Updating Windows Domain Controllers from Server 2003 to 2019
Windows Server 2008 and older have reached 'End of Support' by Microsoft.
For security reasons, it's a great idea to upgrade your servers and applications running on older versions of Windows Server.
This article covers important information regarding the process of upgrading your Domain Controllers from Server 2000 or 2003 to 2012 and newer. Each environment is different, but let this be a general guide for your task.
During this process, we are upgrading the Windows Server OS and Domain and Forest Functional Level.
In older Windows Server versions, like 2000 and 2003, the Domain Controllers used FRS for SYSVOL replication. In later versions, like 2008 and newer, DFS replication is used. FRS is supported up to Server 2016, but now is a good time to migrate to DFS replication.
It is IMPORTANT to prepare your environment in a multi-step process before proceeding directly to your desired Domain and Forest Functional Level.
Warning: AFTER RAISING THE FOREST AND DOMAIN FUNCTIONAL LEVEL TO 2008 OR NEWER THERE CAN NEVER BE A DC RUNNING 2003 OR OLDER AGAIN - YOU CAN NOT GO BACK! (unless of course you took good backups)
Required:
You need Domain or Enterprise Admin privileges in order to perform this upgrade
Full backups or at least VM snapshots (if applicable) are required
Recommended:
You will need an additional server or VM to be used as the new Primary Domain Controller during migration (See Planning Step 1) - optional but risky if this step is not used
Study information about decommissioning a Server 2003 Domain Controller
Planning:
(important) Prepare a new server to act as the new Primary Domain Controller
Research Forest and Domain Functional Levels to help you decide which version of Windows Server you will use for your new Primary Domain Controller
I used Windows Server 2016 as it's the latest that supports FRS Replication for SYSVOL.
Guide to Installing Active Directory Domain Services Using Server Manager
If using Windows Server 2008 - Update robocopy to version 5.1.0
(important) Setup New Primary Domain Controller
Review any additional Roles and Features that are installed on your current Primary Domain Controller and transfer them to the new one you created or document all the information and re-install discovered Roles and Features after the upgrade
Check for additional services that might be installed on the current Primary Domain Controller and migrate those to the new one (GADS, Printer Server, Scheduled Tasks, etc.)
Document, Export, Store any issued certificates that will need to be migrated to your new Domain Controller
(important) Check for and resolve any current Domain Controller health issues
Upgrade Steps:
Make full backups of the current Primary Domain Controller and the new one that was created
Transfer FSMO roles to the newly created Domain Controller Making it the Primary or Master Domain Controller
Use this guide or the PowerShell command below:
$Server = Get-ADDomainController -Identity "Insert NEW Primary Domain Controller Host Name Here In Quotes" Move-ADDirectoryServerOperationMasterRole -Identity $Server -OperationMasterRole SchemaMaster,DomainNamingMaster,PDCEmulator,RIDMaster,InfrastructureMaster
Shutdown the old Domain Controller and test all AD functions are working properly on the new Domain Controller
Proceed if testing was successful, by decommissioning the old Domain Controller
Raise the Forest and Domain Functional Level to 2012 on the new Domain Controller
Once SYSVOL migration has completed, this can take a log time depending on the environment, you can now raise the Forest and Domain Functional Level to your desired level
If you would like to upgrade your Domain Controller to a newer version than Windows Server 2016 you can follow the Planning Steps 1,2, and 3 and Upgrade Steps 1, 2, 3, and 4 or by using this guide
ความคิดเห็น