Migrating Windows Server 2003 to Windows Server 2012 R2: Active Directory
It's no secret that the end of Windows Server 2003 support is getting closer. Day X is scheduled for July 17, 2015, which means that there is less and less time to manage to transfer its infrastructure to more modern versions of the operating system. At Habré, we have already made several announcements about the end of support, a course on Jump Start materials has been published on the Microsoft Virtual Academy portal, there is a translation of an article on transferring a file server . This article will cover the Active Directory migration and provides a step-by-step algorithm that will help you with the implementation of the migration.
Migrating Active Directory from Windows Server 2003 to Windows Server 2012 R2 is one of the priorities that need to be addressed during the migration process.
In fact, transferring Active Directory does not entail any difficulties. It is necessary to perform only a few steps, which will be described in detail below.
First, perform a small setup on a domain controller with Windows Server 2003 installed on it. Be sure to check that Windows Server 2003 is selected for the existing domain and forest as the functional level.
In order to change the mode of operation of the domain and forest, you need to run the Active Directory Domains and Trust snap-in. To change the domain operation mode, right-click on the domain, for the forest operation mode - on Active Directory Domains and Trusts. Select the Raise Domain Functional Level and the Raise Forest Functional Level respectively.
In both cases, the mode of operation must be set to Windows Server 2003.
The next step is to add a second domain controller running Windows Server 2012 R2 to our network. To do this, install the Active Directory Domain Services role on the server running Windows Server 2012 R2.
After installation, add a new domain controller to the existing domain. To do this, we will need to use an account that is a member of the Enterprise Admins group and has the appropriate rights.
You must specify whether this server will perform the role of a DNS server and global catalog (Global Catalog - GC).
On the Additional Options screen, you need to specify which domain controller will be replicated to the existing one. You must select a domain controller running Windows Server 2003.
To install a domain, you need to prepare the forest, domain and schema. If earlier for this, it was necessary to run the adprep command (and you had to do this before starting the domain configuration), now the ADDS configuration wizard assumes this task, and the preparation can be performed automatically.
Next you need to wait for the installation to complete and restart the computer. As a result, you will get a domain controller with Windows Server 2012 R2 installed on it.
Now in the Active Directory Users and Computers snap-in, we can see that there are two domain controllers in our network.
After the preliminary steps are completed, we can proceed directly to the transfer of Active Directory. We will perform the necessary actions on a domain controller running Windows Server 2012 R2 in the following order:
To transfer the FSMO role, open the Active Directory Users and Computers snap-in, right-click on our domain and select Operations Masters in the sub-menu that appears.
We need to transfer the operations master role. To do this, on each tab in the newly appeared window, click the Change button and transfer the role from the 2003 server to the server running 2012 R2.
We confirm the transfer operation and wait for its successful completion. Do not forget to check that, as a result, the operations master role is now on a server running Windows Server 2012 R2:
Now we are going to change the Active Directory domain controller. Open the Active Directory Domains and Trusts console, right-click on the forest and select the Change Active Directory Domain Controller option .
In the new window, select This Domain Controller or AD LDS instance and specify the server running Windows Server 2012 R2.
Now again, right-click on the forest and select the Operations Master item.
Transfer the host role to the domain naming operations by clicking Change .
')
Now we proceed to change the schema master (Schema Master). Run the command prompt with Administrator rights and enter the command regsvr32 schmmgmt.dll
Using this command, the dynamic library DLL is first registered, which is mandatory for the Active Directory Schema snap-in.
After the command is completed, you can close the command prompt, start the MMC console and add the Active Directory Schema snap - in (to do this, select File > Add / Remove Snap - in ).
In the same MMC console, right-click on the Active Directory Schema and select Change Active Directory Domain Controller. Similar to the actions we performed in step 2, in the new window, select This Domain Controller or AD LDS instance and specify the server running Windows Server 2012 R2 and click OK . A warning appears that the Active Directory schema snap-in is not connected. Click OK to continue.
Now again, right-click on the forest and select the Operations Master item. To transfer the schema master role in a new window, click Change .
Now you can close the MMC console, open the Active Directory Users and Computers snap-in and make sure that the data is successfully replicated to your new server running Windows Server 2012 R2. Keep in mind that the replication process may take some time (it all depends on the number of Active Directory objects that need to be replicated).
It remains to remove the domain controller running Windows Server 2003 from the global directory. To do this, open Active Directory Sites and Services, expands the Sites folder, then Default-First-Site-Name, then Servers, and finally, expand both servers.
Right-click on NTDS Settings for your old server running Windows Server 2003, select Properties . In the newly opened window, uncheck the Global Catalog item and click OK .
In Active Directory Users and Computers, a domain controller on Windows Server 2003 is no longer a global directory.
It remains to verify that the FSMO role is now running on Windows Server 2012 R2. To do this, in the command line, open as Administrator, run the command netdom query fsmo
This completes the Active Directory migration. On a computer running Windows Server 2003, run dcpromo (by the way, there is no dcpromo in Windows Server 2012 R2) in order to lower the role of the computer from the domain controller. If you then look at the Active Directory Users and Computers console, you will see that there is only one domain controller left - running Windows Server 2012 R2.
I hope that this article will be useful to you!
Migrating Active Directory from Windows Server 2003 to Windows Server 2012 R2 is one of the priorities that need to be addressed during the migration process.
In fact, transferring Active Directory does not entail any difficulties. It is necessary to perform only a few steps, which will be described in detail below.
