Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Things to look out for when upgrading from Windows 2008R2 AD to Windows 2012R2 AD

Posted on 2016-08-25
3
Medium Priority
?
106 Views
Last Modified: 2016-08-25
Hello Everyone,
It's been a while since ive done a domain upgrade (from 2003 to 2008 R2).

I've been looking at these sites:

https://technet.microsoft.com/windows-server-docs/identity/ad-ds/deploy/install-active-directory-domain-services--level-100-

http://jackstromberg.com/2013/10/migrating-domain-controllers-from-server-2008-r2-to-server-2012-r2/

to help with the update. I have two new servers that i will be installing Windows 2012 R2 and making them into DC's. I will then uninstall the DC role on the two current ones.

My biggest question is, what should i be aware of when upgrading to a 2012R2 AD? Currently the functional level is 2003. The workstations are Windows 7 and above and only a few 2003 member servers. We also have a few ubuntu servers and sun solaris 11 servers that connect to shares on the network and a few net app filers and overland storage snap servers.

I want to make sure connectivity to the shares will still happen as well as being able to add devices to the AD.

Thank you.
0
Comment
Question by:msidnam
3 Comments
 
LVL 22

Assisted Solution

by:Joseph Moody
Joseph Moody earned 600 total points
ID: 41770802
There aren't too many pitfalls from what you've read. You can still keep the FFL at 2003. You would probably want to raise it when you get to 2012R2 to take advantage of all of the new stuff (Recycle bin, Fine grain passwords, Microsoft Passport, etc). Nothing too much to worry about there either.

Document everything. Take a DC offline for a short period and make sure that nothing is hard coded to point at that DC. If it is good, you can add a new DC and demote your old one. Continue process.
0
 
LVL 16

Accepted Solution

by:
FOX earned 1400 total points
ID: 41770828
Your situation is pretty straightforward
1. Make sure the new servers are fully patched
2. Add the IP of the 2008r2 domain controller to nic\preferred dns entry on both servers
3. Join both new servers to the domain
4. Promote both domain controllers as additional domain controllers on the domain through the gui or via powershell.  ref link: https://technet.microsoft.com/en-us/library/hh974719(v=wps.630).aspx
5. Add the ip of new domain controllers to preferred dns(each pointing to itself) and add the ips of the other domain controllers as alternate dns entries.
6. from any new domain controller do a netdom query fsmo(elevated command prompt) to verify where your roles are.
7. transfer your roles- from one of the new domain controllers launch powershell(right-click run as administrator) with 2 commands
Import-Module ActiveDirectory
Move-ADDirectoryServerOperationMasterRole -Identity "newDcname" -OperationMasterRole 0,1,2,3,4
ref link: http://www.nogeekleftbehind.com/2013/05/28/powershell-move-ad-fsmo-roles-in-server-2012/
8. verify again after the transfer              netdom query fsmo
9. verify replication- run  the command   Repadmin /replsummary    from each of the new domain controllers
10. If you are using dhcp set the ips of the new domain controllers to be pushed to the dns entries of all workstations
0
 
LVL 2

Author Closing Comment

by:msidnam
ID: 41770860
Thank you both.
0

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question