Migrating Windows Server 2003 Active Directory Domains
Migrating from Windows Server 2003 requires organizations to decommission existing Global Catalogs and domain controllers to conform with Active Directory schema in newer versions of the waiter OS .
Of the many redress efforts IT organizations must undergo when migrating off Windows Server 2003, the decommission of antediluvian Active Directory domain controllers to implement the more robust Active Directory functionality in Windows Server 2012 R2 is a circus tent priority. It ‘s not optional and, in accession to application- and hardware-compatibility issues, is a key reason many organizations have put off sunsetting their Windows Server 2003-based systems, even though Microsoft has made clear for years that it ‘ll no longer support it after July 14, 2015 .
But migrating your Windows Server 2003 Active Directory DCs to Windows Server 2012 R2 — the most recent and, hence, recommended prey platform to replace the decommission servers — does n’t have to be a show-stopper. This bit-by-bit, click-by-click process through a test environment ‘s AD schema will demonstrate how to upgrade your AD schema, raise the forest functional degree to get a Windows Server 2012 R2 Global Catalog ( GC ) DC up and running. It will besides explain how to take the necessity step of decommissioning existing Windows Server 2003 GCs and DCs.
For this article, the test environment consists of a single forest, a one domain AD with a single Windows Server 2003-based DC. consequently, this DC is besides the AD GC and holds all five elastic individual Master Operations ( FSMO ) roles. In addition, the server acts as the internal DNS server for the AD sphere. The AD forest functional flush is Windows Server 2003. Although this functionality list might seem daunting, with a morsel of plan and a methodical access, migrating all of these functions is a straightforward process .
Raise and Verify AD Forest Functional Levels
Pro Tip No. 1 : If your organization ‘s AD forest and/or domain running level is even Windows 2000, it must be raised before going any foster. Installing a Windows Server 2012 R2 DC into an existing world requires the afforest and domain functional level to be Windows Server 2003 or higher .
Verify the running flat of the world by logging into the Windows Server 2003 DC with a knowledge domain admin-level account. Click Start, expand Administrative Tools and then click Active Directory Domains and Trusts. In AD Domains and Trusts, right-click the knowledge domain diagnose and then select Raise Domain Functional Level. If it shows anything less than Windows Server 2003 as the current world functional level, drop down the number box for available functional levels. Select Windows Server 2003, then click the Raise button. Click OK when prompted and then you ‘ve raised the functional horizontal surface. No boot of the waiter should be required, but if multiple DCs exist, allow ample clock time for the changes to replicate throughout the domain. Replication clock required could vary from 15 minutes to four hours or more, depending on your particular net design .
Verifying the running charge of the forest is done in much the lapp manner. Log into the Windows Server 2003 DC with a domain admin-level score. Click Start, extend Administrative Tools and then click Active Directory Domains and Trusts. In AD Domains and Trusts, on the left field side of the riddle, right-click Active Directory Domains and Trusts. notice that this is n’t the world name as used in the former gradation. After right-clicking Active Directory Domains and Trusts, a context-sensitive menu appears. Select Raise Forest Functional Level. Again, if the current forest functional level list box displays anything earlier than Windows Server 2003, choose Windows Server 2003, then click the Raise button. Click OK to confirm understanding that the change is permanent wave and affects the integral AD afforest. Click OK when prompted that raising the forest functional level completed successfully. good as when raising the knowledge domain functional level, no boot of the waiter should be required. As always when making world architecture changes, if multiple DCs exist, allow ample time for the changes to replicate throughout the sphere. Remember, reproduction clock time required could vary from 15 minutes to four hours or more, depending on your particular network blueprint .
step 1 : Prepare a Windows Server 2012 R2 Server
Begin with the basics. Set up Windows Server 2012 R2 on a newly master of ceremonies, either physical or virtual. After initiation, set a static IP and configure the subnet mask, gateway and DNS waiter settings consistent with the net ( see Figure 1 ). Install any available critical and recommended Windows Updates. As a final step, join the new server to the existing AD sphere. A basic Windows Server 2012 R2 member waiter is now improving and running !
[Click on image for larger view.]
Figure 1. Make sure your DNS settings are consistent with your network.
step 2 : Add the AD DS Role on the New Server
To set up your target, logarithm on to the Windows Server 2012 R2 server using an account with world admin permissions. Open Server Manager. By nonpayment, the Dashboard view will display. Under configure this local anesthetic server click Add roles and features. The Add Roles and Features Wizard will open. Click Next. Click the radio push button for Role-based or feature-based facility. Click Next .
Click the radio button for Select a server from the server pool. In the tilt of expose servers, verify the current server is highlighted ( see Figure 2 ). Click Next .
