Configure Active Directory and move users from Server 2003 to Server 2008

Question

I am currently using Active Directory in Windows Server 2003 to manage my small network of 10 users. The address of the current server is 192.168.2.1

I now want to configure Active Directory for my "new and improved" server which is running Windows Server 2008. The address of the new server is 192.168.2.2

What is the correct process for me to follow in terms of transitioning my existing users to the new Active Directory? Can I configure Active Directory on the new server, while it is currently a node on the current server?

Just looking for some guidance as to the correct steps to follow. Thanks.

Answer 1

You've got a fairly straightforward scenario here, in terms of the Active Directory part. You'll need to update the Active Directory forest schema and domain to the 2008 version, then promote the new server to a Domain Controller.

• Copy the contents of the "\sources\adprep" folder from the Windows Server 2008 DVD to somewhere on the Windows 2003 server (or mount the DVD directly on the server)

• Run adprep32 /forestprep and adprep32 /domainprep on the old server

The /forestprep and /domainprep operations are fairly harmless but it pays to have a good System State backup of the Windows Server 2003 machine before you do this, just in case.

• Run dcpromo on the new server, configured with the old server as its DNS server. Join the existing AD domain.

Once everything has replicated (the AD and the SYSVOL) you can think about demoting the old Windows Server 2003 machine to being a member server and remove it from the domain.

I'd flag the new Domain Controller as a Global Catalog server (by ticking the "Global Catalog" box in the "NTDS Settings" properties for the server object in the "Active Directory Sites and Services" management tool). I'd also install DNS on the new server and, once it has replicated AD, configure it to use itself as a DNS server.

Presumably your client computers are using the existing Windows Server 2003 machine as a DNS server. Depending on whether you're configuring that via DHCP or statically you may want to think about swapping the IP addresses of the Windows Server machines when you do get around to demoting and removing the Windows Server 2003 machine (so as to prevent needing to change the DNS server address on a lot of client computers).

Of more concern to be would be any file / print sharing you're doing from the existing Windows Server 2003 machine, and any other services it might be hosting. Surely you're not just using it as a domain controller. That's not going to be a matter of just promoting AD, though it might not be all that hard either.

Answer 2

If I understand you correctly, you are quite happy with your current AD but just wish to upgrade it to a later version.

This is the smooth way as I see it when you have a second server standing by for commissioning. Note however that I am presenting a simplification and not in any way a complete guide (to which entire books are dedicated), there are quite a few caveats with every step which I am not covering. You will therefore have to make a bit of research yourself, but this is the outline as I see it.

Assuming you don't have applications with dependencies which would break in a newer AD version, or during a transition, you could promote your new computer as a second DC in your old domain thereby making them both serve clients during the transition.

When you are comfortable with the new DC in terms of it operating correctly and that DNS and backups are fully functional for the new DC, you can transfer the 5 FSMO roles from the old to the new server. Assuming DNS is accounted for, this makes the new DC self sufficient in the domain, and the old server a functionally redundant DC.

You should now be able to demote the old DC, meaning to uninstall the AD from it. This is a non-reversible maneuvre (discounting restore from backup). It is therefore usually a good idea to disconnect the server for a day or two before (reconnecting then) demoting just to see that everything works smoothly.

Again pay attention to DNS for both clients and servers and that backups are in order for the old and new server.

When the old DC is decommissioned and everything tested and still working, you can raise the forest and domain levels to get your new AD version.