Migrating from Windows Server 2003 to Windows Server 2016 Server Domain

The purpose of this guide is to systematically explain how to take a 2003 domain and migrate it to a 2016 domain. The reason for the guide is that during my preparation for a recent migration the information available was quite contradictory.

The fact remains that it is not possible to jump from 2003 to 2016 . In order to get there a couple of prerequisites and steps that need to be adhered to. In short what we need to do is jump from 2003 – 2008 – 2016

The oldest Domain you can be at and introduce 2016 Domain controllers natively is 2008 R2

A breakdown of the migration is as follows

 

  1. Prep a 2008 Server which will be the Domain Controller. Also at this time can prep the 2016 Domain controller, especially if you are in a Virtualised Environment
  2. Run ADPrep on the 2003 Server – if not then adding a 2008 DC will error (/Forest prep and /Domain Prep) – these tools are available on the 2008 R2 Media
  3. Add 2008 Domain to your existing forest
  4. Move roles and services from 2003 DC to 2008 DC (Including FSMO roles, Schema Master, Global Catalogue Server)
  5. Move data and roles off the 2003 DC. Run DCPromo.exe
  6. Raise Domain Functional Level
  7. Raise Forest Functional Level
  8. Add 2016 Domain controller and complete the migration

1. Prepare your Domain Controllers

media_1506466078945.png

Provision the servers how you normally would. We are going to want this to be a domain controller so facters we will need consider are as such

Install Active Directory sites and services

  • may also require to install.Net Framework 3.5
  • Run the Active Directory Domains and Services wizard
  • Select connect to an existing forest and enter domain credentials, select the domain controller for the AD forest. – It will then examine your domain

We may as well leave this wizard here as we will not be able to add the DC to an existing forest until we complete a couple more steps below

2. Run ADPREP on the 2003 Server

media_1506466236867.png

As shown above – if we try and add the Domain Controller before we run AD Prep we will get an error that actually tells us it needs to be ran

– We can see here it has failed as we need to run AD Prep on our 2003 server
– AD prep is available on the 2008 Installation media so copy this to the 2003 server it is located in the \support\adprep folder. We will need to copy this directory to the 2003 Server

2.a Run ADPREP (ForestPrep)

media_1506467289420.png

Navigate to the location of the adprep folder on your 2003 Server in Command Line (Local Administrator) and run the command

adprep32 /forestprep

 

media_1506468688632.png

Press C to confirm you have read the warning
It will then go through and give you confirmation it has completed

 

media_1506469858730.png

2.b Run ADPREP (DomainPrep)

media_1506470040253.png

Now run adprep32 /domainprep

If you later wish to install read Only Domain controllers we will also need to run dprep32 /rodcprep – If this is not required you will get prompted on the 2008 Server when we are adding it, as shown below

media_1506470165514.png

3. Add 2008 Domain Controller To An Existing Forest

media_1506470295170.png

Select the standard defaults
Set the DRSM Password and be sure to document it – I see lots of people here fail to document it so this is really important !

media_1506470398713.png

4.a Move roles and services from 2003 DC to 2008 DC -Transferring the Flexible Single Master Operations (FSMO) Role

1) Open the Active Directory Users and Computers console on your new Windows Server 2012 R2 computer.
2) Right click your domain and select Operations Masters in the sub menu.
3) In the Operations Masters window, ensure the RID tab is selected.
4) Select the Change button.

media_1506471284564.png

 

5) Select Yes when asked about transferring the operations master role.
6) Once the operations master role has successfully transferred, click OK to continue.
7) Ensure the Operations Master box now shows your new 2008R2 Windows Server.
8) Repeat steps 4 to 6 for the PDC and Infrastructure tabs.
9) Once completed, click Close to close the Operations Masters window.
10) Close the Active Directory Users and Computers window.

4.b Move roles and services from 2003 DC to 2008 DC – Changing the Active Directory Domain Controller

1) Open the Active Directory Domains and Trusts console on your new Windows Server 2008 R2 Server.
2) Right click your domain and select Change Active Directory Domain Controller… in the sub menu.
3) In the Change Directory Server window, select This Domain Controller or AD LDS instance.
4)Select your new 2008 R2 Windows Server.

media_1506471575498.png

5) Click OK to continue.
6) Back in the Active Directory Domains and Trusts window, hover over the Active Directory Domains and Trusts found in the folder tree on the left hand side to ensure the server now reflects your new 2008 R2 Windows server.

7) Right click Active Directory Domains and Trusts found in the folder tree and select Operations Manager.. in the sub menu.
8) In the Operations Master window, click Change to transfer the domain naming master role to the 2008 R2 Windows Server.
9) When asked if you are sure you wish to transfer the operations master role to a different computer, click Yes.
10) Once the operations master is successfully transferred, click OK to continue.
11) Click Close to close the Operations Master window.
12) Close the Active Directory Domains and Trusts console.

