Support for Windows Server 2003 ends in July 2015, so if you haven’t already started planning to migrate to Windows Server 2012 R2, now is the time. In this new article series, I’ll walk you through making the change to a Windows Server 2012 R2 domain, including handling DHCP and DNS, starting with updating Windows Server 2003, and preparing the domain so that a Windows Server 2012 R2 domain controller (DC) can be added.
Migrating Active Directory from Windows Server 2003 to Server 2012 R2 Article Series
Before planning how to retire Windows Server 2003, I recommend reading Migrating From Windows Server 2003: Getting Started on the Petri IT Knowledgebase. This article includes important information on the technical issues and upgrade paths available and a section dedicated to the migration options for domain controllers. Once you’ve formulated the best way to replace Windows Server 2003 domain controllers in your environment, you should adapt the instructions below and test them in a pre-production lab.
For the purposes of this article, my environment consists of a single Windows Server 2003 domain (ad.contoso.com), with one DC (dc1) running Active Directory integrated DNS and DHCP. This is a typical scenario for small businesses that can’t afford the luxury of two physical servers or virtualization.
I’m going to add a Windows Server 2012 R2 DC (newDC) to the existing domain, decommission the Windows Server 2003 DC, and then raise the domain and forest functional levels to Windows Server 2012 R2. If your domain has more than one DC, or your server is running roles other than DHCP and DNS, I’ve made notes along the way where you may need to consider taking extra steps for a successful transition.
An alternative to this method is to use Microsoft Active Directory Migration Tool (ADMT), which copies AD objects to a new domain, synchronizes passwords, and updates user profiles on end-user devices. Although this method is more complicated, it can be useful if you need to restructure AD as part of the migration process.
Before Windows Server 2012 R2 DCs can be added to the existing Windows Server 2003 domain, you will need to meet some prerequisites and perform a few recommend health checks.
First let’s check that Windows Server 2003 is running Service Pack 2. Log in to the Windows Server 2003 DC with a domain administrator account, and following the instructions below:
The About Windows dialog will be displayed, showing the installed build and service pack. If Service Pack 2 isn’t installed, you can download it for Windows Server 2003 32-bit edition.
Now check to make sure any additional updates have been installed:
If there are any available updates, a yellow shield will appear in the system tray. Double click it and follow the instructions for installing the available updates. You may need to wait a few minutes for the icon in the system tray to be updated.
Windows Server 2012 R2 DCs can only be added to a domain when the forest and domain functional levels are set to Windows Server 2003 or higher. So let’s check the forest and domain functional levels on the Windows Server 2003 DC:
In the Properties dialog, check the Domain functional level and Forest functional level. If they are set to anything other than Windows Server 2003, continue with the instructions below. Remember that raising the domain and forest functional levels is an irreversible operation.
If you have more than one domain in your forest, they will all need to be at the Windows Server 2003 domain functional level, before the forest functional level can be raised.
DCdiag is part of the Windows Server 2003 support tools, which can be downloaded here and allows you to check the health of Active Directory. Before adding Windows Server 2012 R2 DCs to your domain, I recommend that you run this tool to make sure that the domain passes all the basic tests. Any significant problems, including those connected to replication, will show up in the results.
In the next part of this series, we’ll install Active Directory on Windows Server 2012 R2, add it to the domain, transfer the five Flexible Single Operation Master (FSMO) roles to the new DC, remove the Windows Server 2003 DC as a Global Catalog (GC) in the domain, and configure the new DC to use its own DNS server for name resolution.