Upgrading of 2003 domain to 2008 domain, checklist, question, before diving in...
I'm about to upgrade our 2003 domain to 2008..A few basic questions ..We have two DC's, both are virtual server 2005 r2 vm's.. running 2003 enterprise... (both are DNS servers, one is a DHCP, both are GCs, one holds all the roles i believe)...(i initially tried to run the setup from the install disc, but for some reason it merely replaced the 2003 image with a fresh 2008, rather than upgrading, thankfully i had a backup of the image)...It is my understanding that the route i should probably take, given that the upgrade path doesnt work (perhaps i tried changing from standard to enterprise etc)... is the following?:1. Install a fresh 2008 server...2. Run adprep from the 2008 server CD on the existing 2003 DC...3. Install DHCP and DNS on the new 2008 server(s).. turn off the old services on the 2003 DCs (DHCP/DNS)..4. Do a Dcpromo to demote the DC's, one by one...5. Do a dcpromo on the new 2008 server?I think the order here is wrong..I'm also double checking though this should be obvious.. but..Our other 2003 servers, like Exchange 2007, will be fine on the 2008 domain, even though they are 2003.. i just cant do native 2008 as of now correct? (i may upgrade the exchange server via inplace if possible later on)..The two virtual DCs wont have any compatibility issues per say, as they are virtual, so that should be a clean shot..Thanks in advance.
December 31st, 2008 3:50am

http://technet.microsoft.com/en-us/library/cc755199.aspxCheck that over for supported upgrades. Our 2k3 domain controllers upgraded perfectly from the dvd.
Free Windows Admin Tool Kit Click here and download it now
December 31st, 2008 4:00am

markm75g said: It is my understanding that the route i should probably take, given that the upgrade path doesnt work (perhaps i tried changing from standard to enterprise etc)... is the following?:1. Install a fresh 2008 server...2. Run adprep from the 2008 server CD on the existing 2003 DC...3. Install DHCP and DNS on the new 2008 server(s).. turn off the old services on the 2003 DCs (DHCP/DNS)..4. Do a Dcpromo to demote the DC's, one by one...5. Do a dcpromo on the new 2008 server?I think the order here is wrong..I'm also double checking though this should be obvious.. but.. There are four ways to get from Windows Server 2003 to Windows Server 2008 Domain Controllers: In-place upgrade Transition Restructure Begin anew from scratchSince you're running Microsoft Exchange Server I would not use the fourth method of demoting your current Windows Server 2003 Domain Controllers before promoting new Windows Server 2008 Domain Controllers. This method will inevitably result in a loss of functionality, domain membership of your servers and workstations and user accounts.I would also not use thethird method since it will result in a lot more work than the first two methods. (it requires you to change domain membership of your user accounts, servers, workstations, etc) Since a clean install of Windows Server 2008 will contain less garbage than an upgraded Windows Server 2003 server and you're not tied to any physical servers I recommend usingmethod 2.How to transition: Installtwo new (virtual) Windows Server 2008 servers. Provide a static IP address to the Windows Server 2008 boxes Prepare your Active Directory environment for the first Windows Server 2008 Domain Controller by running adprep.exe with the needed switches: Command Domain Controller adprep.exe /forestprep Schema Master adprep.exe /domainprep Infrastructure Master adprep.exe /domainprep /gpprep Infrastructure Master Make a backup of your Windows Server 2003 Domain Controllers Make the Windows Server 2008 box an extraDomain Controller for your existing domain by running dcpromo.exe Make the new server a Global Catalog server When your Windows Server 2003 Domain Controllers arethe only DNS Servers, convert your DNS zones into Active Directory Integrated Zones. Install DNS on the new server and it will automatically be populated. If another server is your DNS Server you need not do anything with DNS Migrateany data you'd want to migrate to the new Windows Server 2008 boxes (except for the SYSVOL and NETLOGON shares, thesewill be copied automatically) Migrate any Server roles you'd want to migrate to the new Windows Server 2008 box (think about Certificate services, DHCP, Print Server and any business specific applicationat this moment) Transfer all the FSMO roles from the Windows Server 2003 Active Directory Domain Controllerto the