• Status: Solved
  • Priority: High
  • Security: Public
  • Views: 128
  • Last Modified:

Consolidating servers with a focus on AD on different versions of Windows Server

I have two WS2003 servers virtualised with VMWare running as redundant AD masters for 2 other W2003 servers and 2 WS2008 servers and one WS2012 server.  Aside from file and print, accounting and web apps also serviced plus backup partitions distributed across RAID5 arrays on each machine.

There are regular AD errors but the network is operational although servers now need to be upgraded so new hardware and moreso new Windows Server software available. I suspect local resellers will not go below 2012.

My question is how to go about the process of evaluating the current system, whether rebuilding the AD is necessary (some older PC's might not reconnect well but this is not the deciding factor), and if so under which version to standardise, noting that 2016 has more virtualisation features but may be more problematic for older version sof windows clients to connect to ?

Any pointers, things to watch out for, greatly appreciated...
0
Adam Bell
Asked:
Adam Bell
1 Solution
 
Jose Gabriel Ortega CCEO J0rt3g4 Consulting ServicesCommented:
The 1st thing to evaluate is the software that you have on your 2003 servers and check the compatible version of Windows Server.

I would in 1st hand to check the Forest and Domain Functional levels, they should be something like 2003.
So 1st you need to move the 2003 servers: For that, you would need to change the domain masters to a new system ( maybe 2012 R2 or 2016).
I think that the sooner the better, windows server 2016
This is the table for server 2016: https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/supported-windows-guest-operating-systems-for-hyper-v-on-windows

I haven't seen anything of people having issues with 2016 for clients OS (old) it should work like any other Windows server with any client especially from windows7 to 10, windows XP is kind of old and it can be upgraded to Windows 7 without many issues.

So in big picture I'd propose 2016.
1 Check 2003 and move applications and roles to a 2008 machine.
2. Then remove the 2003 servers or update their software.
3 Increase the functional level to 2008 (or 2008 r2) the one you have in your infrastructure.
4. deploy ws 2016, move the AD roles into it.
5. Deploy failover servers from ad.
6 migrate file server and print server accounting and all that stuff
7 remove 2008 r2 and 2012
8 deploy 2016 and move the missing services there.

Keep in mind that the decisive points are basically the compatibility of your actual programs with 2016, and if they can be turned around with that OS, or get licensing, some programs are updates to 2016 but it's required a new license, all of that you should keep in mind to the project.

Here are the 2016 features: https://docs.microsoft.com/en-us/windows-server/windows-server

By the way, the windows 2008 or 2012 has a vulnerability of TLS1.0 make sure you don't have it.
Here's a script that solves that: https://gallery.technet.microsoft.com/scriptcenter/Solve-SWEET32-Birthday-d2df9cf1

BTW also added you some graphics
Drawing1.pdf
Drawing1.vsdx
0
 
Adam BellAuthor Commented:
Many thanks Jose,  containers pointers to all the key areas to cover.  In particular the sequence.
1
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now