Upcoming Webinar
Understand How Your Peers Approach AD Forest Recovery
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
Unlocking the Secrets of App Security!
In this episode of UnplugIT, Stephen Rose talks to IT expert and technology engineer Sean Hurley about how to secure apps in the cloud.
Essential Eight + Microsoft 365 Backup Compliance
This download allows you to demonstrate exactly how the technology you use keeps customers covered and compliant.
UK Ransomware Guidelines + M365 Backup Compliance
This download allows you to demonstrate exactly how the technology you use keeps customers covered and compliant.

The Complete Guide to Windows Server 2003 End of Support

OS Roles

Active Directory / DNS

Although migrating your Active Directory from a domain and forest-functional level of Windows Server 2003 to 2012 R2 may not be strictly necessary if your current applications won’t take advantage of its expanded capabilities, you should do it anyway. Why? Because Active Directory protects the keys to the kingdom — your company’s identities and therefore access to all its resources — and its 2012 R2 version is significantly more secure than its decade-plus predecessor.

This upgrade can take several different paths. You can upgrade your domain controllers to Windows Server 2008 R2 and upgrade them again to Windows Server 2012, but this is neither the simplest, nor the cleanest way to move your AD environment forward. The best method is to introduce a Windows Server 2012 R2 server into your network and promote it to domain controller. In doing this, your Active Directory schema will automatically be upgraded to the Windows Server 2012 R2 version, running ADPREP /FORESTPREP, then /DOMAINPREP via the Server Manager interface.

The Petri IT Knowledgebase has a handful of articles on how to do this:

Migrating Active Directory from Windows Server 2003 to Server 2012 R2 Article Series

Part 1: Preparing Windows Server and Active Directory
Part 2: Install AD and Transfer FSMO Roles
Part 3: Migrate DHCP, Remove Windows Server 2003, and Raise Functional Levels

Nonetheless, be sure that you review Active Directory changes beforehand. I strongly recommend you test the upgrade procedure by adding a Windows Server 2003 DC to your existing domain, then remove it to a test lab where you can add a Windows Server 2012 R2 DC to upgrade. This thread on Experts Exchange gives a high-level overview of the procedure. Microsoft technical evangelist Blain Barton also has an article on upgrading Active Directory, with a link that lists a variety of issues.

The tighter security in Windows Server 2008 R2 and Windows Server 2012 R2 is good, but it may impact your existing environment. What’s New In Active Directory Domain Services reviews the major changes to look at from a Windows Server 2003 upgrade viewpoint.

Once you’ve upgraded one DC to 2012 R2, it’s time to get your Active Directory forest to an all-2012 R2 environment as soon as possible. As the Microsoft Directory Service team notes, “It turns out that weird things can happen when you mix Windows Server 2003 and Windows Server 2012 R2 domain controllers.”

DHCP
DHCP has seen very few updates of any kind over the years. The single most significant update came in Windows Server 2012 when it gained true failover capabilities. Petri IT Knowledgebase’s Russell Smith has also written a good step-by-step procedure to migrate your Windows Server 2003 DHCP server(s) to Windows Server 2012 or R2.

File and print
The Windows Server Migration Tools are an installable feature in Windows Server 2012 and R2. These tools help you migrate a variety of roles from previous OS versions to Windows Server 2012 R2. Many of the migration tools only migrate from Windows Server 2008 and later, but you can use these tools to migrate File and Storage Services, and Print Services from Windows Server 2003. Microsoft technical evangelist Matt Hester has an overview article on the Migration Tools.

Look here for information on File and Storage Services migration with the Windows Server Migration Tools.
Look here for information on Print and Document Services migration with the Windows Server Migration Tools.

