2

I am trying to convert a DC from a 2003 DC to a 2008 RODC. Before I can do that, I must have a writable 2008 DC in my domain. I have a Windows 2003R2 x86 DC that I would like to upgrade to Windows Server 2008R2 x64. What is the best way to back this up before doing so, just to be safe. Also what is the best way to back up my other 2003 DC before upgrading it to a 2008 RODC?

If the DC is a virtual machine, would taking a copy of the .VHD file be helpful?

Thanks in advance

MadHatter
  • 78,442
  • 20
  • 178
  • 229
Mike
  • 165
  • 1
  • 4
  • 15
  • When you're done with MDMarra's steps to reinstall your DCs, don't forget that you'll [probably] want to raise the forest and domain functional levels to Server 2008 R2. – HopelessN00b Jul 18 '12 at 22:02
  • @HopelessN00b Judging by his comments to my answer, it sounds like at least one 2003 DC will still be around, so he won't be able to raise the DFL and FFL. – MDMarra Jul 19 '12 at 19:41
  • yes I will actually have 2 2003 DC's still around. I have 4 total, one is becoming a writable 2008R2 DC, one a 2008R2 RODC, and the other 2 will remain 2003 DC's for the time being – Mike Jul 19 '12 at 19:44

1 Answers1

4

You can't do an upgrade from x86 to x64. You need to do a complete reinstall of the OS.

I assume that you have at least 2 DCs (you're a bit unclear here), so if that's the case, follow these steps:

  1. Take full backups of both DCs just in case and make sure both are Global Catalogs and run DNS
  2. Demote one of the DCs to a member server, moving any FSMO roles to the other server.
  3. Reinstall that server with 2008 R2.
  4. Run adprep /forest and adprep /domain as required to add 2008 R2 DCs to your domaun
  5. Run dcpromo on the new server and make it a DC. Also install DNS and make sure it's a GC.
  6. Wait for replication to happen, then demote the other DC, moving the FSMO roles to the other DC.
  7. Install the OS on the newly demoted server
  8. Run dcpromo on that server and make it a RODC using the Advanced button on the dcpromo wizard.

You should only need to touch your backups in the result of a disaster. Replication will take care of making sure that the AD database has the right info on each server if you follow these steps.

If the DC is a virtual machine, would taking a copy of the .VHD file be helpful?

Not really. If you want to restore a DC, you need to put it DSRM (Directory Services Restore Mode) and restore the system state. This is the only way to do a complete roll back of an AD environment from backups. You should never restore one from a snapshot or bring an old .VHD online in a multi-DC environment. Just take full system backups (with windows backup if you don't have a better tool) and follow my instructions and you should be fine.

MDMarra
  • 100,183
  • 32
  • 195
  • 326
  • Thank you very much MDMarra. To be a bit more clear, I actually have several domain controllers set up. 2 US-Based DC's, 1 Europe Based DC, and 1 China-Based DC. All are currently 2003R2 x86. I am looking to make the Europe one into an RODC, so therefore I am upgrading one of the US ones to be 2008R2 first. Does that help or change anything in your instructions? – Mike Jul 18 '12 at 20:29
  • I've also found that one of my US Domain Controllers has all 5 FSMO roles, so I can leave this DC alone and upgrade the other US DC as well as the Europe one to an RODC – Mike Jul 18 '12 at 21:19
  • Sounds fine to me. I'd recommend having more than one writable 2008(R2) DC though. If you only have one and it goes down, you'll have problems. The RODCs can only accept replication from them and will inky forward requests to them. – MDMarra Jul 18 '12 at 21:41
  • Thanks again for all your help, a couple last things I think I understand but just want to clarify: Since I cannot "upgrade" x86 to x64, does this mean I will be choosing the "Custom" install option from the windows installation media, deleting any of the drives, and installing the OS fresh? and Also, to demote the DC's before I reinstall the OS, do I just run DCPROMO and uninstall AD DS? or is there more to it? – Mike Jul 19 '12 at 19:46
  • Yeah, choose custom and wipe the OS drive at a minimum and you demote a domain controller by running dcpromo and following the wizard. Make sure to **not** check the box that says "this is the last DC in the domain" – MDMarra Jul 19 '12 at 19:58