FSMO roles transfer

Expert out there, I would appreciate your recommendation on keeping Windows 2012 and Windows 20008 domain controllers.
 We have added Windows 2012 domain controllers in windows 2008 R2 . The FSMO roles are on Windows 2008 R2 with functional level with windows 2008.
We are about to install new Exchange servers where windows 2012 DC reside.
1 Should we have to move FSMO roles to Windows 2012 including schema master?
If so
How do we do?,  do we have to run Domain prep , forest prep etc  since Windows 2012 is upper version and schema version is not same as windows 2008.
LVL 2
sara2000Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
2008 is very near end if life. Retire them.


Don't install exchange on a DC. *EVER!*

Schema versions apply to domains and forests, bot individual servers. You don't need to adprep or forestprep to move FSMO roles.
2
yo_beeDirector of Information TechnologyCommented:
You should always adprep your Schema if you are installing a newer version of the AD, but it should run automatically when you add the 2012 ADDS Role.

https://blogs.technet.microsoft.com/activedirectoryua/2013/02/05/adprep-in-windows-server-2012/

You do not have to move the FSMO role, but as Cliff mentioned it probably is a good idea to start thinking about sun setting the 2008 machine and moving the FSMO roles would be the first steps.

This a very straight forward propose and there is plenty of How To: or step by steps out on the internet.  

Here are a few links
http://www.techieshelp.com/how-to-transfer-fsmo-roles-graphical-and-command-line/
https://www.interworks.com/blog/ijahanshahi/2014/01/20/transferring-fsmo-roles-another-active-directory-controller

I will also reinforce what Cliff stated (Exchange should never be run on your DC)   Your DC should have very limited access to it other than authentication validation.
1
Cliff GaliherCommented:
Based on the OP's original post, it sounds like the DCs are already in  place, thus my statement that schema changes wouldn't be necessary. Just to clarify.
0
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

sara2000Author Commented:
May be, I have not give enough info. No we are not going to install Exchange on DC !!.
Yes , we have Windows 2012 and Windows 2008. The FSMO roles are on Windows 2008 at present.
I noticed the schema version is not same on all DCs .
Installation of Exchange requires schema update. Always better to keep the schema closer to Exchange.
0
Cliff GaliherCommented:
If the schema version is not the same on all DCs in the same domain then you have bigger issues. That is not a healthy AD at that point.
1
Cliff GaliherCommented:
And again, to clarify  this is a bigger issue. Just running adprep to get the DCs to the same schema version won't solve the issue. The mismatch is highlighting a replication issue and the schema version is just one symptom. You really need to assess the health of the environment and address underlying errors.
0
Jose Gabriel Ortega CastroCEOCommented:
Well what I'd do is to update the whole infrastructure:
Install 2 servers 2012 R2.
 I'd take 1 server 2012 r2 for AD
 after instalation I'd move the FSMO  

Domain prep and forest prepare old procedures from 2003, the new is just to move the FSMO roles like this:
https://www.petri.com/transferring_fsmo_roles

After that, I'd remove the 2008 r2 servers (Demotion and decommission), then possibly format them with 2012 r2 and use them as a file server and print server ( or exchange server), or (secondary domain controller).

After you have all the DCs under 2012 R2 you can update the Domain Functional Level to 2012 r2 like this
https://www.petri.com/raising-windows-server-2008-active-directory-domain-and-forest-functional-levels

And after you have all the servers on your infrastructure updated to 2012 r2 you can update the FOREST functional level to 2012 like this:
https://www.petri.com/raise-active-directory-domain-and-forest-functional-levels-using-powershell

Finally, I'd do the installation of the exchange 2016 on the other server 2012R2.

And probably create a DAG (after install 2012 R2 server on the actual 2008 r2 and install exchange server on that server too).
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Aaron GuilmetteTechnology Solutions ProfessionalCommented:
How did you determine that the schema version isn't the same on all DCs?

Typically, we run something like:

Get-ADObject (Get-ADRootDSE).schemaNamingContext -Property objectVersion

Which is checking the objectVersion of the Schema Naming Context object.

Before you get too far ahead of yourself, I'd run a DCDIAG (or alternatively, DCDIAG /V) and REPADMIN /REPLSUMMARY to start looking at the replication health of your environment.
0
Shaun VermaakTechnical SpecialistCommented:
Please run elevated and post out.txt
Repadmin /showrepl * > Out.txt

Open in new window

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.