SUMMARY
Writing a plan to prepare for a 2003 to 2008 active dir upgrade. 2003 AD exists on a single domain controller and has been upgraded to 2003 functionality. I have add a new 2008 Standard R2 server as a member server.
note: Exchange 2007 installed on an additional member server in this 2003 ad domain.
Upgrade plan to date is copied below , i have executed everything fine to date and stopped at ADPREP as i want to ensure the DC is patched and rebooted before proceeding.
Been having a few problems finding enough information for my exact configuration and have been building it peice meal from multiple sources.
This article provided some info , my questions related to what to do after this. Please see below. http://www.winserverhelp.com/2010/05/windows-server-2008-r2-migration-guide-replacing-existing-domain-controllers/
UPGRADE PLAN
0.Backup System state on existing 2003 DC
1.Install 2008 on new server
2.Install DNS and confirm its working
3.Patch server with all updates 2003 & 2008
4.On 2003 upgrade domain level to 2003
5.On 2003 upgarde forrest level to 2003
6.On 2003 Verify Domain and Forest Levels are full Windows Server 2003 and not Mixed/Interim
7.On 2003 regedit \system\currentcontorlset\services\NTDS\parameter (schema version 30 then 44 after adprep)
8.Verify the fsmo roles of all domain controllers. Use netdom /query fsmo
9.Copy adprep directory from Windows 2008 Server Media to 2003DC
10.On 2003 run DCDIAG in cmd to check AD health (all passed)
11.Run adprep to prepare 2003 Active Directory environment for 2008.
-Adprep32.exe /forestprep
-Adprep32.exe /domainprep
-Adprep32.exe /domainprep /gpprep
-Adprep.exe /rodcprep (edited to add this. Have a DMZ so may need a read only DC)
(I understand these can be run during business hours)
note: adprep32.exe used as existing dc is 32 bit and new 2008 server R2 obviously 64 bit
12.Log on to the new server as an admin.
13.Launch the Server Manager.
14.Select the Roles node in the Server Manager.
15.Click Add Roles and then click Next.
16.Select the Active Directory Domain Services checkbox and then click Next. Note that .NET Framework 3.5.1 is required and if prompted to install click Add Required Features.
17.Click Next in the Introduction screen.
18.Click Install, this will install the binaries required for the server to become a domain controller.
19.Click Close in the Installation Results screen.
20.In Server Manager , expand the Roles node and then select the Active Directory Domain Services node.
21.In the Summary section, click Run the Active Directory Domain Services Installation Wizard (dcpromo.exe).
22.Click Next in the Welcome screen.
23.Select the Existing Forest option.
24.Select Add a Domain Controller to an Existing Domain and then click Next.
25.Enter the name of the domain.
26.Click Set to specify alternative credentials to use for the operation.
27.Enter the credentials of a domain admin in the target domain, and then click OK.
28.Click Next.
29.Select the domain for the new domain controller and then click Next.
30.Select a site for the domain and then click Next.
31.Select the Additional Domain Controller Options (these are DNS Server and Global Catalog by default). Click Next.
32.Click Yes if a DNS Delegation warning dialog box appears.
33.Select the locations for the log files, database, and the SYSVOL, and then click Next.
34.Enter the Directory Services Restore mode administrator password and click Next.
35.Review the summary and click Next. The wizard will now create the domain controller and replicate the Active Directory database.
36.Click Finish.
37.Click Restart Now to reboot the new domain controller
QUESTIONS
1)So after the above is done. Do i still need to transfer the FSMO roles to the new 2008 DC or is this completed as part of the upgrade.
2)I would then want to Demote the 2003 server from DC role. Do i use DC promo tool ? this server will remain as a member server.
3)Any other critical points i have missed from this plan above ? exchange prep for example.
Thank you for any advice. Scott
EDITED to explain i plan to demote the existing W2k3 DC hence transferring roles to new DC.
Some good info here too:
http://www.pbbergs.com/windows/articles/Upgrading_Active_Directory_from_2003_to_2008.htm
EDITED TO ADD RODCPREP -Adprep.exe /rodcprep (edited to add this. Have a DMZ so may need a read only DC)
upgrade went without a problem.
Make sure you are using the version of adprep from 2008 R2. It should be run on the schema master and infrastructure master for the domain for /forestprep and /domainprep respectively. Win2008 R2 is 64bit, but it also has a 32bit version of adprep if you need it. (ADPREP32) Yes, it can be run during business hours, and I have never seen them take more than a few seconds to do their jobs.
Answering your questions:
You need to transfer the roles manually as per my instructions above, that is, if your intent is to let the new 2008R2 DC have the FSMOs.
Yes, DCPROMO should be all that is required to demote a domain controller. If something goes wrong trying to demote it though you'll have to perform a metadata cleanup. (Not hard.)
After all of your old DCs are gone and you have only 2008R2 DCs in your forest, you can start thinking about raising the FFL and DFL.
Upgrade Plan comments:
Step 31 eliminates the need for step 2.
I don't understand step 7. I've never done anything like that when upgrading from a 2K3 domain to a 2K8 domain.
Question answers:
You don't need to transfer the FSMO roles at all. If you're only introducing a W2K8 DC to a W2K3 domain/forest the W2K8 DC will happliy exist at the W2K3 domain and forest levels. If your goal is to replace the W2K3 DC and raise the domain and forest functional levels then simply run DCPROMO on the W2K3 DC and DCPROMO will gracefully transfer the FSMO roles to the W2K8 DC, whereupon you can raise the domain and functional levels.
See answer to question 1.
No
In addition, you can read this guide to make sure you're not missing anything:
http://technet.microsoft.com/en-us/library/cc731188(v=ws.10).aspx