<div>
In addition to Arnold's answer:<br />
<br />
Why do you still run a SQL Server 2000? What component or service relies on it? Cause depending on this, migrating to a newer SQL Server means that you must migrate the depended components and applications also.
</div>


<div>
Arnold - thanks for your feedback - I am thinking it through and will post a reply soon.<br />
<br />
Ste5an - thanks also for your feedback - its a legacy app, in this case SunSystem accounts, a former colleague advised SQL2000 could be problematic in this scenario post upgrade, but also I am looking into which MS Protocols SS4.x uses, this version seems not to be dependent on AD. RPC and DFS in particular.<br />
<br />
Mahesh - yes I believe it is possible to add WS2016 DC to 2003 forest, I think going via 2008 and test on a VM is the way to go as you, and others, have suggested. The goal is to eliminate the 2003 servers asap, so I will need to VM test various options to see when they can be decommissioned, affected are the accounts system and a related asp.net app; the issue will be both use older versions of asp.net/RPC etc. and the accounts system I believe uses AD to authenticate logins as it has been designated a DC, the asp.net application I suspect uses a similar method but I am taking a more detailed look now to be certain. Thank you.
</div>


<div>
Taking into account all feedback, which is received with thanks, there seems to be a way forward...<br />
<br />
1. Backup AD/system state on DC servers.<br />
2. Install new DC in HyperV/WS2008R2 running on WS2016 base, and migrate existing AD here maintaining 2003 FFL/DFL and test.<br />
3. Remove DC role from legacy 2003 servers and retest apps in detail, if successful decommission WS2003(1) server.<br />
4. Install new DC in HyperV/WS2012SP2 running on WS2016 base and migrate existing &nbsp;maintaining 2003 FFL/DFL for interim, and test.<br />
5. Migrate apps from legacy 2003 (now member) servers to WS2008R2 one at a time, and retest at each step to isolate any issues. If this fails consider VLAN / SDI isolation with routing tables to allow cross workgroup access.<br />
6. Attempt migration of SQL2000 to SQL 2008 on WS2008SP2 (running in 2000 &nbsp;compatibility mode) if successful decommission WS2003(2) server. If this fails consider VLAN / SDI isolation with routing tables to allow cross workgroup access.<br />
7. WS2003 now eliminated, attempt reconfiguration of webconfig file for ASP.net 2.0 application to allow running on ASP4.x and migrate to new WS2012SP2 server.<br />
8. Raise FFL/DFL to 2008 and test.<br />
9. Migrate remaining WS2008 to WS2012.<br />
<br />
Once new versions of SunSystem and legacy WebApp available in a few months..<br />
<br />
9. Install AD services on WS2016 C Drive (not VM) of dedicated server, and promote to DC and test.<br />
10. If successful, demote WS2012SP2 interim DC.<br />
11. Raise FFL/DFL to 2012 and test.<br />
12. Raise FFL/DFL to 2016 and test .<br />
13. Migrate remaining WS2012SP2 servers to WS2016.<br />
{Finish}<br />
<br />
If I have parts of this in the wrong order, or just plain wrong, please do let me know...hoping this will be useful to others dealing with legacy apps.
</div>


<div>
Everything seems fine except below<br />
There is no much difference between 2012 and 2016 OS and AD, step 4 is not required I believe and steps dependent on step 4 would not be required<br />
<br />
Try to migrate apps to 2012 platform at least, if not possible then only go with 2008 R2<br />
<br />
Else you will keep testing so long............
</div>


<div>
Hello Mahesh<br />
<br />
Thanks for feedback. I think there is an A/B scenario here and i wrote it up slightly wrong..<br />
<br />
Step 4 (DC WS2008R2&gt;WS2012SP2) was included as it was suggested earlier that WS2016 would not migrate AD from WS2003, so;<br />
<br />
a) Either migrate from WS2003 to WS2008R2 then to WS2016, stepping up FFL/DFL from 2003 to 2016 after tests successful, many experts suggest this is the preferred method, or;<br />
<br />
b) Migrate from WS2003 to WS2008R2 then to WS2012SP2 stepping up FFL/DFL from 2003 to 2016 after tests successful. &nbsp;This would only be a contingency if testing the legacy apps or other problems arose which required a WS2012 environment in the interim , for reasons other than AD compatibility, i.e. .net/RPC/DFS, and assuming tests proved 2012 suitable given the above posts.<br />
<br />
I do agree the testing time is a problem, so the idea is to test in VM and step up a server version at a time testing each legacy app key functions until we reach a stable platform, but nonetheless I do agree it is unlikely that 2012 will be required, as for example the .net framework 4.x can be installed to 2008 or 2016, but I was hoping to eliminate both 2003 and 2008 in the process.
</div>


<div>
Agree, will leave the 2008/2012R2 DC as a contingency depending how 2008 migration goes, as there are still some unknowns with the legacy apps, SunSystems is fairly well documented, but the ASP.net 2.0 app not.<br />
<br />
Just to clarify raise FFL &amp;&nbsp;DFL to 2008 R2 will not affect any 2003 member servers I can't rid of ?<br />
<br />
Thanks .
</div>


<div>
2003 member servers will work anyway with 2008 R2 functional levels
</div>


<div>
Arnold provides the framework for final queries and main answers..Mahesh and Arne further detail...with thanks
</div>


