Win 2003 AD domain upgrade to win 2012

There are two main reasons for upgrading:

1. Windows Server 2003 will expire on the July 14, 2015 life cycle, and Microsoft will no longer be able to provide services, for some of the key business, without Microsoft services, always can not be forgiven.

2. According to Microsoft, the new version of Windows Server 2012 is too powerful to be your loss. I am here, no longer advertising, interested, a search a lot.

Well, anyway, at this critical moment, it's not going to rise. If the key service is really out of the question, the relevant staff really magnanimous. This article will look at AD DS to see how to upgrade. For AD DS upgrade, Microsoft recommends using Windows Server 2008 as the transition, as shown in:

650) this.width=650; "title=" Image_thumb1 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" Image_ THUMB1 "src=" http://s3.51cto.com/wyfs02/M02/58/0E/wKioL1So2TrRSLTuAAHu0YwxpO0562.jpg "height=" 340 "/>

There are also friends on the web saying that you do not need to use Windows Server 2008 as a mediator, and you can upgrade directly or successfully. I personally think that the need to do not need Windows Server 2008 mediation, mainly depends on whether to use a read-only domain controller in the subsequent environment, if not required, then directly upgrade Windows 2012, there is no problem, if necessary, then need to use Win2008 transition. Another point, because the Preparation tool adprep.exe in Windows Server 2012 only supports 64 systems, but if the source DC is a 32-bit system, there is no way to complete it, so you will use Windows Server 2008 to relay. However, as long as the Windows Server 2008 CD is placed on the source DC, it can be executed directly, that is, only with 32-bit adprep.exe of Windows Server 2008:

Get ready:

1. To prevent accidental occurrences, you must first back up the domain. Remember, there is an accident, no responsibility! In addition, the health of the domain to check, such as Event Viewer, Repadm, Dcdiag and other tools, the problem is not to talk about.

2. The functional level of the existing domain should be upgraded to Windows Server2003, and the forest functional level is upgraded to Windows Server 2003.

650) this.width=650; "title=" Image_thumb13 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" Image_ Thumb13 "src=" http://s3.51cto.com/wyfs02/M02/58/11/wKiom1So2H-hcchyAAHaOmVMBic606.jpg "height=" 305 "/>

We focus on specific migrations, not on preparation.

Method One: Use Win Server 2008 as the mediation server

This test environment uses 3 servers:

Windows Server 2003 192.168.100.10 dns:192.168.100.10 Source DNS/DC

Windows Server 192.168.100.11 dns:192.168.100.10 Mediation Server

Windows Server 192.168.100.12 dns:192.168.100.10 Target DNS/DC

Step 1: Prepare the Windows Server 2003 domain environment

The installation process is no longer detailed here, where I use the domain name is contoso.com, as shown in:

650) this.width=650; "title=" Image_thumb11 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" Image_ Thumb11 "src=" http://s3.51cto.com/wyfs02/M02/58/0E/wKioL1So2Tzz5NLMAAEc4HhSRcg279.jpg "height=" 469 "/>

At the same time, in order to see the effect, I created a few OUs and users, but also modified the Group Policy, after we have migrated to see if these objects and policies are also migrated successfully.

650) this.width=650; "title=" Image_thumb8 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" Image_ Thumb8 "src=" http://s3.51cto.com/wyfs02/M01/58/0E/wKioL1So2ULyvPzqAAJOfDIvnFo177.jpg "height=" "/>"

Step two: AD domain forest preparation, domain preparation, Group Policy preparation, read-only domain control preparation

In a Windows Server 2003 domain, if you want to increase the number of additional domain controllers running the Windows Server R2 operating system, you first need to prepare the current Active Directory. On the source DC server on Windows Server 2003, on the installation CD that is placed on Windows Server R2, there are adprep.exe and Adprep32.exe in the \support\adprep directory of the installation CD. If the current domain controller uses a 32-bit operating system, Adprep32.exe should be used and adprep.exe should be used if the current operating system uses a 64-bit operating system.

Run the following command in turn:

Adprep.exe/forestprep follow the prompts, C and then enter.

