We have an Active Directory Domains now on Windows Server 2003, and we want to upgrade our domain controllers to Windows Server 2008 to benefit from the new features that Windows 2008 AD offers. So I will be showing how to migrate your Active Directory Domain Controller from Windows Server 2003 to Windows Server 2008 on a new server.
Concept :-
Server 1 :-
A Windows Server 2003 Enterprise Edition with Service Pack 2.This is the DC in my organization,that I intend to migrate to Win 2008
Server name :- AD2K3
Domain Controller :- ictops.org
Specification :- A DC With DNS Server
IP | SM | DG | DNS :- 192.168.28.128 | 255.255.255.0 | 192.168.28.2 | 192.168.28.128
Server 2 :-
A Windows Server 2008 Standard Edition
Server Name :- AD2K8
IP | SM | DG | DNS :- 192.168.28.129 | 255.255.255.0 | 192.168.28.2 | 192.168.28.128
Note :-
Set IP/GW and also set DNS Server IP As Win 2K3 Server IP
In a nutshell, we will perform the following:
- Raise Domain Functional Level in Windows 2K3 Server
- Prepare the current Windows 2K3 Active Directory for Windows Server 2K8 DC.
- Setup an additional domain controller on Windows 2K8 Server
- Transfer FSMO roles to the Windows Server 2008 Domain Controller
Server 1 :
- Raise Domain Functional Level
We need to configure the domain to run in native mode.So Check to ensure the Domain Functional Level is currently setup to at least Windows 2003 mode. This is the lowest required Domain Functional Level that would allow a Windows Server 2008 Domain Controller installation. Windows NT / 2000 Domain Controllers are not supported via this process.
- In the Active Directory Users and Computers console, select the domain via the right click on it.
- Select Raise Domain Functional Level and review the Current domain functional level reported
- In the console tree, right-click the Active Directory Domains and Trusts node, and then click Raise Forest Functional Level.select the domain via the right mouse button on it.
- Select Raise Domain Functional Level and review the Current domain functional level reported
Setting Up an Additional Domain Controller With Windows Server 2008
We have set up our first Active Directory Services (ADS) using Windows Server 2003. In this article, we are going to see how to set up an Additional Domain Controller for AD DS replication on Windows 2008 Server
- To use the command, click on Start > Run > and then write dcpromo > Click OK
2. The Active Directory Domain Services Installation Wizard will start, either enable the checkbox beside Use Advanced mode installation and Click Next , or keep it unselected and click on Next
3. On the Choose a Deployment Configuration page, click Existing forest, click Add a domain controller to an existing domain, and then click Next.
4. On the Network Credentials page, type your domain name, my domain name is ictops.org
o set up an Additional Domain Controller, you will need an account that must be either a member of the Enterprise Admins group or the Domain Admins group.
5. On the Additional Domain Controller Options page, By default, the DNS Server and Global Catalog checkboxes are selected. You can also select your additional domain controller to be a Read-only Domain Controller (RODC) by selecting the checkbox beside it
My primary domain controller is a DNS Server is well, and this can be verified by reading the additional information written in the below image, that there is currently 1 DNS server that is registered as an authoritative name server for this domain. I do want my Additional DC to be a DNS server and a Global catalog, so I will keep the checkboxes selected. Click Next
6. After the above steps, you will need to specify the following steps
DNS Delegation Prompt | Install from Media | Choose an appropriate domain controller
7. Now you will have to specify the location where the domain controller database, log files and SYSVOL are stored on the server.
The database stores information about the users, computers and other objects on the network. the log files record activities that are related to AD DS, such information about an object being updated. SYSVOL stores Group Policy objects and scripts. By default, SYSVOL is part of the operating system files in the Windows directory
8. In the Directory Services Restore Mode Administrator Password (DSRM) page, write a password and confirm it. This password is used when the domain controller is started in Directory Services Restore Mode, which might be because Active Directory Domain Services is not running, or for tasks that must be performed offline.
Summary page will be displayed showing you all the setting that you have set . It gives you the option to export the setting you have setup into an answer file for use to automate subsequent AD DS operations, if you wish to have such file, click on the Export settings button and save the file. Then click Next to begin AD DS installation
Transferring FSMO Roles In Windows Server 2008
One of the crucial steps required to successfully migrate your domain controller, is to be able to successfully transfer the FSMO roles to the new server. FSMO stands for Flexible Single Master Operations, and in a forest there are at least five roles.
Here, I will be showing you how to transfer the FSMO in Windows Server 2008 - (It's an Additional DC) from my existing Windows 2003 Server
The five FSMO roles are:
- Schema Master
- Domain Naming Master
- Infrastructure Master
- Relative ID (RID) Master
- PDC Emulator
The FSMO roles are going to be transferred, using the following three MMC snap-ins :
Active Directory Schema snap-in : Will be used to transfer the Schema Master role
Active Directory Domains and Trusts snap-in : Will be used to transfer the Domain Naming Master role
Active Directory Users and Computers snap-in : Will be used to transfer the RID Master, PDC Emulator, and Infrastructure Master roles
Transferring Schema Master Role
Using AD Schema snap-in to transfer the Schema Master role
- Register schmmgmt.dll in order to be able to use the Active Directory Schema snap-in
Click Start > Run > Type regsvr32 schmmgmt.dll
2. Click Start > Run, type mmc, then click OK
3. Click File > then click Add/Remove Snap-in...
From the left side, under Available Snap-ins, click on Active Directory Schema, then click Add > and then click OK
4. Right click Active Directory Schema, then click Change Active Directory Domain Controller…
5. From the listed Domain Controllers, click on the domain controller that you want to be the schema master role holder and then click on OK
6. In the console tree, right click Active Directory Schema [DomainController.DomainName], and then click Operations Master.
7. On the Change Schema Master page, the current schema master role holder will be displayed ( eg:- AD2K3.ictops.org and the targeted schema holder as well (eg :- WIN-85CLBN5A8QJ.ictops.org).
Once you click Change, the schema master holder will become WIN-85CLBN5A8QJ.ictops.org , click Change
Transferring Domain Naming Master Role
Using Active Directory Domains and Trusts snap-in to transfer the Domain Naming Master Role
Click Start > Administrative Tools > Active Directory Domains and Trusts
Same as transferring the Schema master role.
Transferring RID Master, PDC Emulator, and Infrastructure Master Roles
Using Active Directory Users and Computers snap-in to transfer the RID Master, PDC Emulator, and Infrastructure Master Roles
- Click Start > Administrative Tools > Active Directory Users and Computers > Right click
Active Directory Users and Computers, then click All Tasks > Operations Master.
2. You will have three Tabs, representing three FSMO roles (RID, PDC, Infrastructure). Click the Change button under each of these three tabs to transfer the roles.
