Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Upgrading Domain to Windows 2012 R2

Posted on 2016-10-15
7
Medium Priority
?
87 Views
Last Modified: 2016-12-09
My domain at work is very large 8 Windows 2008 R2 DC and 1 RODC in the DMZ. We are looking to upgrade our domain to Windows 2012 R2. Would like to go to Windows 2016 but way to new since it just went GA this week. I need to keep the same DC names and was planning on take one DC demoting it: doing a fresh install of Windows 2012 R2 then promoting it.

1) Should I do the DC hold all of our FSMO roles first or last for the upgrade?
2) Would it be better to add a small temp WInodws 2012 R2 DC just to introduce a Widows 2012 R2 DC to the environment first or not need and just take an existing DC and demoting it
0
Comment
Question by:compdigit44
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 7

Expert Comment

by:Niten Kumar
ID: 41845302
1.  Transfer the FSMO roles right at the end
2.  Good idea to introduce a temp domain controller to test out...to see if all goes AD replication, sysvol etc
0
 
LVL 20

Author Comment

by:compdigit44
ID: 41845694
I usually do not like adding more server but adding one temp one first would allow use to test integration with our existing 2008 R2 servers without taking an existing server offline. Also our DL and FL is already at Windows 2008 R2.. Anything else I am missing here. I always like to talk something like this through multiple times. The AD promotion Wizard will automatically kick off a domain and schema update correct?
0
 
LVL 30

Expert Comment

by:Rich Weissler
ID: 41845806
> The AD promotion Wizard will automatically kick off a domain and schema update correct?

Yes, in Server 2012 R2, when you perform the configuration on the first server after installing the Active Directory Domain Services, the process will perform the necessary schema updates (which had been a separate process in the 'old days',) so make certain you're performing that configuration as a Schema Admin.

I'm more on the fence concerning introducing a temp domain controller, which you'll need to make certain gets cleaned up at the end of the process.  I suppose it would come down to asking how redundant the domain controller services are in each site.

In the past, I've have the new computer built and available... and after the old DC is demoted, rename it and give it a new IP address... then rename the new computer to the old DC name and give it the old IP address name.   Only then do I promote the new computer to be a DC.  Your mileage may vary.

[paranoid]  And I'm certain it's in your plan already, but just to talk things thru and spell out assumptions... as you demote each domain controller, you'll be moving the FSMO off the 'soon to be retiring server' first, and giving any transfers time to propagate before demotion...   (I.e. there shouldn't ever be a case where a domain controller being demoted has one of those roles.)
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 20

Author Comment

by:compdigit44
ID: 41845846
Our AD environment is very health and we have 8 DC's... I do not know if it is best to spin up a new VM as 2012 R2 or demote and existing server and do a fresh install?? All DC need to have the same name and ip
0
 
LVL 30

Accepted Solution

by:
Rich Weissler earned 1000 total points
ID: 41846021
There are a couple factors that would drive me towards a decision between building a new VM vs reusing the old hardware.
How old is the hardware?  How much warranty is left on the old server hardware?
How much experience do you have with your virtualization environment and is it at least reasonably up to date?  (Really old virtualization environments shouldn't actually support virtual domain controllers... but I assume you're running relatively current...)

For my $0.02, all else being equal, I'd lean towards spinning up a new VM.
0
 
LVL 7

Assisted Solution

by:Niten Kumar
Niten Kumar earned 1000 total points
ID: 41846252
Also note that if you have multiple sites and dc's at sites are not redundant then login issues can occur if you choose to demote and reinstall. If you have multiple dc's at sites then there shouldnt be any problem. The login issue will depend on how many users you have in the sites and how good is your site to site link.
0
 
LVL 20

Author Comment

by:compdigit44
ID: 41846954
Are hardware is underwarrnty until 2019, we have a very large VMware environment with 80 host and 900 VM's
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question