First, the overall steps
1.1, the 2003 domain control for the architecture expansion, so that 2008 domain control can be added to the original 2003 domain control of the forest.
1.2. Install the 2008 operating system, join the domain, and then upgrade the 2008 to domain control and join the 2003 domains in the existing forest.
1.3, a series of operations on the new 2008 domain, the transfer of various roles to 2008 domain control.
1.4, the original 2003 domain control to downgrade.
2003 domain controlled by: DC01.dc.local
2008 Domain controlled by: DC02.dc.local
Second, detailed steps
2.1. Upgrade existing 2003 "Domain functional Level" and "forest functional level".
2003 domain Control Select "Administrative Tools"--"Active directory Domains and Trust relationships", right-click the current domain name, select Upgrade domain functional level, select one of the available domain functional levels, select Windows Server 2003, point elevation.
Right-click Active directory Domains and trust relationships, select raise forest Functional level, select Windows Server 2003, point elevation.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/73/C6/wKiom1YGs3vDV7cGAAEVtalgv34655.jpg "style=" float: none; "title=" Qq20150926230035.png "alt=" Wkiom1ygs3vdv7cgaaevtalgv34655.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/73/C3/wKioL1YGs4GDBcuRAAEdKd5fIXo069.jpg "style=" float: none; "title=" 2.png "alt=" Wkiol1ygs4gdbcuraaedkd5fixo069.jpg "/>
2.2. Domain schema Extension
2003 domain control, put the 2008 installation CD into the 2003 machine, open the X:\support\adprep directory in the CD-ROM directory (2008 without R2 version directory is x:\source\adprep), run the following command in turn:
Adprep/forestprep
Adprep/domainprep
Adprep/domainprep/gpprep
Adprep/rodcprep
(64 bit 2003 runs the adprep command directly, if it is a 32-bit system, run the Adprep32.exe command)
2.3, add 2008 system to 2003 domain , add the role, add the system as a domain control role, select existing forest in the configuration step, create a new domain in an existing forest, and then go all the way next until the installation is complete and the 2008 system is restarted.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/73/C6/wKiom1YGtX3B1MorAAEveavK5MQ837.jpg "title=" 3.png " alt= "Wkiom1ygtx3b1moraaeveavk5mq837.jpg"/>
2.4. Next FSMO role transfer , the following roles need to be transferred to the new 2008 domain host (all of these roles were previously 2003 domain-controlled)
1. Change the domain controller
2. Changing the schema Master
3. Change RID
4. Change the PDC
5. Change the infrastructure host
6. Change the domain naming operations master
7. Remove the original 2003 domain-controlled GC global Catalog role
Detailed steps (The following steps are all operated on a domain-controlled dc02 of 2008):
2008 Run the Regsvr32 schmmgmt.dll command on the domain control, and then run MMC to open the console and add the Active directory schema unit.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/73/C3/wKioL1YGttzRsHq7AAHoHz0ejPA619.jpg "title=" 1.jpg " alt= "Wkiol1ygttzrshq7aahohz0ejpa619.jpg"/>
Select Connect to Schema operations master
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/73/C3/wKioL1YGty_QOYlqAAF8AkQADW8256.jpg "title=" 1.png " alt= "Wkiol1ygty_qoylqaaf8akqadw8256.jpg"/>
Then select Change Active directory domain controller, and select the domain controller DC02.dc.local (2008) that you want to change.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/73/C6/wKiom1YGt6rymBw5AAI9WIdjuXQ442.jpg "title=" 2.png " alt= "Wkiom1ygt6rymbw5aai9widjuxq442.jpg"/>
Change the controller after the operation of the host, the same right-click after the selection of "Operation Master", the operation of the host to the DC02.dc.local (2008) domain controller.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/73/C6/wKiom1YGuBriv09ZAAGAPAgxnys431.jpg "title=" 3.png " alt= "Wkiom1ygubriv09zaagapagxnys431.jpg"/>
Next open the active Directory users and computers in the administrative Tools, right-click the current domain dc.local Select All Tasks-operations master-transfer RID, PDC, and infrastructure in turn.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/73/C3/wKioL1YGuXGwttK4AAJWnH7GvDk644.jpg "style=" float: none; "title=" 4.png "alt=" Wkiol1yguxgwttk4aajwnh7gvdk644.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/73/C3/wKioL1YGuXGAR4y5AAEKWYTXmmI840.jpg "style=" float: none; "title=" 5.png "alt=" Wkiol1yguxgar4y5aaekwytxmmi840.jpg "/>
Finally, to transfer the naming master, open Active directory Domains and trust relationships in the administrative tools, right-click the root directory name, select operations master, and complete the changes.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/73/C3/wKioL1YGun-RFdC3AAEmc_4IyRA586.jpg "style=" float: none; "title=" 6.png "alt=" Wkiol1ygun-rfdc3aaemc_4iyra586.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/73/C6/wKiom1YGunmQ3cvfAADVLTSN1sM839.jpg "style=" float: none; "title=" 7.png "alt=" Wkiom1ygunmq3cvfaadvltsn1sm839.jpg "/>
Finally, remove the original 2003 domain-controlled GC role, open "Active directory Sites and Services ", open "site"--"default-first-site-name"--"Servers"--"DC01"- -"NTDS Setting", right-click on "NTDs Setting", remove the tick on the global catalog so that the 2003 domain-controlled GC is canceled, preserving only the global catalog functionality of the DC02 (2008 domain-controlled).