<div>
<div class="content wysiwyg-content">
I had these specific related questions after viewing <a href="https://www.experts-exchange.com/questions/29119540/Upgrading-from-WS2003-to-WS2016-AD-issues.html" rel="ugc">Upgrading from WS2003 to WS2016 (AD issues)</a>.<br />
<br />
It seems there is a consensus that migrating (no in place upgrades) to new a DC/DNS server running WS2016 keeping DFL/FFL at 2003 for the time being, then the legacy fileservers folders can be migrated to new WS2016 servers subsequently, and finally raising DFL/FFL 2008 then 2016 when all legacy systems deprecated.<br />
<br />
A. There is a WS2008R2 with ASP.net framework 3.x running a legacy asp.net 2.0 app and MySQL 5.x. Push to ASP4.0 framework and it falls over.<br />
<br />
The original strategy was to leave it in place whilst a new version is developped. &nbsp; There are some references to potential problems with the application and RPC in the proposed new environment. &nbsp;Has anyone come across this or offer any insights in this scenario ?<br />
<br />
B. &nbsp;There is a SQL Server 2000 running on WS2003 with a DC role, under VMWare. &nbsp;The same server runs Sun Accounts v4.x. &nbsp;I know there are potential issues running SQL Server 2000 in the new environment, and am concerned the Sun Accounts system whilst am told it does not directly use AD, may have RPC problems similar to 1. above.<br />
<br />
Any feedback or insights greatly appreciated.
</div>
</div>


I had these specific related questions after viewing Upgrading from WS2003 to WS2016 (AD issues) (https://www.experts-exchange.com/questions/29119540/Upgrading-from-WS2003-to-WS2016-AD-issues.html).

It seems there is a consensus that migrating (no in place upgrades) to new a DC/DNS server running WS2016 keeping DFL/FFL at 2003 for the time being, then the legacy fileservers folders can be migrated to new WS2016 servers subsequently, and finally raising DFL/FFL 2008 then 2016 when all legacy systems deprecated.

A. There is a WS2008R2 with ASP.net framework 3.x running a legacy asp.net 2.0 app and MySQL 5.x. Push to ASP4.0 framework and it falls over.

The original strategy was to leave it in place whilst a new version is developped.   There are some references to potential problems with the application and RPC in the proposed new environment.  Has anyone come across this or offer any insights in this scenario ?

B.  There is a SQL Server 2000 running on WS2003 with a DC role, under VMWare.  The same server runs Sun Accounts v4.x.  I know there are potential issues running SQL Server 2000 in the new environment, and am concerned the Sun Accounts system whilst am told it does not directly use AD, may have RPC problems similar to 1. above.

Any feedback or insights greatly appreciated.

Potential problems with legacy ASP.net and SQL2000 applications after migrating AD from WS2003 to WS2016

The successor to Active Server Pages, ASP.NET websites utilize the .NET framework to produce dynamic, data and content-driven web applications and services. ASP.NET code can be written using any .NET supported language. As of 2009, ASP.NET can also apply the Model-View-Controller (MVC) pattern to web applications

ASP.NET

Windows 10 is a personal computer operating system featuring the "universal application architecture" (UAP); apps can be designed to run across multiple devices with nearly identical code, including PCs, tablets, smartphones, embedded systems, Xbox One, Surface Hub and HoloLens. Windows 10 also includes a virtual desktop system, a window and desktop management feature called Task View, the Microsoft Edge web browser, support for fingerprint and face recognition login, voice-based search (Cortana), new security features for enterprise environments, and DirectX 12 and WDDM 2.0 to improve the operating system's graphics capabilities for games.

Windows 10

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Hardware Firewalls

Windows Server 2016 is the successor to Windows Server 2012 R2. Built upon the same core code as Windows 10, Windows Server 2016 brings enhancements in security, servicing, and connectivity. A particular focus on this release was hybrid-cloud scenarios, and has close ties to Azure and other Microsoft cloud initiatives. This does not detract from the many improvements that are available for on-premises-only deployments

Windows Server 2016 comes in Datacenter, Standard, and Essentials editions, and for servicing, has adopted windows 10's cumulative model. The new nano-server install is designed to be remotely managed and is designed to be kept current through continuous feature updates. The full GUI install operates similarly to windows 10's "Long Term Servicing Branch" (LTSB) model with cumulative security updates.

Windows Server 2016 has also shifted from a per-processor-and-CAL licensing model to a per-core-and CAL licensing model. This brings Windows Server's licensing more in line with Microsoft's other products and makes hybrid-cloud license planning easier as well.

Windows Server 2016

Microsoft SQL Server is a suite of relational database management system (RDBMS) products providing multi-user database access functionality.SQL Server is available in multiple versions, typically identified by release year, and versions are subdivided into editions to distinguish between product functionality. Component services include integration (SSIS), reporting (SSRS), analysis (SSAS), data quality, master data, T-SQL and performance tuning.

Microsoft SQL Server

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).

Windows Server 2003

Microsoft Azure is a cloud computing platform and infrastructure for building, deploying and managing applications and services through datacenters. It provides both platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS) services and supports many different programming languages, tools and frameworks, including both Microsoft-specific and third-party software and systems. Cloud Services is a PaaS environment and can be used to create scalable applications and services; there are specific software development kits (SDKs) provided by Microsoft for Python, Java, Node.js and .NET. Azure also has file and storage services, data management, analytics and DNS services.

Azure

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.