Active directory migration from windows server 2003 to windows server 2012Document Transcript
PREPARED BY RAVI KUMAR LANKE Page 1Active Directory Migrationfrom Windows Server 2003 toWindows Server 2012As you may know, Active Directory provides authentication and authorizationmechanisms as well as framework from within other related services that can bedeployed. As an LDAP compliant database, it contains most commonly used objectssuch as users, computers, and groups which can be organized into organizational unitsor OUs by any number of logical or business needs. Group Policy Objects or GPOs arethen linked to OUs to centralize the settings for various users or computers across anorganization. Part of the quandaries that IT professionals face is taking advantage ofnuances provided in Active Directory in newer server offerings such as Windows Server2012. As detailed in Pierres post, "Windows Server 2012 Active Directory – What’sNew?", Active Directory provided in Windows Server 2012 is provided impactfulenhancements. Yet some organizations choose not to migrate due to reasons ofuncertainty.
PREPARED BY RAVI KUMAR LANKE Page 2This Step-By-Step, suggestion online via the IT Professionals Community of GreaterToronto, is to help deal with that uncertainty and provide guidance for IT professionalslooking to migrate their organizations Active Directory offering from Windows Server2003 to 2012.Prerequisites1. Download Windows Server 2012. If you plan on completing this Step-By-Step ina virtual lab, it is recommended to download the FREE Hyper-V Server 2012 first.2. Complete Step-By-Step: Adding a Windows Server 2012 Domain Controller toan Existing Windows Server 2003 networkTransferring the Flexible Single Master Operations (FSMO) Role1. Open the Active Directory Users and Computers console on your newWindows Server 2012 computer.2. Right click your domain and select Operations Masters in the sub menu.3. In the Operations Masters window, ensure the RID tab is selected.
PREPARED BY RAVI KUMAR LANKE Page 34. Select the Change button.5. Select Yes when asked about transferring the operations master role.6. Once the operations master role has successfully transferred, click OK tocontinue.7. Ensure the Operations Master box now shows your new 2012 Windows Server.8. Repeat steps 4 to 6 for the PDC and Infrastructure tabs.9. Once completed, click Close to close the Operations Masters window.10. Close the Active Directory Users and Computers window.Changing the Active Directory Domain Controller1. Open the Active Directory Domains and Trusts console on your newWindows Server 2012 computer.2. Right click your domain and select Change Active Directory DomainController... in the sub menu.3. In the Change Directory Server window, select This Domain Controller orAD LDS instance.
PREPARED BY RAVI KUMAR LANKE Page 44. Select your new 2012 Windows Server.5. Click OK to continue.6. Back in the Active Directory Domains and Trusts window, hover overthe Active Directory Domains and Trusts found in the folder tree on the lefthand side to ensure the server now reflects your new 2012 Windows server.7. Right click Active Directory Domains and Trusts found in the folder tree andselect Operations Manager... in the sub menu.8. In the Operations Master window, click Change to transfer the domainnaming master role to the 2012 Windows Server.9. When asked if you are sure you wish to transfer the operations master role to adifferent computer,click Yes.10. Once the operations master is successfully transferred, click OK to continue.11. Click Close to close the Operations Master window.12. Close the Active Directory Domains and Trusts console.Changing the Schema Master1. Open a command prompt in administration view on your new Windows Server2012 computer.2. On the command prompt window, enter regsvr32 schmmgmt.dll and hitenter.
PREPARED BY RAVI KUMAR LANKE Page 53. Once completed successfully, click OK to close the RegSvr32 window.4. Close the command prompt.Add the Active Directory Schema Console from MMC1. Open a MMC console on your new Windows Server 2012 computer.2. Click File > Add/Remove Snap-in...3. In the Add or Remove Snap-ins window, select Active DirectorySchema and click the Add >button.
PREPARED BY RAVI KUMAR LANKE Page 64. Click OK to continue.Change the Schema Master1. In the same MMC console, right click Active DirectorySchema and select Change Active Directory Domain Controller... in thesub menu.2. In the Change Directory Server window, select This Domain Controller orAD LDS instance.3. Select your new 2012 Windows Server.4. Click OK to continue.5. A warning will appear stating that the Active Directory Schema snap-in in notconnected. Click OK to continue.6. Hover over the Active Directory Schema folder in the folder tree to ensure thenew Windows Server 2012 computer is shown.7. Now right click Active Directory Schema and select Operations Master... inthe sub menu.
PREPARED BY RAVI KUMAR LANKE Page 78. In the Change Schema Master window, click Change to transfer the schemamaster role to the 2012 Windows Server.9. When asked if you are sure you wish to transfer the schema master role to adifferent computer, clickYes.10. Once the schema master is successfully transferred, click OK to continue.11. Click Close to close the Change Schema Master window.12. In the MMC, click File > Exit.13. When asked to save the console, click No.Once completed, open the Active Directory Users and Computers console to verify thatthe Active Directory database successfully replicated to your new Windows Server 2012computer. Be aware that the database replication may take some time depending onthe number of objects in Active Directory.Removing the 2003 Windows Server from the Global Catalog Server1. Open Active Directory Sites and Services on your new Windows Server 2012computer.2. Expand the Sites folder, then the Default-First-Site-Name folder, thenthe Servers folder.3. Expand both listed servers. One should be your new 2012 Windows Server andone should be you 2003 Windows Server.4. Right click NTDS Settings found under your old 2003 Windows Server.5. In the sub menu, select Properties.6. Under the General Tab, unselect Global Catalog andthen click the Apply button.7. Click OK to continue.8. Close the Active Directory Sites and Services window.9. Verify that your new 2012 Windows Server is running the FSMO role by openingthe command prompt in Administrative view and running the followingcommand: Netdom query fsmo.10. In the Network and Sharing Center, be sure to change the Preferred DNSserver to match the Alternate DNS server, then delete the IP address listed
PREPARED BY RAVI KUMAR LANKE Page 8under the Alternate DNS server should it currently be pointed to the old 2003Windows Server.All thats left is to demote the old 2003 Windows server by first adding the new 2012Windows Server as the Primary DNS, followed by running DCPROMO to demote the old2003 Windows server.