I have a small office with a single domain and 2 domain controllers running Windows Server 2003. 1. DC1 = domain controller with FSMO role, file server, DNS (Windows Server 2003 Std) 2. AV1 = domain controller, DHCP, DNS, Sophos anti-virus server (Windows Server 2003 Std) I have a new file server named FS1 running Windows Server 2008 R2. Would like this new file server to replace DC1 which I plan to retire. Since DC1 is one of only 2 domain controllers I have, FS1 will need to be a domain controller so that I have at least one backup domain controller (can't just be a member server). I read these TechNet articles that are complicated to the extreme, especially for a simple setup/small office like ours. Am completely frustrated with this type of documentation, assuming that all Windows Server admins have dedicated server engineers and AD experts and have a "lab environment" to test on before upgrading. Microsoft needs to provide MUCH simpler, step-by-step instructions, or better yet, much simpler processes for seemingly such a simple task for SMALLER OFFICES. http://technet.microsoft.com/en-us/library/cc731188%28WS.10%29.aspx http://technet.microsoft.com/en-us/library/cc754670%28WS.10%29.aspx http://technet.microsoft.com/en-us/library/cc753437(WS.10).aspx I will eventually replace my AV1 server but not until next year. Given this, can I make my new 2008 R2 FS1 server a domain controller and have my existing 2003 AV1 server be the second domain controller with the Active Directory domain upgraded to 2008? This would be a "mixed-mode" environment, right? Would highly appreciate some simple, step-by-step instructions. Do I just run Adprep.exe /forestPrep and Adprep.exe /domainPrep on DC1. Then install the Active Directory Domain Services (AD DS) role on my FS1 running 2008 R2? How can I move the FSMO role to either my FS1 or AV1 server, whichever would be better? Anything else I need to do? Thanks in advance for any feedback. Cheers, Derek

Hello, see my blog about: http://msmvps.com/blogs/mweber/archive/2010/02/10/upgrading-an-active-directory-domain-from-windows-server-2003-to-windows-server-2008-or-windows-server-2008-r2.aspxBest regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Hi Meinolf, thanks for your reply. Your article is helpful but am afraid also a bit too advanced for me. Can I run my new Windows 2008 R2 server as a domain controller without updating the Active Directory schema (keeping it 2003) and keep my existing Windows 2003 server as secondary domain controller? I will always want to have at least 2 domain controllers (1 as backup) but can't afford to purchase another Windows 2008 R2 server just yet. I do want to retire my existing primary domain controller (DC1 running Windows 2003 server), however. Also, it's not clear to me... if I run adprep /forestprep and adprep /domainprep, that will upgrade my AD schema and there is no going back to 2003, correct? If so, won't I need to have at least 2 Windows 2008 R2 servers in order to maintain at least 2 domain controllers? Thanks in advance for any insight.

Hello, "Can I run my new Windows 2008 R2 server as a domain controller without updating the Active Directory schema (keeping it 2003) and keep my existing Windows 2003 server as secondary domain controller?" No and yes. A schema update is a MUST if higher OS versisn DCs should be installed. But there is no problem mixing the OS verisons and different architectures in a domain. "I will always want to have at least 2 domain controllers (1 as backup) but can't afford to purchase another Windows 2008 R2 server just yet." Good decision, at least 2 DC/DNS/GC per domain should exist and all domain members should be configured to use both DNS on the NIC. "Also, it's not clear to me... if I run adprep /forestprep and adprep /domainprep, that will upgrade my AD schema and there is no going back to 2003, correct?" Correct, a schema upgrade can't be removed, except with a forest recovery procedure before you do the upgrade. But don't care about the schema, it will add additional objects, there is no change in functionality within the Windows server 2003 DCs when doing it. "so, won't I need to have at least 2 Windows 2008 R2 servers in order to maintain at least 2 domain controllers" As said above you can mix them without any problem.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Hi Meinolf, Many thanks for your helpful reply. I don't have any spare servers laying around to test these updates (realistically, not many SMEs do, let alone the resources to test updates in a "lab environment" before applying to production servers) so I think I may proceed after converting at least one of my domain controllers to a virtual machine using VMware vCenter Converter Standalone and then backing up the virtual machine onto an external hard disk. I think the System Restore feature in XP/7 would have been a nice feature to have built into Windows Server. Oh well. Thanks again, Derek

Hello, "...think I may proceed after converting at least one of my domain controllers to a virtual machine using..." You can convert any kind of server BUT don't convert a DC to VM, always demote it before. This is also recommendation from VMWare. "I think the System Restore feature in XP/7 would have been a nice feature to have built into Windows Server." Restore process of DCs is always different as the technology in AD uses Update Sequence Numbers(USN) and if you have a not AD aware backup of a DC you run into USN rollback problem.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Hi Meinolf, Thanks again for your valuable guidance. In that case, I'll scrap the idea of creating a virtual machine of my domain controller(s) and will do a System State (Active Directory) backup instead. Any other recommendations for being able to recover in case the update goes bad? Would you recommend also cloning the startup disk using DriveImage XML or Active@ Disk Image (or similar)? Thanks, Derek

Hello, personal since 8 years now i did schema updates from Windows 2000 server up to Windows server 2008 R2 and never had any problems. Either it runs or not, so success or no need to undo something as it wan't modify parts of the schema. If it doesn't run complete, you will see in the adprep logfile a description what is gone bad. Clones, copies of VMs or images from a domain controller are also a not supported way of backup. Either the system state backup is or with other backup software vendors solutions made especially for AD. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Hi Meinolf, OK, great, thanks... That's reassuring and also great information... I got what you mean! I will give it a go. Thanks again, Derek

Hello, see the answer in your other "hijacked" :-) thread. Please do not jump on threads that are marked as answered with the green check. Create your own one, not anybody will react on closed ones. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.