Windows Server 2008 Domain Controller. (but make sure you follow the Infrastructure Master placement rule of thumb) Get rid of your Windows Server 2003 boxes as Domain Controller by demotingthem using dcpromo.exe When your current Domain Controllers areDNS Server and you don't want it to be anymore be sure to change the DNS configuration on your clients and member servers (change DHCP option, when DHCP is available) and reconfigure your DNS zones not to include the old server anymore. Remote the Windows Server 2003 boxes from the domain and deletetheir computeraccounts from Active Directory. Get rid of your Windows Server 2003 boxes. Transitioning your Active Directory will not require you to configure anything on the desktops of your users and your users can start using the server right away, since each Active Directory Domain Controller stores a copy of theActive Directory information, like users, computers, etc.and the NETLOGON and SYSVOL shares. When done right your colleaguesmight not even suspect a thing!The downside is you need to know exactly what you're doing, because things can go wrong pretty fast.More information: Transitioning your Active Directory to Windows Server 2008 Upgrading your Active Directory to Windows Server 2008 WS2008: Upgrade Paths, Resource Limits & Registry Values Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003 Domain In-Place Upgrade from Windows Server 2003 Domain Controller to Windows Server 2008 Identifying Your Windows Server 2008 Functional Level Upgrade What Does the Upgrade Landscape Look Like for Windows Server 2008 Screencast: How to Upgrade In-Place 2003 DC What You Need to Know About In-Place Upgrades markm75g said: Our other 2003 servers, like Exchange 2007, will be fine on the 2008 domain, even though they are 2003.. i just cant do native 2008 as of now correct? (i may upgrade the exchange server via inplace if possible later on).. When all your Domain Controllers are Windows Server 2008-based and you don't have any reason to install a pre-Windows Server 2008 Domain Controller you can raise both the Domain Functional Level and Forest Functional Level to Windows Server 2008.More information: Win Server 2008 Directory Services, Functional Levels Overview Functional Levels In Windows Server 2008 Part I Functional Levels In Windows Server 2008 Part II How to raise domain and forest functional levels in Windows Server 2003
December 31st, 2008 1:01pm

Sander Berkouwer said:markm75g said: It is my understanding that the route i should probably take, given that the upgrade path doesnt work (perhaps i tried changing from standard to enterprise etc)... is the following?:1. Install a fresh 2008 server...2. Run adprep from the 2008 server CD on the existing 2003 DC...3. Install DHCP and DNS on the new 2008 server(s).. turn off the old services on the 2003 DCs (DHCP/DNS)..4. Do a Dcpromo to demote the DC's, one by one...5. Do a dcpromo on the new 2008 server?I think the order here is wrong..I'm also double checking though this should be obvious.. but.. There are four ways to get from Windows Server 2003 to Windows Server 2008 Domain Controllers: In-place upgrade Transition Restructure Begin anew from scratchSince you're running Microsoft Exchange Server I would not use the fourth method of demoting your current Windows Server 2003 Domain Controllers before promoting new Windows Server 2008 Domain Controllers. This method will inevitably result in a loss of functionality, domain membership of your servers and workstations and user accounts.I would also not use thethird method since it will result in a lot more work than the first two methods. (it requires you to change domain membership of your user accounts, servers, workstations, etc) Since a clean install of Windows Server 2008 will contain less garbage than an upgraded Windows Server 2003 server and you're not tied to any physical servers I recommend usingmethod 2.How to transition: Installtwo new (virtual) Windows Server 2008 servers. Provide a static IP address to the Windows Server 2008 boxes Prepare your Active Directory environment for the first Windows Server 2008 Domain Controller by running adprep.exe with the needed switches: Command Domain Controller adprep.exe /forestprep Schema Master adprep.exe /domainprep Infrastructure Master adprep.exe /domainprep /gpprep Infrastructure Master Make a backup of your Windows Server 2003 Domain Controllers Make the Windows Server 2008 box an extraDomain Controller for your existing domain by running dcpromo.exe Make the new server