SQL Server
Microsoft recommends the following migration paths for SQL Server:

SQL Server 2000: Migrate to SQL Server 2014 via SQL Server 2008
SQL Server 2005: Upgrade to SP4 and then migrate to SQL Server 2014
SQL Server 2008: Upgrade to SP3 or later and then migrate to SQL Server 2014
SQL Server 2008 R2: Upgrade to SP1 or later and then migrate to SQL Server 2014

The first steps I would suggest is to use the Microsoft SQL Server 2014 Upgrade Advisor. The Upgrade Advisor “analyzes instances of SQL Server 2005, SQL Server 2008, SQL Server 2008 R2, SQL Server 2012 in preparation for upgrading to SQL Server 2014. Upgrade Advisor identifies feature and configuration changes that might affect your upgrade, and it provides links to documentation that describes each identified issue and how to resolve it.”

The SQL Server 2014 Upgrade Advisor is available as part of the SQL Server 2014 Feature Pack.
If you have a database other than SQL Server that you want to migrate to SQL Server, then the SQL Server Migration assistant is your best bet, and the price is right.

Web
Starting with IIS 6.0, IIS upgrades and migration have been made easier with the Web Deploy tool. Web Deploy simplifies deployment of web applications and websites to IIS servers, but it also can be used to migrate to newer versions of IIS. This article by Microsoft provides more information on how to use Web Deploy for migration.

Third-party apps
For applications purchased from a non-Microsoft third party, key questions include:

Is there an updated version supported on Windows Server 2008+?
Failing that, is the existing application version supported on Windows Server 2008+?

You can also explore third-party applications like AppZero to extract the application from Windows Server 2003 and migrate it to Windows Server 2012 R2 or Azure.

Dead-end systems
Very few systems may reside at an intersection where they can’t be migrated or they are absolutely essential for business operations. This is a bad situation. The best you can do is to create a security mitigation plan using network isolation and draconian firewall rules, along with having a formal sign off of risk acceptance by management. This sign off is important. The decision to leave a vulnerable system online is generally made by management, and those making the decision should sign off on the risk.

In-house apps
Applications developed in-house face a similar decision tree:

Can the application be migrated to Windows Server 2012 R2 as is?
If not, do you have development resources to port the application to R2?
Can the app’s function be replaced by a SaaS app? Use a SaaS marketplace site like SaaSMax to search for a possible replacement.
If you don’t and you must continue to use this application, you may need to invest in an application migration solution like AppZero, Racemi, RiverMeadow, or Cloud Velocity.

If none of these solutions work, you may need to isolate the app as a dead-end system.

Test “to be” architecture. Azure or AWS is perfect for this.
Finalize high-level “to be” architecture
Build upgrade and migration deployment plan

Security considerations: Security is tighter with both Windows Server 2012 R2 and modern applications (ownership changes, some read/write permissions are taken away)

Licensing considerations: Consider what has changed with licensing. For example, Windows Server 2008 and 2012 have updated licenses that including some number of virtual instances, depending on what edition you purchase. Your virtualization architecture will impact what edition you need to purchase.

Business function and functionality reviews. Your stakeholders need to be involved in these planning decisions, which include the following:

New capability planning: Consider low-hanging fruit or easy wins that can be implemented as part of the migration
Attractive capabilities to be evaluated and deployed after migration
Overall project sequence dependencies, especially hardware purchase and datacenter installation
Create plans
Engineering test
Customer acceptance test
Communications
Back out

Phase III: Execution

Relatively speaking, execution is the most straightforward of these three migration phases. That’s because the actual migration process is not that different than any other production maintenance or upgrade process: You develop a plan to execute, you perform engineering tests, you package it up perhaps in a simply a documented procedure, and you have customers do acceptance tests of the end result in a pre-production environment. Next, you schedule and roll out the change.

The time has finally come to move away from Windows Server 2003. There’s lots of documentation on how to do it, along with a variety of existing applications that will get it done if you have a really tough situation. Get planning today; break this big project down into separate workstreams so much of the work can be delegated and worked on simultaneously. And get yourself a project manager; in a project like this, the technical professional needs to work on the technical aspects and leave the project work to a project professional.