AD and Exchange 2003 to AD 2008 and Exchange 2010 upgrade
-
Monday, March 05, 2012 11:43 AM
hi all,
i have the following in my current environment :
2 windows server 2003 AD one is primary and one is addestional, with the following roles installed
- DNS.
- DHCP in both DC's with the same scopes in both.
- WINS.
- applications are using AD account as SSO.
2 Exchange 2003 server one is FE and one is BE.
i want to upgrade the 2003 AD to 2008 AD and achieve the following :
- use the same IP's and names of the old.
- migrate DHCP scopes.
- migrate wins.
- Migrate group polices.
- keep the SSO for the applications.
then upgrade exchange 2003 to exchange 2010 sp2.
what is the best way to do that and is there any documents to follow.
Thanks
Tarek Khairy
All Replies
-
Monday, March 05, 2012 11:51 AM
You need to upgrade the schema using in-built adprep(use adprep32 or adprep.exe based on the OS version) utility and then allow it to replicate and then configure new server with temporary IP and configure it as an additional domain controller.GPO will be moved automatically.
Upgrade from Windows 2000/2003 to 2008/2008 R2 Domain Controllers
http://awinish.wordpress.com/2011/03/04/upgrade-from-windows-2003-to-20082008-r2-domain-controllers/
Windows Time Server Role in AD Forest/Domain
http://awinish.wordpress.com/2011/10/07/time-server-role-in-forestdomain/
Later on transfer the FSMO roles, demote the existing DC and change the IP on the DC.
http://technet.microsoft.com/en-us/library/cc739015%28v=ws.10%29.aspx
For WIN, configure the new DC as an replicating partner and later once it is replicated, you can get rid of old WINS server.
For exchange, start with deployment assistant.
http://technet.microsoft.com/en-us/exdeploy2010/default.aspx
Awinish Vishwakarma - MVP-DS
My Blog: awinish.wordpress.com DisclaimerThis posting is provided AS-IS with no warranties/guarantees and confers no rights.- Edited by AwinishMVP Monday, March 05, 2012 11:52 AM
-
Monday, March 05, 2012 11:58 AM
thanks for the reply,
i will change the IP after demoting the old dc what about the name ?
the GPO will be copied to the new DC ?
what about the DHCP will i do export and import ?
Thanks
Tarek Khairy
-
Monday, March 05, 2012 12:31 PM
I wouldn't go for renaming the domain controller, considering the below article.So, its better to do demote/promote then renaming it. If you still want to perform domain controller rename, use netdom utility instead of API approach. When you configure DC in the same domain, it will hold similar AD objects/gpo/dns records etc. Promoting the server to additional domain controller makes it part of the same domain and share the same AD objects.
http://support.microsoft.com/kb/2001271
You can do import/export for the dhcp server.
Awinish Vishwakarma - MVP-DS
My Blog: awinish.wordpress.com Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights. -
Monday, March 05, 2012 12:52 PM
thanks for the reply so your recommendation is to have a new DC name and IP then change the IP to the old IP of the old DC?
Tarek Khairy
-
Monday, March 05, 2012 12:54 PMYes, you are right. I'm not in favor of domain controller rename even though you can do it.
Awinish Vishwakarma - MVP-DS
My Blog: awinish.wordpress.com Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights. -
Monday, March 05, 2012 1:01 PMwhen i have new names is that will affect the SSO for the applications ?
Tarek Khairy
-
Monday, March 05, 2012 1:03 PMIt shouldn't, make sure if any of the DC name is hard-coded replace with new DC name.
Awinish Vishwakarma - MVP-DS
My Blog: awinish.wordpress.com Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights. -
Monday, March 05, 2012 1:36 PMthank you so much, do i need to do any configurations in the new AD to enable the use of Kerberos and NTLM and LDAP for the SSO ?
Tarek Khairy
-
Monday, March 05, 2012 1:38 PMNope, windows 2008 R2 also supports down level authentication protocol too.
Awinish Vishwakarma - MVP-DS
My Blog: awinish.wordpress.com Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights. -
Monday, March 05, 2012 1:51 PM
regarding the schame upgrade using adprep on which server i need to run the commands?
the old dc that holds the FSMO roles?
thanks
Tarek Khairy
-
Monday, March 05, 2012 1:54 PM
I guess you are not reading the links posted by me where it is very well detailed. I request you please go through the article first will help you in understanding it more.
You need to run the below commands on the following DC servers only not on member server or new windows 2008 R2 which is going to be ADC:
Command Domain Controller adprep.exe /forestprep Schema Master adprep.exe /domainprep Infrastructure Master adprep.exe /domainprep /gpprep Infrastructure Master adprep.exe /rodcprep * Domain Naming Master adprep.exe /domainprep /gpprep is not required, if you are upgrading your domain from windows 2003/20032 to windows 2008/2008 R2, its only required during the upgrade of windows 2000 to 2003/R2 or 2008/R2.
Upgrade from Windows 2000/2003 to 2008/2008 R2 Domain Controllers
http://awinish.wordpress.com/2011/03/04/upgrade-from-windows-2003-to-20082008-r2-domain-controllers/
Awinish Vishwakarma - MVP-DS
My Blog: awinish.wordpress.com Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights. -
Monday, March 05, 2012 2:06 PM
thank you so much it was very nice from you to help me.
if it's okay can i have your email if i need help in the future?
Tarek Khairy
-
Monday, March 05, 2012 2:12 PM
My email is in my blog and also, its better to post your queries and issues here, so others can learn too and help them to resolve the issue if they arrive here searching for similar issues.
Awinish Vishwakarma - MVP-DS
My Blog: awinish.wordpress.com Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.- Marked As Answer by tkhiry Monday, March 05, 2012 2:15 PM
-
Monday, March 05, 2012 2:15 PM
you are totaly right thank you so much.
Tarek Khairy
-
Monday, March 05, 2012 2:21 PM
You are welcome..:-)
Awinish Vishwakarma - MVP-DS
My Blog: awinish.wordpress.com Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.
.png)