4.c Move roles and services from 2003 DC to 2008 DC – Changing the Schema Master

1) Open a command prompt in administration view on your new Windows Server 2012 R2 computer.
2) On the command prompt window, enter regsvr32 schmmgmt.dll and hit enter.
3) Once completed successfully, click OK to close the RegSvr32 window.

media_1506472119456.png

4) Close the command promp

4.d Move roles and services from 2003 DC to 2008 DC -Add the Active Directory Schema Console from MMC

media_1506472264368.png

1) Open a MMC console on your new Windows Server 2008 R2 computer.
2) Click File > Add/Remove Snap-in
3) In the Add or Remove Snap-ins window, select Active Directory Schema and click the Add > button.

4.e Move roles and services from 2003 DC to 2008 DC -Change the Schema Master

1)In the same MMC console, right-click Active Directory Schema and select Change Active Directory Domain Controller... in the sub menu.
2)In the Change Directory Server window, select This Domain Controller or AD LDS instance.
3)Select your new 2008 R2 Windows Server.
4)Click OK to continue.
5)A warning will appear stating that the Active Directory Schema snap-in in not connected. Click OK to continue.
6)Hover over the Active Directory Schema folder in the folder tree to ensure the new Windows Server 2008 R2 computer is shown.
7)Now right click Active Directory Schema and select Operations Master… in the sub menu.
8)In the Change Schema Master window, click Change to transfer the schema master role to the 2008 R2 Windows Server.
9)When asked if you are sure you wish to transfer the schema master role to a different computer, click Yes.
10)Once the schema master is successfully transferred, click OK to continue.
11)Click Close to close the Change Schema Master window.
12)In the MMC, click File > Exit.
13)When asked to save the console, click No.

 

Once completed, open the Active Directory Users and Computers console to verify that the Active Directory database successfully replicated to your new Windows Server 2012 R2 computer. Be aware that the database replication may take some time depending on the number of objects in Active Directory.

4.f Move roles and services from 2003 DC to 2008 DC – Removing the 2003 Windows Server from the Global Catalog Server

1) Open Active Directory Sites and Services on your new Windows Server 2008 R2 computer.
2) Expand the Sites folder, then the Default-First-Site-Name folder, then the Servers folder.
3) Expand both listed servers. One should be your new 2008 Windows Server and one should be you 2003 Windows Server.
4) Right click NTDS Settings found under your old 2003 Windows Server.
5) In the sub menu, select Properties.
6) Under the General Tab, unselect Global Catalog and then click the Apply button.
7) Click OK to continue.
8) Close the Active Directory Sites and Services window.
9) Verify that your new 2008 R2 Windows Server is running the FSMO role by opening the command prompt in Administrative view and running the following command: Netdom query fsmo.
10) In the Network and Sharing Center, be sure to change the Preferred DNS server to match the Alternate DNS server, then delete the IP address listed under the Alternate DNS server should it currently be pointed to the old 2003 Windows Server.

5. Begin to Copy Data Migrate Applications from your 2003 Domain Controller run DCPROMO

media_1506558735247.png

We are now at the point where we can begin to consider moving data and applications away from our 2003 Server

– Data and Apps can be moved straight to the 2016 Server rather than that of the 2008 as we will be able to add the 2016 Server to the domain just not promote it to a DC just yet
– Run DCPromo by clicking on Start-Run- and type DCPromo.exe

6. Raise Functional Domain Level

media_1506562773066.png

We now need to raise the domain functional level which can be completed under ‘Active Directory Sites and Services’

7. Raise Forest Functional Level

media_1506594379135.png

We now need to raise the forest functional level under ‘Active Directory Domains and Trusts’

8. Add 2016 Domain Controller

Now that we have raised the functional level of the domain and the forest. We are now at a point where we can add our 2016 Domain Controller to an existing forest. Just as we did when we introduced the 2008 Server

In order to complete this in a future-proof manner, one we have the 2016 DC on the network we will need to do the following

  1. Move roles and services from 2008 DC to 2016 DC (Including FSMO roles, Schema Master, Global Catalogue Server) [As in Steps 4.a-f]
  2. Fully Decommission the 2008 Server including DCPROMO.exe
  3. Ensure that machines on the network are using the new DC for DNS Lookups
  4. Raise the functional Level of the domain and forest to 2016 (As per steps 5-6)
  5. Disjoin the 2003 & 2008 Server from the domain

 


Leave a Reply

Your email address will not be published. Required fields are marked *