Hi Experts

I'm planning to migrated Windows Server 2003 to Windows Server 2013. I'm familiar with all the steps that we need to take care but need your best suggestion to complete this migration.

We have 4 AD sites (Total 8 DCs 2003). I'm planning to decommission one 2003 server which is configured as secondary DNS for clients. Then Will introduce new Server 2012 with same host name and then installing DC role.

Once this part is done, time to decommission primary dns (DC) and installing new Server 2012 R2 with same name of 2003 DC. (Obviously need to remove entries from AD and DNS).

Once all 3 sites are done, then will work on to move FSMO installing one 2012 server as secondary and then will remove primary DC (2003) and again will install last 2012.

I'm taking these steps to avoid DC rename activities because If I introduce new SERVER 2012 DCs in network I have to change their name and IP which is nightmare.

Do you think my planning is ok or I need to follow something diffrent approach?

Looks good, I just did this not too long ago.  Make sure all entries in AD and DNS are removed before promoting new one.  Things to look for that you MAY run into:

Depend on service regitry key to allow 2003 servers to connect to 2012 servers

https://social.technet.microsoft.com/Forums/windowsserver/en-US/bca317cd-87aa-4fd7-b12a-6715e6dddfe5/cant-access-unc-share-on-windows-server-2012-r2?forum=winserver8gen

DNS if you use WPAD:  2008 and up has a DNS block list

https://technet.microsoft.com/en-us/library/Cc995158.aspx?f=255&MSPPError=-2147217396

Not sure what you want, but you could use a different host name for the 2012 DC DNS and just re-IP to the previous IP.  Obviously re-IP the original first and make sure it updates in all areas of DNS.  Once this is done, recheck the Name Server tabs on all your zones to make sure they updated there as well.

• Edited by vaadadmin2010 18 hours 2 minutes ago

Looks good, I just did this not too long ago.  Make sure all entries in AD and DNS are removed before promoting new one.  Things to look for that you MAY run into:

Depend on service regitry key to allow 2003 servers to connect to 2012 servers

https://social.technet.microsoft.com/Forums/windowsserver/en-US/bca317cd-87aa-4fd7-b12a-6715e6dddfe5/cant-access-unc-share-on-windows-server-2012-r2?forum=winserver8gen

DNS if you use WPAD:  2008 and up has a DNS block list

https://technet.microsoft.com/en-us/library/Cc995158.aspx?f=255&MSPPError=-2147217396

Not sure what you want, but you could use a different host name for the 2012 DC DNS and just re-IP to the previous IP.  Obviously re-IP the original first and make sure it updates in all areas of DNS.  Once this is done, recheck the Name Server tabs on all your zones to make sure they updated there as well.

• Edited by vaadadmin2010 Friday, July 24, 2015 12:58 PM

Your approach is sound, some notes to write down.

Windows 2012 runs ADPREP /forestprep /domainprep automatically (during DCPROMO) it does not run the APREP /RODCPREP /GPPREP.

Make sure all required AD ports are open.

Make sure devices like Netapps and EMC (they use CIFS) have been updated to communicate with Windows 2012 SMB.

Perform a cleanup of your active directory environment (stale users and computers, Stale DNS records, unlinked GPO's, etc).

Use the BPA analyzer on the 2012 DC, it will give you hints as to items that you may need to address.

Make sure that when you transfer the roles from 2003 to 2012 you do not forget about the NTP server (often is the role holder).

Update your domain controller policy (what applied to 2003 DCs may not apply to 2012).

If you are just updating the DC's you should be fine with the above information, if you are planning to next update the AD forest/ domain to 2008R2 then the above information is still good but you may need to do a little auditing to make sure you run into no hiccups.

• Proposed as answer by Jedi_Administrator 8 hours 48 minutes ago

Your approach is sound, some notes to write down.

Windows 2012 runs ADPREP /forestprep /domainprep automatically (during DCPROMO) it does not run the APREP /RODCPREP /GPPREP.

Make sure all required AD ports are open.

Make sure devices like Netapps and EMC (they use CIFS) have been updated to communicate with Windows 2012 SMB.

Perform a cleanup of your active directory environment (stale users and computers, Stale DNS records, unlinked GPO's, etc).

Use the BPA analyzer on the 2012 DC, it will give you hints as to items that you may need to address.

Make sure that when you transfer the roles from 2003 to 2012 you do not forget about the NTP server (often is the role holder).

Update your domain controller policy (what applied to 2003 DCs may not apply to 2012).

If you are just updating the DC's you should be fine with the above information, if you are planning to next update the AD forest/ domain to 2008R2 then the above information is still good but you may need to do a little auditing to make sure you run into no hiccups.

• Proposed as answer by Jedi_Administrator Friday, July 24, 2015 10:13 PM

In addition, I will recommend to shutdown the DCs during business hours before demoting it and check the impact in the environment if no issue is reported you should be looking good to demote it and promote Windows Server 2012 DC with same name and IP address.

Also ensure that that Exchange Server 2003 is not configured on DC or member server. To introduce Windows Server 2012 DC in existing domain you need to first migrate Exchange 2003 to Exchange 2007 or Exchange 2010 on member server.If you planning for MS exchange 2013 deployment then upgrade path will be Exchange 2003 to Exchange 2007/2010 and then to Exchange 2013.

If the DC has other roles like DHCP, file server, CA, etc. then you need to migrate the same first then proceed with decommissioning the old server.

Adding first Windows Server 2012 Domain Controller within Windows 2003/2008/2008R2 network
http://kpytko.pl/active-directory-domain-services/adding-first-windows-server-2012-domain-controller-within-windows-200320082008r2-network/

Ensure correct dns setting as below.
http://adgurus.in/2015/07/16/dns-configuration-best-practice-on-domain-controllers-clients-and-member-servers/

Don't forget to configure authorative time server role on PDC role holder server once FSMO is moved to new DC.http://adgurus.in/2015/07/23/how-to-configure-authorative-time-server-in-domain/