a Global Catalog server When your Windows Server 2003 Domain Controllers arethe only DNS Servers, convert your DNS zones into Active Directory Integrated Zones. Install DNS on the new server and it will automatically be populated. If another server is your DNS Server you need not do anything with DNS Migrateany data you'd want to migrate to the new Windows Server 2008 boxes (except for the SYSVOL and NETLOGON shares, thesewill be copied automatically) Migrate any Server roles you'd want to migrate to the new Windows Server 2008 box (think about Certificate services, DHCP, Print Server and any business specific applicationat this moment) Transfer all the FSMO roles from the Windows Server 2003 Active Directory Domain Controllerto the Windows Server 2008 Domain Controller. (but make sure you follow the Infrastructure Master placement rule of thumb) Get rid of your Windows Server 2003 boxes as Domain Controller by demotingthem using dcpromo.exe When your current Domain Controllers areDNS Server and you don't want it to be anymore be sure to change the DNS configuration on your clients and member servers (change DHCP option, when DHCP is available) and reconfigure your DNS zones not to include the old server anymore. Remote the Windows Server 2003 boxes from the domain and deletetheir computeraccounts from Active Directory. Get rid of your Windows Server 2003 boxes. Transitioning your Active Directory will not require you to configure anything on the desktops of your users and your users can start using the server right away, since each Active Directory Domain Controller stores a copy of theActive Directory information, like users, computers, etc.and the NETLOGON and SYSVOL shares. When done right your colleaguesmight not even suspect a thing!The downside is you need to know exactly what you're doing, because things can go wrong pretty fast.More information: Transitioning your Active Directory to Windows Server 2008 Upgrading your Active Directory to Windows Server 2008 WS2008: Upgrade Paths, Resource Limits & Registry Values Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003 Domain In-Place Upgrade from Windows Server 2003 Domain Controller to Windows Server 2008 Identifying Your Windows Server 2008 Functional Level Upgrade What Does the Upgrade Landscape Look Like for Windows Server 2008 Screencast: How to Upgrade In-Place 2003 DC What You Need to Know About In-Place Upgrades markm75g said: Our other 2003 servers, like Exchange 2007, will be fine on the 2008 domain, even though they are 2003.. i just cant do native 2008 as of now correct? (i may upgrade the exchange server via inplace if possible later on).. When all your Domain Controllers are Windows Server 2008-based and you don't have any reason to install a pre-Windows Server 2008 Domain Controller you can raise both the Domain Functional Level and Forest Functional Level to Windows Server 2008.More information: Win Server 2008 Directory Services, Functional Levels Overview Functional Levels In Windows Server 2008 Part I Functional Levels In Windows Server 2008 Part II How to raise domain and forest functional levels in Windows Server 2003 Thanks for that detailed response.. I had already begun the inplace upgrade... I had issues with my one domain controller, so i had to seize all 5 roles onto the other DC VM ( i see your notes on how i should use a dedicated machine with all 5 roles, ill be moving to this shortly, I was trying to avoid that, as i have/will have two hyper-v barebones servers).. So i seized the roles, i then demoted the main DC back to member server.. I ran the adpreps with the exception of the one you listed (adprep /rodcprep).. This worked fine.. I then tried the 2008 upgrade, it rolled along until at one point it "froze" on 59% copying files.. I restarted and it reverted this (only) VM DC back to 2003.. Now I tried running adprep /rodcprep and received some errors, i wont list them just yet... i did a dcdiag /fix.. i'm receiving this error: testing server VSDC02 (this only remaining DC).. test connectivity... The host 9adff94e-xxxxxx-xxx-x-xxx._msdcs.domain.local could not be resolved to an ip address.. it goes on to say the although the guid dns couldnt be resolved its ip address 100.15 was pingable. This remaining DC was one of the two boxes with DNS installed.. the old dns (DC) which was demoted still has DNS installed on it (and is now upgraded to 2008).. If i connect to that dns server, it connects but there is nothing in forward lookup zones.. I think i have a dns mess going on..
