Transitioning AD to Windows Server 2008 R2

Transitioning your Active Directory to Windows Server 2008 R2

Transitioning AD to Windows Server 2008 R2 

Introduction 

Active Directory (AD), a service provided by Microsoft, functions as a central database for securely storing and managing information about user accounts, user groups, applications, and other critical resources. It primarily functions as a directory service for Windows domain networks.
 
Windows Server 2008 R2 is the successor to Windows Server 2008 and was launched in 2009. In comparison to the previous versions, Windows Server 2008 R2 has multiple improved features for AD, such as enabling restarting AD without affecting the domain controllers (DCs), a new Find command to easily locate the domain controllers, and the new AD Web Services. 

Prerequisites 

  1. The existing Windows domain controller must be Windows Server 2003 or higher.
  2. The domain functional level and forest functional levels must be Windows Server 2003 or higher. 

Raising the domain functional level 

Proceed with the following steps to raise the domain functional level before the transition process.
  1. Select Start and choose Administrative Tools. 
  2. Select Active Directory User and Computers. 
  3. Right-click on the domain name and select the Raise domain functional level option. 
  4. Choose Window Server 2003 from the listed options. 
  5. Select the Raise button. 
  6. Click OK when the warning message stating that the changes are irreversible is displayed on the screen. 
  7. A final confirmation message mentioning that the domain functional level was raised successfully will be displayed on the screen. Select OK. 

Raising the forest functional level 

After raising the domain functional level, proceed with the following steps to raise the forest functional level before the transition process. 
  1. Select Start and choose Administrative Tools. 
  2. Select Active Directory Domains and Trusts. 
  3. Right-click on the Active Directory Domains and Trusts tab and select the Raise forest functional level option. 
  4. Choose Window Server 2003 from the listed options. 
  5. Select the Raise button. 
  6. Click on OK when the warning message stating that the changes are irreversible is displayed on the screen. 
  7. A final confirmation message mentioning that the forest functional level was raised successfully will be displayed on the screen. Select OK. 

Preparing the AD environment in Windows Server 2003 

The forests and domains of the existing AD environment must be prepared properly before introducing a Windows Server 2008 DC into the Windows Server 2003 domain. To enable this preparation, two different tools are provided by Microsoft. adprep.exe must be used for a 64-bit DC and adprep32.exe must be used for a 32-bit DC.
 
Follow these steps to prep the AD environment: 
  1. Click on Start and select Run. 
  2. Enter cmd to open the command prompt. 
  3. Run the following command for the forest preparation process. 
  4. D:\support\adprep\adprep /forestprep 
  5. Click the Enter button. 
Once the command process is completed and "Adprep successfully updated the forest-wide information" message is displayed, proceed to the domain preparation. 
  1. Click on Start and select Run. 
  2. Enter cmd to open the command prompt. 
  3. Run the following command for the forest preparation process. 
  4. D:\support\adprep\adprep /domainprep
  5. Click the Enter button. 
Once the command process is completed and "Adprep successfully updated the domain-wide information" message is displayed, the preparation process is done. 

Setting up an additional DC with Windows Server 2008 R2 as a global catalog

Follow these steps to install an additional domain controller as a global catalog in the existing Windows Server 2008 R2 domain.
 
  1. Click on Start and select Run. 
  2. Enter dcpromo and run the command. 
  3. This command checks if the Active Directory Domain Services binaries are installed and if required, it begins installing them. 
  4. Select Next when prompted at the next page. 
  5. The Operating System Compatibility page will be displayed. Click on Next. 
  6. The Choose a Deployment Configuration page will be displayed next. Select Existing Forest, choose Add a domain controller to an existing domain option, and click on Next. 
  7. The Network Credentials page will be displayed. Select Next. 
  8. The Select a Domain page will be displayed. Choose the required domain and click on Next. 
  9. The Select A Site page will be displayed. Choose the site where the domain controller must be located. 
  10. The Additional Domain Controller Options page will be opened. Click on Next since the DNS Server and Global Catalog will be checked by default. 
  11. A warning message will be displayed. Select Yes to continue the process. 
  12. The Location for Database, Log Files, and SYSVOL page will be displayed next. The default settings will be selected already. Select Next. 
  13. The Directory Services Restore Mode Administrator Password page will be displayed next. Enter and confirm the password and click on Next. 
  14. The Summary page will display. Confirm the selections made and then select Next. The installation process will begin. 
  15. Once the installation is complete, select the Restart now option to restart the server and apply the changes.