Adprep.exe/domainprep

Adprep.exe/domainprep/gpprep

650) this.width=650; "title=" Image_thumb15 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" Image_ Thumb15 "src=" http://s3.51cto.com/wyfs02/M01/58/0F/wKioL1So2UKAwz0IAAHjpD9M4hQ609.jpg "height=" 493 "/>

Adprep.exe/rodcprep

650) this.width=650; "title=" image_thumb[3] "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" Image_ THUMB[3] "src=" http://s3.51cto.com/wyfs02/M02/58/0F/wKioL1So2Ubzi3K1AAGrBLZ4RZ4758.jpg "height=" 397 "/>

If you see the hint in this step because Adprep detected that domain was not in native mode, the domain and forest functional levels are not elevated.

If you then promote Windows Server2012 to additional domain control directly, the following error is reported:

650) this.width=650; "title=" image_thumb[5] "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" Image_ THUMB[5] "src=" http://s3.51cto.com/wyfs02/M00/58/0F/wKioL1So2UjAq2qGAAIcLTi1poY626.jpg "height=" 556 "/>

Therefore, we need to mediate through Windows Server 2008 first.

Step three: Upgrade to Windows Server first, which is to find a machine to install Windows Server 2008, promoted to additional domain control, as shown in:

Install AD Domain Services, and then run the command Dcpromo, which is promoted to an additional domain controller:

650) this.width=650; "title=" image_thumb[11] "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" Image_ THUMB[11] "src=" http://s3.51cto.com/wyfs02/M00/58/12/wKiom1So2I2gkSj1AAGl4nElb58533.jpg "height=" "/>"

After this step is complete, you can check the replication status between DCs, and you must synchronize before you can do the following.

Step four: Upgrade Windows Server 2012 to an additional domain control

First, install the AD DS components, such as:

650) this.width=650; "title=" Image_thumb17 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" Image_ Thumb17 "src=" http://s3.51cto.com/wyfs02/M02/58/0F/wKioL1So2UqzspWUAAGSF11-86A692.jpg "height=" "/>"

Then, promote to an additional domain control:

650) this.width=650; "title=" Image_thumb19 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" Image_ Thumb19 "src=" http://s3.51cto.com/wyfs02/M00/58/0F/wKioL1So2UvzQARpAAHipBEITjQ776.jpg "height=" 542 "/>

The following operation is no suspense, step by step follow the prompts to install it until the deployment is successful, automatic restart. After successful startup, check the DNS records (A, SRV), inter-DC replication, etc. to manually move the FSMO role to the new domain controller, of course, for the sake of simplicity, you can also directly transfer the old domain to the domain, in the process of unloading the domain will automatically complete the transition of the FSMO, but I prefer to manually transfer; , is the user and policy in front of us also synchronized:

650) this.width=650; "title=" Image_thumb21 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" Image_ Thumb21 "src=" http://s3.51cto.com/wyfs02/M01/58/12/wKiom1So2JPCzixXAAQDXODL3h0886.jpg "height=" 537 "/>

Of course, don't forget to check for inter-DC synchronization.

Step five: Old DC down-domain, back-domain, shutdown

Adjust DNS, remove Windows Server 2003 and Windows Server 2008 version of domain control, uninstall, and exit the domain, as a general example, no longer

650) this.width=650; "title=" Image42_thumb "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" image42_ Thumb "src=" http://s3.51cto.com/wyfs02/M00/58/0F/wKioL1So2VGQbH5GAADgi_i6Ajc690.jpg "height=" 352 "/>650) this.width=650, "title=" image_thumb[14] "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" Image_ THUMB[14] "src=" http://s3.51cto.com/wyfs02/M01/58/0F/wKioL1So2VSislt9AAEO95VHmhg274.jpg "height="/>

Then, quit the domain and join the workgroup. Other computers do the same, while tuning DNS to remove unwanted NS, SOA, A records.

Finally, as needed, the overall infrastructure compatibility is generally considered, and the computer name of the new DC can be modified to the computer name of the old DC. To run three commands on a new DC:

netdom computername The new DC host name/add the old DC hostname. Domain Name

netdom computername The new DC host name/makeprimary the old DC hostname. Domain Name

At this point, a reboot is required, and after the successful start, the last command:

netdom computername The old DC host name/remove the new DC hostname. Domain Name

This article is from the "Duffy" blog, make sure to keep this source http://dufei.blog.51cto.com/382644/1598961

Win 2003 AD domain upgrade to win 2012