[Click on image for larger view.]
Figure 2. Selecting the destination sever and verifying the appropriate target.
From the list of expose roles, find and click the checkbox for Active Directory Domain Services. This will pop up a dialogue asking to Add features required by Active Directory Domain Services. Click the checkbox to Include management tools ( if applicable ). Click the Add Features button to continue .
From the list of display roles, verify the Active Directory Domain Services checkbox is hush selected. Find and click the checkbox for DNS Server. Click Next .
Notice in the Features list some options are already selected. Some of these represent previously installed features while others were selected when the Add features required by Active Directory Domain Services choice was chosen early. Click Next.
The following pace of the charming displays a bite of background information regarding Active Directory Domain Services. Nothing mind-blowing or mind-boggling is presented here. Click Next. Another informational page explains DNS and its integration with AD. Click Next .
The final foliate of the Add Roles and Features Wizard displays a drumhead of the options selected for shape. Click Install and watch the charming sour its magic trick ! The ace will confirm initiation was successful while reminding you that extra steps are necessity to promote this waiter to DC functionality. Click the yoke to Promote this server to a knowledge domain restrainer ( see Figure 3 ). The active Directory Domain Services Configuration Wizard opens .
[Click on image for larger view.]
Figure 3. After successful installation of the DNS Server is confirmed, choose Promote this server to a domain controller.
footfall 3 : Promote the Windows Server 2012 R2 Server to a DC
On the initial page of the Active Directory Domain Services Configuration Wizard, select the radio button for Add a domain restrainer to an existing world. Because this server is already a member of the world, and is logged in using an report with domain admin-level privileges, the sorcerer will automatically populate the Domain and Credential information. Confirm everything, then click Next to continue .
Pro Tip No. 2 : A warn appears that “ A sphere restrainer running Windows 2008 or by and by could not be located in this domain … ” This warn applies to read-only DC ( RODC ) facility. Because you ‘re not installing an RODC the admonitory can, and should, be ignored .
The adjacent screen door appears with the site appoint selected and both DNS Server and GC options already checked. If for some reason this is n’t the case, select the appropriate locate from the dropdown list and click the checkboxes beside the DNS Server and GC options .
Think up a impregnable Directory Services Restore Mode password. Mix capital and small letter letters, numbers, and special characters. Type it in both the Password and Confirm password boxes. Try and cheat the arrangement with a dim-witted password and an error will appear. Click Next .
On the next screen, ignore the warn “ A delegating for this DNS server can not be created because the authoritative rear zone can not be found … ” Click Next .
Click Next on the Additional Options, Paths and Preparation Options screens. No changes are required .
On the Review Options screen, verify all the earlier selections. concern in the Windows PowerShell commands that will run behind the scenes completing the DC promotion ? Click the View Script release. Notepad opens displaying the necessity cmdlets, complete with custom-make parameters. The entire process is completed using just two cmdlets .
Click Next. A Prerequisite confirmation runs, ultimately displaying warnings about the DNS delegating error encountered earlier and a notice about security set defaults in Windows Server 2012 R2. These issues wo n’t prevent completing promoting the server to a DC. Scroll down the results window and a green checkmark is displayed following to : All prerequisite checks passed successfully. Click “ Install ” to begin initiation. This information is besides displayed at the circus tent of the window and is the all clear to proceed. Note, the server will mechanically reboot after forwarding to a DC. Click the Install button to kick things off.
The actual promotion process takes a few minutes. There ‘s a lot to be done ! The entire AD outline is being upgraded. The saying “ patience is a virtue ” comes to mind. Once the server reboots on its own, log on with a world admin-level report. Congratulations ! A raw Windows Server 2012 R2 DC and DNS server is now astir and running !
step 4 : Transfer the FSMO Roles
Transferring the five flexible individual Master Operation ( FSMO ) roles is n’t arsenic difficult as it might seem. In fact, just decommissioning the existing Windows Server 2003 DC will automatically transfer the FSMO roles. While automatic is attractive, manually transferring the roles is n’t unmanageable and has the add benefit of farinaceous control .
To transfer the Relative ID ( RID ) Master, PDC Emulator and Infrastructure Master Roles, logarithm on to the newly minted Windows Server 2012 R2 DC using an account with world admin-level privileges. On the Start screen begin typing Active Directory Users and Computers. The Search Charm opens. Click Active Directory Users and Computers from the results list. The AD Users and Computers app opens on the desktop. Right-click the world identify in the forget pane, then blue-ribbon Operations Masters from the context-sensitive menu. The Operations Masters window appears, displaying three tabs ; RID, PDC and Infrastructure. Each check displays the current operations master for that function. The current server is besides displayed along with a switch release enabling the transfer of each role .