Transferring the Operations Master roles to Windows Server 2008 R2

There are five Flexible Single Master Operation (FSMO) roles: 
  1. Domain naming master
  2. Infrastructure master
  3. Primary domain controller (PDC) emulator
  4. Relative ID master (RID)
  5. Schema master 
These FSMO roles can be transferred using three Microsoft Management Console (MMC) snap-ins: 
  1. Active Directory Domains and Trusts: This will enable the transfer of the Domain Naming Master role. 
  2. Active Directory Schema: This will enable the transfer of the Schema Master role. 
  3. Active Directory Users and Computers: This will enable the transfer of the Infrastructure Master, RID Master, and PDC Emulator roles. 

1. Transferring the schema master role 

  1. Click on Start and select Run. 
  2. Enter reg schmmgmt.dll and click on OK. 
  3. A popup message will be displayed. This confirms the successful registration of schmmgmt.dll. Select OK. 
  4. Click on Start and select Run. 
  5. Enter mmc and select OK.
  6. Select File and choose the Add/Remove Snap-in... option.
  7. From the left pane, click on Available Snap-ins. Select Active Directory Schema from the listed options, select Add, and click on OK.
  8. Right-click on the Active Directory Schema tab.
  9. Select the Change Active Directory Domain Controller... option.
  10. Select the domain controller that must be mandated with the schema master role and select OK.
  11. A pop-up message will be displayed next. Select OK.
  12. Right-click on the Active Directory Schema... and select the Operations Master... option.
  13. The Change Schema Master page will be displayed. Both the current schema master role holder and the targeted schema holder will be displayed. Verify the displayed details.
  14. Select Change and choose Yes to proceed with the role transfer.
  15. A confirmation message will be displayed. Select OK. 
The schema master role transfer process is completed. 

2. Transferring the domain naming master role 

  1. Select Start and click on Administrative Tools.  
  2. Select Active Directory Domains and Trusts. 
  3. Right-click on Active Directory Domains and Trusts. From the listed options, choose Change Active Directory Domain Controller... 
  4. Select the domain controller that must be mandated with the domain naming master role and select OK. 
  5. Right-click on the Active Directory Domains and Trusts and choose the Operations Master... option. 
  6. The role changes must be made on the Operations Master page that is displayed next. 
  7. Click on Change. 
  8. A confirmation message will be displayed. Select OK. 
The domain naming master role transfer process is completed. 

3. Transferring the Infrastructure master, RID master, and PDC emulator roles

  1. Select Start and click on Administrative Tools. 
  2. Select Active Directory Users and Computers. 
  3. Right-click on Active Directory Users and Computers and select the Operations Master... option. 
  4. Three tabs will be displayed each representing the three FSMO roles, namely, Infrastructure, RID, and PDC. Select Change under all the tabs to initiate the transfer of the roles. 
  5. Select Yes to confirm the role transfer. 
  6. A confirmation message will be displayed. Select OK. 
The FSMO roles are now successfully transferred to the Windows Server 2008 Domain Controller. 

Demoting the DCs from Windows Server 2003 

  1. Click on Start and select Run. 
  2. Enter dcpromo and run the command. 
  3. The Welcome to the Active Directory Installation Wizard page will be displayed. Select Next. 
  4. The Active Directory Installation Wizard dialog box will be displayed. Select OK. 
  5. The Remove Active Directory page will be displayed. Uncheck the "This server is the last domain controller in the domain" option and select Next. 
  6. The Administrator Password page will be displayed where the Administrator password must be entered. Choose Next. 
  7. The Summary page will be displayed. Select Next. 
  8. Once the process is completed, select Finish. 
The Active Directory Installation Wizard dialog box will be displayed. Select the Restart now option and the server will be restarted to apply the changes.

    • Related Articles

    • Adding a Windows Server 2012 R2 Domain Controller to a New Forest

      It doesn't come as a surprise that most IT teams are still running domain controllers (DC) on Windows Server 2008 and Windows Server 2008 R2. It is reliable and secure when it comes to Active Directory Domain Services (AD DS). However, a certain wave ...

    • Comparison of Active Directory and Windows NT

      It is at this juncture (when centralized computing and resource management was a demand that grew imperative every day) that Microsoft came up with Windows NT, which simplified and enhanced the domain-centric approach to resource management in its ...

    • Quickly Check Windows Server Uptime

      A system is only useful as long as it is up and running. Server administrators use a utility called "Windows Uptime" as a measurement to troubleshoot day-to-day issues that can arise in the Windows environment. A computer with a high downtime has ...

    • How to Transfer FSMO Roles on Server 2019 using PowerShell

      Transferring FSMO Roles in Active Directory In Active Directory, the Single Master model is modified to split the responsibilities of the single master into multiple roles. These roles are called the Flexible Single Master Operation (FSMO) roles and ...

    • How to check Active Directory Replication - Explained

      How to Check Active Directory Replication Active Directory replication is a feature that allows the Domain Controllers to share and update the directory data across the forest. This ensures that any change made on a domain controller is propagated to ...