Domain Controller Migration

(Windows server 2003 DC to Server 2008 R2)

Index

Part-1: Preparing source server (2003) for migration 03-05 Part-2: Installing Additional DC in Server 2008 in Replication mode (transition mode) 06-17 Part-3: Transferring FSMO (Flexible single Master Operations) Roles to 2008DC 18-34 Part-4: Test and Demote server 2003 34-40

Part-1

Prepare source server for migration:

1. Prepare Forest and Domain in 2003 DC using ADPREP utilities , copy adprep from windows server

2008 (32bit) DVD

Path: d:\sources\adprep\adprep32.exe to c:\ to server 2003 and Run,

(Note: you can run directly run by using 2008 dvd)

2. Run >cmd> adprep32.exe /forestprep

During the forest preparation you will be asked to press C to continue to forest preparation.

This will take some time to complete the preparation.

Forest preparation completed.

2) Domain preparation:

Here we need to set domain to server 2003 mode. Path: Admistrative tools> AD>domain and trust> domain (right click) >Raise the domain functional level. Note: you need to raise both forest and domain fictional level to server 2003 level And rerun domainprep.

Part -2

Now, I assume you already have Windows server 2008 installed, Join server 2008 to domain and login as a domain administrator. Install AD DS in source server 2008 by using Server manager > add roles >

1. DNS > install (Don’t configure just install)

2. ADDS >install.

After preparing source server , install active directory in replication mode by running dcpromo in run command,

2. Press next

3. Press next

4. Here you need to select Existing forest > Add a domain controller to an existing forest.

Then Press Next

5. Type name of the domain “banana.com” and click on set, a pop will appear for admin user

name and password.

6. Click next, here a pop up will appear for Read only domain controller, because we haven’t

run “Adprep /RODPREP” this is an optional, click yes to continue

7. Select a site for the new domain controller as a default –first –site-name, click next

8. Check for additional domain controller options check box, DNS and global catalog box and

click next

9. Here you need to assign a static IP(some reason it was not taking static IP which I have

already assigned) select dynamically assign an ip address

A popup will appear “A Delegation for this dns server cannot be created because-----) click YES to

continue.

Click next to continue

Enter Directory Services restore mode administrator password

Click next to continue

Here you can see installation under progress

The AD Installation is successful, Reboot the server.

Part-3

Transfer FSMO ( Flexible Single Master operations ) ROLEs to DC-2008 server,

There are 5 FSMO roles they are

1. Schema Master

2. Domain Naming Master

3. Infrastructure Master

4. Relative ID (RID) Master

5. PDC Emulator The FSMO roles are going to be transferred, using the following three MMC snap-ins:

Active Directory Schema snap-in : Will be used to transfer the Schema Master role

Active Directory Domains and Trusts snap-in : Will be used to transfer the Domain Naming Master role

Active Directory Users and Computers snap-in : Will be used to transfer the RID Master, PDC Emulator,

and Infrastructure Master roles Note: The following steps are done on the Windows Server 2008 machine that I intend to set as the roles holder ( transfer the roles to it ) Let us start transferring the FSMO roles.

Using Active Directory Schema snap-in to transfer the Schema Master roleYou have to register schmmgmt.dll in

order to be able to use the Active Directory Schema snap-in

1. Click Start > Run

2. Type regsvr32 schmmgmt.dll

3. Click ok

A popup message will confirm that schmmgmt.dll was successfully registered. Click OK

4. Click Start > Run, type mmc, then click OK

5. Click File > then click Add/Remove Snap-in...

6. From the left side, under Available Snap-ins, click on Active Directory Schema, then click Add > and then

click OK

7. Right click Active Directory Schema, and then click Change Active Directory Domain

Controller...

8. From the listed Domain Controllers, click on the domain controller that you want to be the schema master role

holder and then click on OK

You will receive a message box stating that the schema snap-in is not connected to a schema operations master.

That is for sure, as we have not yet set this Windows Server 2008 domain controller as a Schema Master role

holder. This will be done in the next step. Click OK

9. In the console tree, right click Active Directory Schema [DomainController.DomainName], and then

click Operations Master.

10. On the Change Schema Master page, the current schema master role holder will be displayed (ex. Server

2003) and the targeted schema holder as well (ex:2k8). Once you click Change, the schema master holder will

become

dc 2k8, Click Yes to confirm the role transfer

The role will be transferred and a confirmation message will be displayed.

Click OK

Then click Close, as you can see in the below snapshot, the current schema master is Exchange08.banana.com

Using Active Directory Domains and Trusts snap-in to transfer the Domain Naming Master Role

1. Click Start > Administrative Tools > then click Active Directory Domains and Trusts

2. Right click Active Directory Domains and Trusts, then click Change Active Directory Domain Controller...

3. From the listed Domain Controllers, click on the domain controller that you want to be the Domain

Naming master role holder and then click onOK

4. Right click Active Directory Domains and Trusts, then click Operations Master.

5. On the Operations Master page, we are going to change the Domain Naming role holder

from 2003domain.banana.com toexchange08.banana.com, Click Change

Click YES to confirm the transfer of the Domain Naming role

The role will be transferred and a confirmation message will be displayed. Click OK, and then click Close

Till now, we have successfully transferred two FSMO roles, the Schema Master role and the Domain Naming role.

The last three roles can be transferred using a single Snap-in

Using Active Directory Users and Computers snap-in to transfer the RID Master, PDC Emulator, and

Infrastructure Master Roles

1. Click Start > Administrative Tools > then click Active Directory Users and Computers

2. Right click Active Directory Users and Computers, then click All Tasks > Operations Master...

3. You will have three Tabs, representing three FSMO roles (RID, PDC, Infrastructure). Click the Change button under

each of these three tabs to transfer the roles. Click Yes to confirm the role transfer The role will be transferred and a confirmation message will be displayed. Click OK

PDC

:

Infrastructure:

As for the Infrastructure role, once you click on the Change button you will receive the below message

By default, when you first install your first Domain Controller, it holds the five roles and beside that it is a Global Catalog. If your environment is a multi-domain/forest, then you should think about structuring your FSMO roles and transfer the Infrastructure role to a none Global Catalog domain controller. Else if you have small number of domain controllers ( ex. two domain controllers) then you should not worry about this. Click Yes

The tab should be like this

That's it, by now; I have successfully transferred the five FSMO roles to the Windows Server 2008 Domain

Controller.

Note: Before you demote Server 2003 from the domain, make sure you test all the applications and wait for at

least 3 weeks to have testing done turn off the server 2003 for 2 weeks and then demote the retiring server 2003

DC from the domain if everything works 2008 environment.

============================================================================

After successful migration demote (decommission) server 2003 by running DCPROMO:-

Before you demoting server 2003, run the following commands, and (better run on both the server) On the W2K3

Server:

Make the Preferred DNS for the W2K3 server to point to 10.10.1.10 (IP address of server 2008 dc)

then do an ipconfig /flushdns and ipconfig /registerdns

then net stop dns & net start dns

the net stop netlogons & net start netlogons

wait about 15-30 minutes and try the netdiag again. Here netdiag and dcdiag on both the servers should pass all the tests, then demote the server 2003.

============================================================================