Recently I upgraded my company Active Directory infra structure from 2003 32bit to AD 2008 64bit. As we all know that direct upgrade from 2003 x86 to 2008 x64 is not possible, so it was a bit lengthy process , therefore I saved all the procedure in this small howto. I first tested the whole scenario in a VM environment, and then implemented it on our Live Production Servers. This guide was written so that it may be helpful for others and also it will be reference guide to me for future retrieval.
My Current Scenario:
- Windows 2003 (x86) Domain Controller
- Windows 2003 (x86) Additional Domain Controller
Upgrade Scenario:
- Windows 2008 (x64) Domain Controller
- Windows 2008 (x64) Additional Domain Controller
I first uninstalled the ADC to make things simpler. Then I installed Windows 2008 x64 on VM and configure it as ADC of Windows 2003 DC.
.
STEP BY STEP POINTS:
# Raise Windows 2003 Domain Functional Level to NATIVE Mode,
# Run ADPREP32.exe from Windows 2008 (x64) DVD on Windows 2003 DC,
# Install DNS Server Role [Primary or Secondary DNS Role] on Windows 2008,
# Configure Windows 2008 as ADC, Create Forward/Reverse Lookup Zone with same domain name, Replication from 2003 DNS to 2008 DNS will auto occur
# Transfer all FSMO roles from 2003 to 2008
# Run dcpromo on Windows 2003 to remove AD, after reboot, unjoin it from domain.
# Clear Win2003 old DC records from Windows 2008 DNS / Sites / Domain controller.
In this article, following naming schemes were used.
Domain Name = zaib.com
Windows 2003 DC = xyz
Windows 2008 ADC/DC = WIN-71R3LJBPRK
Windows 2003 AD 32bit migration to windows 2008 AD 64bit
WINDOWS 2003:
1) On Windows 2003 Domain Controller, Raise Domain Functional Level from mixed mode to to NATIVE mode by going to
START / Admin Tools / ADUC
Right Click on domain name (e.g zaib.com and select RAISE Domain Functional Level
Now here you will see Windows 2000 Native is currently selected as default, change it to
Windows server 2003
and click on RAISE. It will give you a warning ,
Click on OK to continue.
As showed in the image below . . .
Preparing Windows 2003 (x86) AD for the Windows 2008 (x64) Joining
On your Windows 2003 DC, Insert Windows 2008 x64 DVD,
Open command prompt
Change dir to \support\adprep
by
cd \support\adprep
& issue following command
adprepr32.exe /forestprep
It will give you warning , Type C and and press ENTER to continue
As showed in the image below . . .
After its completion, issue following command
adprep32.exe /domainprep
After its completion, issue following command
adprep32.exe /rodcprep
Ok, Windows 2003 section is done, Now moving to Windows 2008 Server to configure it as ADC [Additional Domain Controller]
Configuring WINDOWS 2008 (x64) as Additional Domain Controller
Start Active Directory Installation Wizard using dcpromo:
Goto Start / Run and type
dcpromo
AD Wizard will start, Click on Next, Next
As showed in the image below . . .
When it asks for Choose a Deployment Configuration,
Select
EXISTING FOREST / ADD A DOMAIN CONTROLLER TO EXISTING DOMAIN
& Click NEXT to continue.
As showed in the image below . . .
– On Network Credentials Screen, Type your Fully Qualified Domain Name e.g: zaib.com ,
in Alternate Credentials, click on SET , and enter your Domain Administrator ID & Password. and Click NEXT to continue.
As showed in the image below . . .
– On Select a Domain screen, click on your domain name e.g zaib.com and Click NEXT to continue.
As showed in the image below . . .
On Select a Site, Click on Default First Site-name, and Click NEXT to continue.
As showed in the image below . . .
On Additional Domain Controller Options. Click NEXT to continue.
[Make sure you tick on DNS server]
Another warning screen may popup, telling you about DNS warning, Click YES to continue.
As showed in the image below . . .
in Next screen, it will inform you about the locations where AD Database will be copied.
Click NEXT to continue.
As showed in the image below . . .
in Next Screen, it will ask you to enter DSRM password, this is the password required when you run Windows in Directory Services Restore Mode to restore /troubleshoot AD, Enter your desired password and Click NEXT to continue.
As showed in the image below . . .
on Summary Window, It will show you all the info , Click on NEXT to continue.
As showed in the image below . . .
After it completes, simply Reboot.
TRANSFERRING ROLES From DC to ADC
Ok its time to transfer FIVE FSMO ROLES from Windows 2003 to Windows 2008 Server.
Lets Begin.
On Windows 2008 Server, Open ADUC and transfer following 3 roles.
1) RID
2) PDC
3) InfraStructure
on ADUC, Right click on domain name e.g: zaib.com and select OPERATION MASTERS
Now you will see something like below image.
On RID, click CHANGE , it will ask your confirmation, Click on YES, & the role will be transfer to windows 2008 ADC.
As showed in the image below . . .
Repeat this process for PDC and Infra roles.
Now we will transfer 4th role , which is called SCHEMA MASTER.
From your Windows 2003 DC,
Open Command Prompt and issue following command
regsvr32.exe schmmgmt.dll
Now open management console by issuing following command
mmc
on MMC, goto file / ADD Remove Snapin
From the List , double click on ACTIVE DIRECTORY SCHEMA
and click Ok to close this window.
Now Right click on Active Directory Schema and select
Change Active Directory Domain Controller
Select your ADC Server and click on OK
Now Right click on ACTIVE DIRECTORY SCHEMA, and select OPERATION MASTER
Click on Change, and select YES when asked, it will transfer the OM role to your ADC.
As showed in the image below . . .
DONE !
Now we will transfer Domain Naming Master role to ADC
Open AD Domains and Trusts,
Right click and click on Change Domain Controller,
Select Your ADC Server and click on Ok
Now right click and select OPERATION MASTER as showed in the image below
Click on CHANGE
As showed in the image below . . .
For better explaination of roles transfer, pelase see following guide.
http://www.petri.co.il/transferring_fsmo_roles.htm
All Done !!! Your ADC is now fully functional Domain Controller.
============================================================
# Now remove AD from your Old Windows 2003 DC by running dcpromo. At end it will give you error that it fails to remove AD, Don’t worry, re-run the dcpromo again, and this time it will smoothly remove AD from 2003 server.
If it somehow failed to remove , you can use /forceRemoaval switch alongwith dcpromo to forcefully remove it.
# Make sure you UNCHECK option “This is the last DC in your domain”
# Also don’t forget to remove the of W2003 DC DNS Entry on Windows 2008 DNS Server.
# Also remove 2003 DC Entry from AD Sites. You can also use metadata to clean the old entries.
# If Windows 2008 DNS server fail to replicate dns entries from 2003 dns, make sure ZONE TRANSFER is selected in Windows 2003 DC‘s DNS Server.
# So far we have manage to transfer all FSMO roles from Windows 2003 to Windows 2008, Now we want to move this Newly DC back to old machine so that IP address should remain same as previous old DC and also we will add ADC for this new DC.
Install Windows 2008 (x64) , configure it as ADC , transfer all FSMO roles from Windows 2008 (x64 DC) to this ADC, remove old 2008 DC,
Now remove AD from old 2008 DC, and again run dcpromo to make it ADC of 2008 x64.
I will write more data on this with some upgraded screenshots . . .
HOWTO verify DC’s are performing FSMO roles properly
Open Command promtp, and run
netdom query fsmo
OR
dcdiag /test:fsmocheck
Regard’s
Syed Jahanzaib
Syed Jahanzaib - Personal Blog to Share Knowledge ! 