In this “part 2” of a 5 post series, the following steps will be executed:
a) Active Directory Forestprep & Domainprep
b) Configuration of new Win2008 Server as additional domain controller
c) Seize domain controller roles from Win2003 DC to Win2008 DC
Phase 1 : Active Directory Forestprep & Domainprep
1) Run ADPREP from your Win2008 install files (<dvd-rom\sources\adprep), on your existing Schema master Win2003 Domain Controller:
2) After about 10 minutes, the Forestprep part is finished succesfully. If multiple DC’s exist around different IP-subnets, wait long enough for replication to occur, and check the event log for any detailed information.
3) Once Forestprep replication is completed to all DC’s in the domain, start ADPREP with the parameter /Domainprep
4) In order to update the GPO settings in the domain, we run again the ADPREP command, this time with /Domainprep /GPPrep parameter switches, as in the screenshot below:
5) At this moment, our existing Win2003 AD Domain is completely prepared for integration of a new Windows Server 2008 domain controller.
Phase 2 : Configuration of new Win2008 Server as additional domain controller
1) Before jumping into fase 2, make sure you have a Windows Server 2008 running as member server in the existing Windows 2003 domain.
2) Select Roles / Add / Active Directory Domain Services from the Add Roles wizard; the following wizard popup will come up:
3) Choose “existing forest” and “add a domain controller to an existing domain” in the next wizard step:
4) The name of the current domain will be shown; if an error would occur here, this could mean the new 2008 server is not well configured as member server in the domain.
5) Depending on the level of security, select “current credentials” or “alternate credentials” to run the AD-wizard
6) Depending on your situation, define if ADPREP/RODCprep should run as well on the local server.
7) Make this new server Global Catalog server, by selecting the option flag in below screen:
8) The AD configuration wizard ask for DNS-delegation permissions. ClickYes to Continue…
9) After the reboot, our newly installed Windows 2008 Server will be an additional Domain Controller in the domain.
Phase 3: Seize Domain Controller FSMO-roles to new Win2008 Server
In this third and final phase of Part 2, we will transfer (“seize” is the official Microsoft term) the FSMO roles to the new Win2008 domain controller. This step is crucial when decommissioning the Windows 2003 Domain Controller out of the network, once Exchange 2003 will be removed from it as well.
1) Open up Active Directory Users & Computers:
2) Connect your ADUC to the new Domain controller; this can be done by selecting the top of the AD domain, and rightclicking on “Change Domain Controller”. The following windows will appear.
3) Now the active domain controller to which we will connect is modified, we can start moving the FSMO roles. First, select the root of your domain (eg. Pdtit.local). Rightclick, select “Operations Masters”. Click the button Change + confirm with Yes and OK.
4) Select Yes on above mentioned question. Although it is not recommended to run the Operations Master on a Global Catalog server, in our test environment this is not an issue.
5) Validate the new server is indeed a Global Catalog Server, as shown in below screenshot:
6) In the last step of FSMO-role migration, we will configure the new server as Schema master. Before this possibility will be shown, a special DLL needs to be activated first.
From your Start/Run/console, enter the following command:
<regsvr32 schmmgmt.dll>; this will register the Schema Master snap-in, which we will need in the following step:
7) Open up a new MMC (Start/Run/MMC), and browse to “Active Directory Schema”. The following window appears:
8) From the menu on top, select “Change Schema Master”, and follow below steps:
9) At this moment, we still have both domain controllers active; in the next Part, we will show you how to install an additional Exchange 2007 Server, whereto we will move al our existing mailboxes.
Stay Tuned for Part 3 of this series.
feb 13 2009, 11:22
Peter De Tender