pepps11976
asked on
Windows Server 2003 DC
Hi All
We have two domain controllers one is a server 2003 and the other is server 2008, the server 2003 was the first domain controller installed and we would like the 2008 server or even build a 2012 server to be the new Primary controller.
what steps need to be taken to decommission this
We have two domain controllers one is a server 2003 and the other is server 2008, the server 2003 was the first domain controller installed and we would like the 2008 server or even build a 2012 server to be the new Primary controller.
what steps need to be taken to decommission this
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I have recommended this question be closed as follows:
Accept: Sajid Shaik M (https:#a42177740)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
I have recommended this question be closed as follows:
Accept: Sajid Shaik M (https:#a42177740)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
1. I would perform a DCDIAG to determine the current health of the domain.
2. You could potentially have a corrupted FRS Database on the 2003 Server. This is quite a common occurance. Luckily though, you can determine the FRS health by using FRSDiag (or browsing through your Event Logs).
I would recommend reading this blog concerning FRSDiag.
Specifically the event you are looking to find is Event ID 13568:If you do find that your FRS Database is in a JRNL_WRAP state, you can easily repair this by reinitializing the FRS replica sets. Microsoft has a TID that discusses the process: http://support.microsoft.com/kb/290762
In a nutshell, the process involves stopping the FRS service, editing the HKEY_LOCAL_MACHINE\SYSTEM\
You first want to ensure that you have stopped the FRS service on all DC's. Then on the 2003 server that holds the PDCe FSMO role, perform the following steps.
1. Modify the registry setting for the BurFlags key using a value of D4.
2. Restart the FRS service.
On your remaining DC's:
1. Modify the registry setting for the BurFlags key using a value of D2.
2. Restart the FRS service.
Look for event 13516 to indicate that the FRS is no longer preventing the 2012 server from becomming a domain controller.
3. You may need to modify the component services on your 2003 DC before ADPREP will successfully run:
https:/Q_28584877.html#a40514872
4. Kerberos Authentication can fail intermittently (Microsoft has a hotfix for this issue) - http://blogs.technet.com/b/askds/archive/2014/07/23/it-turns-out-that-weird-things-can-happen-when-you-mix-windows-server-2003-and-windows-server-2012-r2-domain-controllers.aspx
After doing the above, I would then use the Active Directory Domain Service wizard to add the 2012 server to the domain: https://blogs.technet.microsoft.com/canitpro/2013/05/05/step-by-step-adding-a-windows-server-2012-domain-controller-to-an-existing-windows-server-2003-network/
I would also add that since DFRS is now the preferred method for storing AD related replica files (SYSVOL, Policies, etc.), that you migrate FRS over to DFRS as a part of the steps you have outlined above.
https://blogs.technet.microsoft.com/filecab/2014/06/25/streamlined-migration-of-frs-to-dfsr-sysvol/
Then you would transfer the roles to the new server using the method described in the link in the previous post - https://social.technet.microsoft.com/wiki/contents/articles/832.transferring-fsmo-roles-in-windows-server-2008.aspx
After that you can demote your 2003 server and raise your Forest Functional Level/Domain Functional Level to Windows Server 2008 (if your 2008 server is R2, then you can raise them to Windows Server 2008 R2)
https://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels(v=ws.10).aspx
-saige-