• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 269
  • Last Modified:

Windows Server 2003 R2 to Server 2012 R2 Domain Controller Upgrade

Hello,

I have a question regarding domain functionality.  I have completed upgrading my domain from Server 2003 to  2012 R2.  At the moment, the domain functional level is still 2003.  MSPDC1 is server 2003 and MSPDC2 is server 2012 R2.     In the coming months, I will be running DC promo on the 2003 domain controller.   I will then reformat and install a fresh copy of server 2012R2 on MSPDC1 and this will be the additional domain controller running server 2012R2.    At the moment, does it cause any issue having a 2003 domain controller and 2012 domain controller existing together?   Everything is working and in Sync.
0
stressedout2004
Asked:
stressedout2004
  • 2
  • 2
  • 2
  • +3
2 Solutions
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
At the moment, I know of no known issues.  HOWEVER, Server 2003 is NO LONGER SUPPORTED.  That means, among other things, when Microsoft does an update to Windows Server 2012, they are likely NOT testing it with 2003, so any new updates to Windows 2012 COULD break connectivity to the 2003 server.  So it works today... it might not work tomorrow and you can't be certain it wasn't an update that broke it.  Really, you need to remove the 2003 server ASAP.
0
 
No MoreCommented:
While it is on forest/domain level 2003 you will get no problems, as this is the minimal configuration for server 2003r2 and 2012r2 to coexist.

You should plan to transfer all FSMO roles to new DC and make sure you transfer all of them, before you do DCPROMO

After you will level up forest and domain level,
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
No MoreCommented:
But he has 2003 R2 not 2003 so your link is obsolete
0
 
kf4apeCommented:
1) make sure both boxes are patched to current before adding the 2012r2 node
2) check to see if node 1 has cert services or any other items/services hosted
3) add the second server to your environment
4) make sure no clients are pointing there for DNS (this could take some WMI scripts, powershell, wireshark or all 3)
5) move your FSMO rolls to the other box one at a time
6) wait a bit...dont rush a decom, some one maybe tapping into it for LDAP with copiers, apps or who knows what
7) possible scream test...we did quite a few of these, ones we didnt couldnt easily identify who was talking to it, we powered down for 2-3 weeks...if they are VMs, its easy to fix, just power back on
8) dcpromo and AD cleanup...post dcpromo, make sure records in DNS, NTDSUTIL are all correct
0
 
kevinhsiehCommented:
I always use the existing IP addresses of DNS servers. At my current employer I have replaced the DCs at least 3 times, and even moved which location they're in, without ever needing to touch a client, other server, printer, copier, or other random device. :)
0
 
kf4apeCommented:
Usually I replace also (about 75%), but in some case the ip/subnet was being retired...
0
 
it_saigeDeveloperCommented:
@David Fiala - The link applies to Windows Server 2012 R2 and not any specific version of Windows Server 2003.  As explained in the TID, the issue is caused because of a mismatch in encryption types (AES on Server 2012 R2) and (DES on Server 2003).
When a Windows 2012 R2 domain controller is added in an environment where Windows Server 2003 domain controllers are present, there is a mismatch in the encryption types that are supported on the KDCs and used for salting. Windows Server 2003 domain controllers do not support AES and Windows Server 2012 R2 domain controllers do not support Data Encryption Standard (DES) for salting. - Source

@stressedout2004 - Along with what else has been stated here, you need to be aware of the possibility of a corrupted FRS database (a common occurance for Windows Server 2003 and Windows Server 2008).  Look for Event ID 13568 on your 2003 Server which indicates that your FRS Database is in a JRNL_WRAP_ERROR state.

For more information - https:/Q_28946540.html#a41601909

-saige-
0
 
stressedout2004Author Commented:
Thank you.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
  • 2
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now