Consolidating servers with a focus on AD on different versions of Windows Server

Adam Bell
Adam Bell used Ask the Experts™
I have two WS2003 servers virtualised with VMWare running as redundant AD masters for 2 other W2003 servers and 2 WS2008 servers and one WS2012 server.  Aside from file and print, accounting and web apps also serviced plus backup partitions distributed across RAID5 arrays on each machine.

There are regular AD errors but the network is operational although servers now need to be upgraded so new hardware and moreso new Windows Server software available. I suspect local resellers will not go below 2012.

My question is how to go about the process of evaluating the current system, whether rebuilding the AD is necessary (some older PC's might not reconnect well but this is not the deciding factor), and if so under which version to standardise, noting that 2016 has more virtualisation features but may be more problematic for older version sof windows clients to connect to ?

Any pointers, things to watch out for, greatly appreciated...
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Rated Freelancer on MS Technologies
Awarded 2018
Distinguished Expert 2018
The 1st thing to evaluate is the software that you have on your 2003 servers and check the compatible version of Windows Server.

I would in 1st hand to check the Forest and Domain Functional levels, they should be something like 2003.
So 1st you need to move the 2003 servers: For that, you would need to change the domain masters to a new system ( maybe 2012 R2 or 2016).
I think that the sooner the better, windows server 2016
This is the table for server 2016:

I haven't seen anything of people having issues with 2016 for clients OS (old) it should work like any other Windows server with any client especially from windows7 to 10, windows XP is kind of old and it can be upgraded to Windows 7 without many issues.

So in big picture I'd propose 2016.
1 Check 2003 and move applications and roles to a 2008 machine.
2. Then remove the 2003 servers or update their software.
3 Increase the functional level to 2008 (or 2008 r2) the one you have in your infrastructure.
4. deploy ws 2016, move the AD roles into it.
5. Deploy failover servers from ad.
6 migrate file server and print server accounting and all that stuff
7 remove 2008 r2 and 2012
8 deploy 2016 and move the missing services there.

Keep in mind that the decisive points are basically the compatibility of your actual programs with 2016, and if they can be turned around with that OS, or get licensing, some programs are updates to 2016 but it's required a new license, all of that you should keep in mind to the project.

Here are the 2016 features:

By the way, the windows 2008 or 2012 has a vulnerability of TLS1.0 make sure you don't have it.
Here's a script that solves that:

BTW also added you some graphics


Many thanks Jose,  containers pointers to all the key areas to cover.  In particular the sequence.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial