Active Directory: Active Directory Upgrade - High Level Steps

Active Directory: Active Directory Upgrade - High Level Steps

Here are the high level steps which you can use to upgrade the Active Directory

AD_Upgrade_WiKi

Steps :


1.  Upgrade the schema using correct version of OS – Adprep

     Reference - http://technet.microsoft.com/en-us/library/dd464018(WS.10).aspx

Note - Windows Server 2008 R2 includes a 32-bit version and a 64-bit version of Adprep.exe. The 64-bit version runs by default. If you want  to run one of the Adprep.exe commands on a 32-bit computer, use the 32-bit version of Adprep.exe. It is called Adprep32.exe. In Windows 2008 R2, it is located in the \Support\Adprep folder.

You can ignore the following message. However, if you are planning to install RODC later, you need perform ADPREP/RODCPREP first. First Windows 2008 DC cannot be a Read Only Domain Controller (RODC). 

ADPREP

2.  Verify the schema version

Note - You can verify the schema version using dsquery * cn=schema,cn=configuration,dc=sivarajan,dc=com -scope base -attr objectVersion command. The following table lists the Active Directory Schema and the corresponding Object Version:

Active Directory Object Version
Windows 2000 13
Windows 2003 30
Windows 2003 R2 31
Windows 2008 44
Windows 2008 R2 47
Windows 8 Beta 52
Windows 2012 56
Windows 2012 R2 69

***ObjectVersion 39 - Please refer http://blogs.technet.com/b/askds/archive/2011/07/15/friday-mail-sack-peevish-nediquette-edition.aspx 

3.  Install a new server with correct version of OS and join this server to the existing domain.

4.  Perform DCPRMO on this server and select Additional Domain Controller for an existing Domain option.
     Beginning with Windows Server 2012, you can install AD DS using Windows PowerShell the Install-ADDSDomainController command.

     Reference - http://technet.microsoft.com/en-us/library/cc753720(WS.10).aspx 

     Reference PowerShell - http://technet.microsoft.com/en-us/library/hh472162#BKMK_PS

     Note - If you are using Active Directory Integrated (ADI) DNS, it will get replicated as part of the Active Directory replication.  

5.  If you are planning to decommission the old servers, you need transfer FSMO roles, DHCP etc to the new server.

Note - You can identify the FSMO role DC information using Netdom /Query FSMO command.

   Reference FSMO http://support.microsoft.com/kb/324801

   DHCP - http://support.microsoft.com/kb/962355/en-us

6.  You can remove (demote) a domain controller using DCPROMO command and again, since WS2012 also possible with PowerShell.

    Reference - http://technet.microsoft.com/en-us/library/cc740017(WS.10).aspx

    Reference PowerShell - http://technet.microsoft.com/en-us/library/hh472163#BKMK_RemovePS 


Other Languages

This article is available in other languages:

Comments
  • Balaji M Kundalam edited Revision 45. Comment: Removed a beta entry.

  • Straight to the point :) well done..

  • Very good info - to-the-point. I like the brevity, with still enough detail in the high-level overview - well done.

  • Schema Isolation does not recomended from Microsoft for this but I have done Windows 2003 to Windows 2008/2008 R2 with Schema Isolation . Those are on productions & all is well now.

  • Good and simple Artical

  • Good and simple Article

  • Thanks for the Feedback!

  • Awesome Santhosh

  • Thanks Biswajit :)

  • Patris_70,  That is not true.  Read the article carefully.  blogs.technet.com/.../friday-mail-sack-i-live-again-edition.aspx

    “Isolating the Schema Master for ADPREP /FORESTPREP is not tested by the Product Group and not recommended”

    I am removing that comment from this Wiki Article.  

Page 1 of 2 (20 items) 12