2003 domain control upgrade to 2008 domain control step.

Last Update:2015-09-27 Source: Internet

Author: User

Tags administrator password to domain

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

First, the overall steps

1.1, the 2003 domain control for the architecture expansion, so that 2008 domain control can be added to the original 2003 domain control of the forest.

1.2. Install the 2008 operating system, join the domain, and then upgrade the 2008 to domain control and join the 2003 domains in the existing forest.

1.3, a series of operations on the new 2008 domain, the transfer of various roles to 2008 domain control.

1.4, the original 2003 domain control to downgrade.

2003 domain controlled by: DC01.dc.local

2008 Domain controlled by: DC02.dc.local

Second, detailed steps

2.1. Upgrade existing 2003 "Domain functional Level" and "forest functional level".

2003 domain Control Select "Administrative Tools"--"Active directory Domains and Trust relationships", right-click the current domain name, select Upgrade domain functional level, select one of the available domain functional levels, select Windows Server 2003, point elevation.

Right-click Active directory Domains and trust relationships, select raise forest Functional level, select Windows Server 2003, point elevation.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/73/C6/wKiom1YGs3vDV7cGAAEVtalgv34655.jpg "style=" float: none; "title=" Qq20150926230035.png "alt=" Wkiom1ygs3vdv7cgaaevtalgv34655.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/73/C3/wKioL1YGs4GDBcuRAAEdKd5fIXo069.jpg "style=" float: none; "title=" 2.png "alt=" Wkiol1ygs4gdbcuraaedkd5fixo069.jpg "/>

2.2. Domain schema Extension

2003 domain control, put the 2008 installation CD into the 2003 machine, open the X:\support\adprep directory in the CD-ROM directory (2008 without R2 version directory is x:\source\adprep), run the following command in turn:

Adprep/forestprep

Adprep/domainprep

Adprep/domainprep/gpprep

Adprep/rodcprep

(64 bit 2003 runs the adprep command directly, if it is a 32-bit system, run the Adprep32.exe command)

2.3, add 2008 system to 2003 domain , add the role, add the system as a domain control role, select existing forest in the configuration step, create a new domain in an existing forest, and then go all the way next until the installation is complete and the 2008 system is restarted.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/73/C6/wKiom1YGtX3B1MorAAEveavK5MQ837.jpg "title=" 3.png " alt= "Wkiom1ygtx3b1moraaeveavk5mq837.jpg"/>

2.4. Next FSMO role transfer , the following roles need to be transferred to the new 2008 domain host (all of these roles were previously 2003 domain-controlled)

1. Change the domain controller

2. Changing the schema Master

3. Change RID

4. Change the PDC

5. Change the infrastructure host

6. Change the domain naming operations master

7. Remove the original 2003 domain-controlled GC global Catalog role

Detailed steps (The following steps are all operated on a domain-controlled dc02 of 2008):

2008 Run the Regsvr32 schmmgmt.dll command on the domain control, and then run MMC to open the console and add the Active directory schema unit.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/73/C3/wKioL1YGttzRsHq7AAHoHz0ejPA619.jpg "title=" 1.jpg " alt= "Wkiol1ygttzrshq7aahohz0ejpa619.jpg"/>

Select Connect to Schema operations master

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/73/C3/wKioL1YGty_QOYlqAAF8AkQADW8256.jpg "title=" 1.png " alt= "Wkiol1ygty_qoylqaaf8akqadw8256.jpg"/>

Then select Change Active directory domain controller, and select the domain controller DC02.dc.local (2008) that you want to change.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/73/C6/wKiom1YGt6rymBw5AAI9WIdjuXQ442.jpg "title=" 2.png " alt= "Wkiom1ygt6rymbw5aai9widjuxq442.jpg"/>

Change the controller after the operation of the host, the same right-click after the selection of "Operation Master", the operation of the host to the DC02.dc.local (2008) domain controller.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/73/C6/wKiom1YGuBriv09ZAAGAPAgxnys431.jpg "title=" 3.png " alt= "Wkiom1ygubriv09zaagapagxnys431.jpg"/>

Next open the active Directory users and computers in the administrative Tools, right-click the current domain dc.local Select All Tasks-operations master-transfer RID, PDC, and infrastructure in turn.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/73/C3/wKioL1YGuXGwttK4AAJWnH7GvDk644.jpg "style=" float: none; "title=" 4.png "alt=" Wkiol1yguxgwttk4aajwnh7gvdk644.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/73/C3/wKioL1YGuXGAR4y5AAEKWYTXmmI840.jpg "style=" float: none; "title=" 5.png "alt=" Wkiol1yguxgar4y5aaekwytxmmi840.jpg "/>