Free Windows Admin Tool Kit Click here and download it now
December 31st, 2008 5:32pm

I ran a netdiag /fix and it corrected the one issue, i removed the entry in the tcp ip settings that had the primary DNS going to the old DC/dns..I then ran dcdiag again.. this time it passed on that one, but failed on a bunch of tests under systemlogsome eventids included 0x00000416 (dhcp/binl service on local machine).. eventid 0xc0001b6e (event string could not be retrieved).. eventid 0xc25a001d same event string error.. etc..I do have the (only dhpc) on the other former DC (now with 2008 server again).. this box used to host dhcp in a split fashion, but i went to a single dhcp mode a while ago and unauthorized this vsdc02 machine, which is the one i'm trying to upgrade to 2008..
December 31st, 2008 5:40pm

I decided to run the setup again, despite these few remaing systemlog errors...Once again it froze at about 72% (on expanding files).. last time it was 59%...At this point it looks like i should create a separate new 2008 server and move everything to it, then get rid of this 2003 box?
Free Windows Admin Tool Kit Click here and download it now
December 31st, 2008 8:38pm

Sander Berkouwer said:markm75g said: It is my understanding that the route i should probably take, given that the upgrade path doesnt work (perhaps i tried changing from standard to enterprise etc)... is the following?:1. Install a fresh 2008 server...2. Run adprep from the 2008 server CD on the existing 2003 DC...3. Install DHCP and DNS on the new 2008 server(s).. turn off the old services on the 2003 DCs (DHCP/DNS)..4. Do a Dcpromo to demote the DC's, one by one...5. Do a dcpromo on the new 2008 server?I think the order here is wrong..I'm also double checking though this should be obvious.. but.. There are four ways to get from Windows Server 2003 to Windows Server 2008 Domain Controllers: In-place upgrade Transition Restructure Begin anew from scratchSince you're running Microsoft Exchange Server I would not use the fourth method of demoting your current Windows Server 2003 Domain Controllers before promoting new Windows Server 2008 Domain Controllers. This method will inevitably result in a loss of functionality, domain membership of your servers and workstations and user accounts.I would also not use thethird method since it will result in a lot more work than the first two methods. (it requires you to change domain membership of your user accounts, servers, workstations, etc) Since a clean install of Windows Server 2008 will contain less garbage than an upgraded Windows Server 2003 server and you're not tied to any physical servers I recommend usingmethod 2.How to transition: Installtwo new (virtual) Windows Server 2008 servers. Provide a static IP address to the Windows Server 2008 boxes Prepare your Active Directory environment for the first Windows Server 2008 Domain Controller by running adprep.exe with the needed switches: Command Domain Controller adprep.exe /forestprep Schema Master adprep.exe /domainprep Infrastructure Master adprep.exe /domainprep /gpprep Infrastructure Master Make a backup of your Windows Server 2003 Domain Controllers Make the Windows Server 2008 box an extraDomain Controller for your existing domain by running dcpromo.exe Make the new server a Global Catalog server When your Windows Server 2003 Domain Controllers arethe only DNS Servers, convert your DNS zones into Active Directory Integrated Zones. Install DNS on the new server and it will automatically be populated. If another server is your DNS Server you need not do anything with DNS Migrateany data you'd want to migrate to the new Windows Server 2008 boxes (except for the SYSVOL and NETLOGON shares, thesewill be copied automatically) Migrate any Server roles you'd want to migrate to the new Windows Server 2008 box (think about Certificate services, DHCP, Print Server and any business specific applicationat this moment) Transfer all the FSMO roles from the Windows Server 2003 Active Directory Domain Controllerto the Windows Server 2008 Domain Controller. (but make sure you follow the Infrastructure Master placement rule of thumb) Get rid of your Windows Server 2003 boxes as Domain Controller by demotingthem using dcpromo.exe When your current Domain Controllers areDNS Server and you don't want it to be anymore be sure to change the DNS configuration on your clients and member servers (change DHCP option, when DHCP is available) and reconfigure your DNS zones not to include the old server anymore. Remote the Windows Server 2003 boxes from the domain and deletetheir computeraccounts