First, perform a small setup on a domain controller with Windows Server 2003 installed on it. Be sure to check that Windows Server 2003 is selected for the existing domain and forest as the functional level.
In order to change the mode of operation of the domain and forest, you need to run the Active Directory Domains and Trust snap-in. To change the domain operation mode, right-click on the domain, for the forest operation mode - on Active Directory Domains and Trusts. Select the Raise Domain Functional Level and the Raise Forest Functional Level respectively.
In both cases, the mode of operation must be set to Windows Server 2003.
The next step is to add a second domain controller running Windows Server 2012 R2 to our network. To do this, install the Active Directory Domain Services role on the server running Windows Server 2012 R2.
After installation, add a new domain controller to the existing domain. To do this, we will need to use an account that is a member of the Enterprise Admins group and has the appropriate rights.
You must specify whether this server will perform the role of a DNS server and global catalog (Global Catalog - GC).
On the Additional Options screen, you need to specify which domain controller will be replicated to the existing one. You must select a domain controller running Windows Server 2003.
To install a domain, you need to prepare the forest, domain and schema. If earlier for this, it was necessary to run the adprep command (and you had to do this before starting the domain configuration), now the ADDS configuration wizard assumes this task, and the preparation can be performed automatically.
Next you need to wait for the installation to complete and restart the computer. As a result, you will get a domain controller with Windows Server 2012 R2 installed on it.
Now in the Active Directory Users and Computers snap-in, we can see that there are two domain controllers in our network.
After the preliminary steps are completed, we can proceed directly to the transfer of Active Directory. We will perform the necessary actions on a domain controller running Windows Server 2012 R2 in the following order:
- Transfer of the FSMO role (Flexible Single Master Operations)
- Change Active Directory Domain Controller
- Change Schema Master
- Remove a domain controller running Windows Server 2003 from the global catalog (Global Catalog)
1. Transfer of the FSMO role (Flexible Single Master Operations)
To transfer the FSMO role, open the Active Directory Users and Computers snap-in, right-click on our domain and select Operations Masters in the sub-menu that appears.
We need to transfer the operations master role. To do this, on each tab in the newly appeared window, click the Change button and transfer the role from the 2003 server to the server running 2012 R2.
We confirm the transfer operation and wait for its successful completion. Do not forget to check that, as a result, the operations master role is now on a server running Windows Server 2012 R2:
2. Change Active Directory Domain Controller
Now we are going to change the Active Directory domain controller. Open the Active Directory Domains and Trusts console, right-click on the forest and select the Change Active Directory Domain Controller option .
In the new window, select This Domain Controller or AD LDS instance and specify the server running Windows Server 2012 R2.
Now again, right-click on the forest and select the Operations Master item.
Transfer the host role to the domain naming operations by clicking Change .
')
3. Modifying the Schema Master
Now we proceed to change the schema master (Schema Master). Run the command prompt with Administrator rights and enter the command regsvr32 schmmgmt.dll
Using this command, the dynamic library DLL is first registered, which is mandatory for the Active Directory Schema snap-in.
After the command is completed, you can close the command prompt, start the MMC console and add the Active Directory Schema snap - in (to do this, select File > Add / Remove Snap - in ).
In the same MMC console, right-click on the Active Directory Schema and select Change Active Directory Domain Controller. Similar to the actions we performed in step 2, in the new window, select This Domain Controller or AD LDS instance and specify the server running Windows Server 2012 R2 and click OK . A warning appears that the Active Directory schema snap-in is not connected. Click OK to continue.
Now again, right-click on the forest and select the Operations Master item. To transfer the schema master role in a new window, click Change .
Now you can close the MMC console, open the Active Directory Users and Computers snap-in and make sure that the data is successfully replicated to your new server running Windows Server 2012 R2. Keep in mind that the replication process may take some time (it all depends on the number of Active Directory objects that need to be replicated).
4. Remove a domain controller running Windows Server 2003 from the global catalog (Global Catalog)
It remains to remove the domain controller running Windows Server 2003 from the global directory. To do this, open Active Directory Sites and Services, expands the Sites folder, then Default-First-Site-Name, then Servers, and finally, expand both servers.
Right-click on NTDS Settings for your old server running Windows Server 2003, select Properties . In the newly opened window, uncheck the Global Catalog item and click OK .
In Active Directory Users and Computers, a domain controller on Windows Server 2003 is no longer a global directory.
It remains to verify that the FSMO role is now running on Windows Server 2012 R2. To do this, in the command line, open as Administrator, run the command netdom query fsmo
This completes the Active Directory migration. On a computer running Windows Server 2003, run dcpromo (by the way, there is no dcpromo in Windows Server 2012 R2) in order to lower the role of the computer from the domain controller. If you then look at the Active Directory Users and Computers console, you will see that there is only one domain controller left - running Windows Server 2012 R2.
I hope that this article will be useful to you!
useful links
- Try Azure for free for 30 days!
- Learn Microsoft Virtual Academy courses
- Computer Security Basics
- Basics of building a domain network. Part 2
- Upgrading the organization's infrastructure using Windows Server 2012 R2
- Transition from VMware to Hyper-V
- Basics of building a domain network
- Business and the cloud: best practices solutions
- Download a trial version of Windows Server 2012 R2
- Download free or trial Visual Studio
Source: https://habr.com/ru/post/245667/
All Articles