Finally, to transfer the naming master, open Active directory Domains and trust relationships in the administrative tools, right-click the root directory name, select operations master, and complete the changes.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/73/C3/wKioL1YGun-RFdC3AAEmc_4IyRA586.jpg "style=" float: none; "title=" 6.png "alt=" Wkiol1ygun-rfdc3aaemc_4iyra586.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/73/C6/wKiom1YGunmQ3cvfAADVLTSN1sM839.jpg "style=" float: none; "title=" 7.png "alt=" Wkiom1ygunmq3cvfaadvltsn1sm839.jpg "/>

Finally, remove the original 2003 domain-controlled GC role, open "Active directory Sites and Services ", open "site"--"default-first-site-name"--"Servers"--"DC01"- -"NTDS Setting", right-click on "NTDs Setting", remove the tick on the global catalog so that the 2003 domain-controlled GC is canceled, preserving only the global catalog functionality of the DC02 (2008 domain-controlled).

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/73/C6/wKiom1YGu6jwlPgpAAINQ2VvRFM048.jpg "title=" 8.png " alt= "Wkiom1ygu6jwlpgpaainq2vvrfm048.jpg"/>

When all is done, use the NETDOM query FSMO command to check that all roles have become dc02.dc.local

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/73/C3/wKioL1YGvG7gW92rAAELLmSoL4Y475.jpg "title=" 9.png " alt= "Wkiol1ygvg7gw92raaellmsol4y475.jpg"/>

2.5, the above graphical environment of the operation, you can also use the command line to complete, when the graphical interface operation error, may be able to use the command line to successfully complete.

To run the Ntdsutil tool, first connect the DC02.dc.local domain control

Enter the ntdsutil command and press the prompt to enter the following command.

Ntdsutil:roles

FSMO maintenance: connections

Server connections: connect to Domain dc.local

Server connections: connect to server dc02.dc.local

Server connections: quit

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/73/C6/wKiom1YGveej6sVlAAEalYdy9EE950.jpg "title=" 10.png "alt=" Wkiom1ygveej6svlaaealydy9ee950.jpg "/>

Then, in "FSMO maintenance:", enter the following command to press ENTER

Input: Transfer infrastructure master (Transfer infrastructure master role)

Input: Transfer naming master (transfer named master role)

Input: Transfer PDC (transfer PDC)

Input: Transfer RID master (transfer rid)

Input: Transfer schema Master (transfer schema master role)

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/73/C6/wKiom1YGv7ODeljLAAHvK_bgqv4971.jpg "style=" float: none; "title=" 1.png "alt=" Wkiom1ygv7odeljlaahvk_bgqv4971.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/73/C3/wKioL1YGv7mwYeTrAANU2bVp4Ks758.jpg "style=" float: none; "title=" 2.png "alt=" Wkiol1ygv7mwyetraanu2bvp4ks758.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/73/C3/wKioL1YGv7nCaqURAAQ8sq51T6o327.jpg "style=" float: none; "title=" 3.png "alt=" Wkiol1ygv7ncaquraaq8sq51t6o327.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/73/C6/wKiom1YGv7TQZz07AAPznba5evA170.jpg "style=" float: none; "title=" 4.png "alt=" Wkiom1ygv7tqzz07aapznba5eva170.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/73/C6/wKiom1YGv7SgyJEPAARXgyPc6BA636.jpg "style=" float: none; "title=" 5.png "alt=" Wkiom1ygv7sgyjepaarxgypc6ba636.jpg "/>

Finally, the previous 2003 domain control is degraded, in fact, from the domain environment to remove this domain control.

The method is to run the inside input dcpromo, remember "This server is the last domain controller in the domain" This tick does not tick, the other has been the next step, halfway to the server to set a new administrator password, the last step may be prompted to time out what, okay, Re-follow this step again, try a few times will definitely be able to downgrade, I test the time to try 3 times to succeed, the downgrade succeeded, in the DC02 inside refresh, you can see the original domain controller DC01 disappeared.

This article is from "I'm Still alive" blog, please be sure to keep this source http://hujizhou.blog.51cto.com/514907/1698499

2003 domain control upgrade to 2008 domain control step.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More