. Check also all event logs, if they are clean, everything should run as it should.
Kash2nd Line EngineerCommented:
you can attach a 2012 DC to your environment, make sure the forest funcitonal level is at 2008.
if there are no FSMO roles served by 2003 dc then you are ok to demote it.
you just to make sure that there are no SHARES etc on it.
I would say 2012 R2 if you can....
The lowest level (oldest DC) determines the functional level. So all DCs run in the same mode, doesn't matter which OS version they have... But earlier or later you migrate them anyway. So continue with the newest one....

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.