from Active Directory. Get rid of your Windows Server 2003 boxes. Transitioning your Active Directory will not require you to configure anything on the desktops of your users and your users can start using the server right away, since each Active Directory Domain Controller stores a copy of theActive Directory information, like users, computers, etc.and the NETLOGON and SYSVOL shares. When done right your colleaguesmight not even suspect a thing!The downside is you need to know exactly what you're doing, because things can go wrong pretty fast.More information: Transitioning your Active Directory to Windows Server 2008 Upgrading your Active Directory to Windows Server 2008 WS2008: Upgrade Paths, Resource Limits & Registry Values Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003 Domain In-Place Upgrade from Windows Server 2003 Domain Controller to Windows Server 2008 Identifying Your Windows Server 2008 Functional Level Upgrade What Does the Upgrade Landscape Look Like for Windows Server 2008 Screencast: How to Upgrade In-Place 2003 DC What You Need to Know About In-Place Upgrades markm75g said: Our other 2003 servers, like Exchange 2007, will be fine on the 2008 domain, even though they are 2003.. i just cant do native 2008 as of now correct? (i may upgrade the exchange server via inplace if possible later on).. When all your Domain Controllers are Windows Server 2008-based and you don't have any reason to install a pre-Windows Server 2008 Domain Controller you can raise both the Domain Functional Level and Forest Functional Level to Windows Server 2008.More information: Win Server 2008 Directory Services, Functional Levels Overview Functional Levels In Windows Server 2008 Part I Functional Levels In Windows Server 2008 Part II How to raise domain and forest functional levels in Windows Server 2003 So at this point i think ill do the creation of two new Virtual Servers that are 2008, move the dns and dhcp roles to those boxes (i'm not clear on the best way to do this part.. ie: create dns / dchp role on one 2008 server, then create dns integrated zone, hand scratch recreate dhcp on this box?).. Once the box has the dns/dhcp, i would then transfer (or seize) the roles from this remaining 2003 DC (VM box)?I could then simply remove that box from active directory? (the old 2003).. and i would be at 2008 level?Is it generally best practice to have a physical box with all 5 roles (which i dont)?You mentioned the infrastructure rule of thumb.. is this the part where you really shouldnt have the DC be a GC if it has the Infrastructure role? But what if you only have one server? If it has the Infrastructure role, but not GC, can it still provide GC info?**I also created a bit of another mess, on that old VM that was a DC and now is just a member server and converted to 2008, i had it with certificate services (the only box).. i had to remove certificate services in order to demote it... well naturally that blew up a few things, like communicator etc.. I'm not sure if there is some easy way to bring those things back online once i get the rest fixed or not, short of creating a brand new cert. services role on a box and reissuing certs? Does this role have to go on a DC (i forget).. i'm thinking it would be best if on its own VM...Thanks again
December 31st, 2008 8:45pm

Hi,Based on the current situation, I suggest you setup new server and transfer settings and data using Active Directory Migration Tool version 3.1. This tool simplifies the process of migrating objects and restructuring tasks in an Active Directory Domain Service (AD DS) environment. You can use ADMT v3.1 to migrate users, groups, and computers between AD DS domains in different forests (inter-forest migration) or between AD DS domains in the same forest (intra-forest migration). ADMT can also perform security translation (to migrate local user profiles) when performing inter-forest migrations.You can download it here.http://www.microsoft.com/downloads/details.aspx?familyid=AE279D01-7DCA-413C-A9D2-B42DFB746059&displaylang=en Detailed infrastructure is determined by your environment and your future plan. Please backup all your data before change production servers. Enterprise Certificates Server require DC. If you setup Enterprise CA, please install it on a DC. You can also move CA to another Server. Please refer to the steps below. How to move a certification authority to another server http://support.microsoft.com/kb/298138Thanks.
Free Windows Admin Tool Kit Click here and download it now
January 2nd, 2009 11:56am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics