Upgrading windows server 2003 domain controller to windows server 2008
- Hello friedns :
We have a company with about 2000 users , and two windows server 2003 domain controllers , one of them acts as a primary domain controller , and the other acts as secondary domain controller , all the FSMO s are on the primary DC ,we have decided to upgrade all of our servers from windows server 2003 to windows server 2008 , the first step is to upgrade the domain controllers to windows server 2008 , our domain controllers are so sensitive and has to be active 24 hours a day , i have stress upgrading it to windows server 2008 , what is the best solution to upgrade it with no risk ?
( i have an opinion but i am not sure and i dont have any guide about it , i want to install a windows server 2008 and promote it as an additional domain controller to the windows server 2003 DC and the transfer all the FSMOs to it , and then promote the first domain controller !!! is that possible ? if yes , is there any guide about it? )
If there is a guide available for it please let me know . (Specially if there is a tip & trick)
thank you guys.
Network is my LOVE
All Replies
- Your approach looks goof. How ever plz consider suggestions from Sander http://social.technet.microsoft.com/Forums/en-US/winserverMigration/thread/dab33e51-25f4-476c-b173-7e65ee253373/
Raj Hi,
This TechNet online article might be helpful for you.
How to Upgrade Domain Controllers to Windows Server 2008 or Windows Server 2008 R2
http://technet.microsoft.com/en-us/library/ee522994(WS.10).aspx
For your convenience, I have list some general steps for your reference.Since the following operation have potential damage to Active Directory database, it is highly suggested that you'd better perform a full backup of Active Directory (System State) firstly. Also it is better to test the following procedure in a similar lab environment first.
General Steps:
=============
1. Verify the new server's TCP/IP configuration has been pointed to the current DNS server.
2. Make the new server become a member server of the current Windows Server 2003 domain first.
3. Upgrade the Windows Server 2003 forest schema to Windows Server 2008 schema with the "adprep /forestprep" command on old server.
Please run the "adprep.exe /forestprep" command from the Windows Server 2008 installation disk on the schema master. To do this, insert the Windows Server 2008 installation disk, and then type the following command:
Drive:\sources\ADPREP\adprep.exe /forestprep
4. Upgrade the Windows 2003 domain schema with the "adprep /domainprep" command on old server.
Please run the "adprep.exe /domainprep" command from the Windows Server 2008 installation disk on the infrastructure master. To do this, insert the Windows Server 2008 installation disk, and then type the following command:
Drive:\sources\ADPREP \adprep.exe /domainprep
5. Insert Windows Server 2008 Installation Disc in the new server.
6. Run "dcpromo" on new server to promote it as an additional domain controller in existing Windows 2003 domain, afterwards you may verify the installation of Active Directory.
Please refer to:
How to Verify an Active Directory Installation in Windows Server 2003
http://support.microsoft.com/kb/816106
7. Verify the new server's TCP/IP configuration has been pointed to current DNS server.
8. Enable Global Catalog on new server and manually Check Replication Topology and afterwards manually trigger replication (Replicate Now) to synchronize Active Directory database between 2 replicas.
Please note: It will some time to replicate GC between DC, please wait some time with patience.
9. Disable Global Catalog on the old DC.
10. Transfer all the FSMO roles from the old DC to the new DC.
Please refer to:
How to view and transfer FSMO roles in Windows Server 2003
http://support.microsoft.com/kb/324801
11. Verify that the old DNS Server Zone type is Active Directory-Integrated. If not, please refer to:
How To: Convert DNS Primary Server to Active Directory Integrated
http://support.microsoft.com/kb/816101
Note: Active Directory Integrated-Zone is available only if DNS server is a domain controller.
12. Install DNS component on new server and configure it as a new DNS Server (Active Directory Integrated-Zone is preferred). All the DNS configuration should be replicated to the new DNS server with Active Directory Replication.
13. Make all the clients change TCP/IP configuration to point to new server as DNS.
14. You may configure TCP/IP on all the clients, or adjust DHCP scope settings to make them use the new DNS server.
Please note: It is a good practice to make the old DC offline for several days and check whether everything works normally with the new server online. If so, you may let the old DC online and run DCPROMO to demote it.
Hope it helps.
Regards,
Wilson Jia
This posting is provided "AS IS" with no warranties, and confers no rights.- Hi,
I totally Agree wth Wilson steps. In simple
1. Prepare Active directory for introduction windows 2008 DC
2. Introduce the new 2008 servers and promote as dc
3. Wait fo the repliclation
4. Transfer FSMO roles in you have any the new server from the old server
5. Make clients to point to new DC for the DNS request (This can be done with DHCP)
6. You can inplace upgrade of windows 2003 to windows 2008 or you can demote windows 2003 and perform fresh installation of window 2008 and re promote as DC. You can transfer some of the FSMO roles depending on your requirement
Regards,
Krishna
http://smtpport25.wordpress.com Hello,
see this as a starting point, when not doing an inplace upgrade which i do not recommend:
!!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOUR DATA/MACHINE!!!- Do you use any kind of Exchange in the 2003 domain? If yes, which one?
- On the old server open DNS management console and check that you are running Active directory integrated zone (easier for replication, if you have more then one DNS server)
- run replmon from the run line or repadmin /showrepl(only if more then one DC exist), dcdiag and netdiag from the command prompt on the old machine to check for errors, if you have some post the complete output from the command here or solve them first. For this tools you have to install the support\tools\suptools.msi from the 2003 installation disk.
- run adprep /forestprep and adprep /domainprep and adprep /rodcprep from the 2008 installation disk against the 2003 schema master(forestprep) / infrastructure master(domainprep/rodcprep), with an account that is member of the Schema/Enterprise/Domain admins, to upgrade the schema to the new version (44) or 2008 R2 (47)
- you can check the schema version with "schupgr" or "dsquery * cn=schema,cn=configuration,dc=domainname,dc=local -scope base -attr objectVersion" without the quotes in a command prompt
- Install the new machine as a member server in your existing domain
- configure a fixed ip and set the preferred DNS server to the old DNS server only, think about disabling IPv6 if you are not using it, some known problems exist with it. Follow (http://blogs.dirteam.com/blogs/paulbergson/archive/2009/03/19/disabling-ipv6-on-windows-2008.aspx) to disable it
- run dcpromo and follow the wizard to add the 2008 server to an existing domain, make it also Global catalog and DNS server.
- for DNS give the server time for replication, at least 15 minutes. Because you use Active directory integrated zones it will automatically replicate the zones to the new server. Open DNS management console to check that they appear
- if the new machine is domain controller and DNS server run again replmon, dcdiag and netdiag (copy the netdiag from the 2003 to 2008, will work) on both domain controllers
- Transfer, NOT seize the 5 FSMO roles to the new Domain controller (http://support.microsoft.com/kb/324801 applies also for 2008), FSMO should always be on the newest OS DC
- you can see in the event viewer (Directory service) that the roles are transferred, also give it some time
- reconfigure the DNS configuration on your NIC of the 2008 server, preferred DNS itself, secondary the old one
- if you use DHCP do not forget to reconfigure the scope settings to point to the new installed DNS server
- if needed export and import of DHCP database for 2008 choose "netshell dhcp backup" and "netshell dhcp restore" command (http://technet.microsoft.com/en-us/library/cc772372.aspx)
Demoting the old DC
- reconfigure your clients/servers that they not longer point to the old DC/DNS server on the NIC
- to be sure that everything runs fine, disconnect the old DC from the network and check with clients and servers the connectivity, logon and also with one client a restart to see that everything is ok
- then run dcpromo to demote the old DC, if it works fine the machine will move from the DC's OU to the computers container, where you can delete it by hand. Can be that you got an error during demoting at the beginning, then uncheck the Global catalog on that DC and try again
- check the DNS management console, that all entries from the machine are disappeared or delete them by hand if the machine is off the network for ever
- also you have to start AD sites and services and delete the old servername under the site, this will not be done during demotion
Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