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/73/C6/wKiom1YGu6jwlPgpAAINQ2VvRFM048.jpg "title=" 8.png " alt= "Wkiom1ygu6jwlpgpaainq2vvrfm048.jpg"/>
When all is done, use the NETDOM query FSMO command to check that all roles have become dc02.dc.local
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/73/C3/wKioL1YGvG7gW92rAAELLmSoL4Y475.jpg "title=" 9.png " alt= "Wkiol1ygvg7gw92raaellmsol4y475.jpg"/>
2.5, the above graphical environment of the operation, you can also use the command line to complete, when the graphical interface operation error, may be able to use the command line to successfully complete.
To run the Ntdsutil tool, first connect the DC02.dc.local domain control
Enter the ntdsutil command and press the prompt to enter the following command.
Ntdsutil:roles
FSMO maintenance: connections
Server connections: connect to Domain dc.local
Server connections: connect to server dc02.dc.local
Server connections: quit
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/73/C6/wKiom1YGveej6sVlAAEalYdy9EE950.jpg "title=" 10.png "alt=" Wkiom1ygveej6svlaaealydy9ee950.jpg "/>
Then, in "FSMO maintenance:", enter the following command to press ENTER
Input: Transfer infrastructure master (Transfer infrastructure master role)
Input: Transfer naming master (transfer named master role)
Input: Transfer PDC (transfer PDC)
Input: Transfer RID master (transfer rid)
Input: Transfer schema Master (transfer schema master role)
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/73/C6/wKiom1YGv7ODeljLAAHvK_bgqv4971.jpg "style=" float: none; "title=" 1.png "alt=" Wkiom1ygv7odeljlaahvk_bgqv4971.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/73/C3/wKioL1YGv7mwYeTrAANU2bVp4Ks758.jpg "style=" float: none; "title=" 2.png "alt=" Wkiol1ygv7mwyetraanu2bvp4ks758.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/73/C3/wKioL1YGv7nCaqURAAQ8sq51T6o327.jpg "style=" float: none; "title=" 3.png "alt=" Wkiol1ygv7ncaquraaq8sq51t6o327.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/73/C6/wKiom1YGv7TQZz07AAPznba5evA170.jpg "style=" float: none; "title=" 4.png "alt=" Wkiom1ygv7tqzz07aapznba5eva170.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/73/C6/wKiom1YGv7SgyJEPAARXgyPc6BA636.jpg "style=" float: none; "title=" 5.png "alt=" Wkiom1ygv7sgyjepaarxgypc6ba636.jpg "/>
Finally, the previous 2003 domain control is degraded, in fact, from the domain environment to remove this domain control.
The method is to run the inside input dcpromo, remember "This server is the last domain controller in the domain" This tick does not tick, the other has been the next step, halfway to the server to set a new administrator password, the last step may be prompted to time out what, okay, Re-follow this step again, try a few times will definitely be able to downgrade, I test the time to try 3 times to succeed, the downgrade succeeded, in the DC02 inside refresh, you can see the original domain controller DC01 disappeared.
This article is from "I'm Still alive" blog, please be sure to keep this source http://hujizhou.blog.51cto.com/514907/1698499
2003 domain control upgrade to 2008 domain control step.