1. Verify the new server's TCP/IP configuration has been pointed to the current DNS server. 2. Make the new server become a member server of the current Windows Server 2003 domain. 3. Upgrade the Windows Server 2003 forest schema to Windows Server 2008 schema with the “adprep /forestprep” command on old server. 4. Upgrade the Windows 2003 domain schema with the “adprep /domainprep” command on old server. 7. Run “dcpromo” on new server to promote it as an additional domain controller in existing Windows 2003 domain, afterwards you may verify the installation of Active Directory. 8. Enable Global Catalog on new server and manually Check Replication Topology and afterwards manually trigger replication (Replicate Now) to synchronize Active Directory database between 2 replicas. 9. Disable Global Catalog on the old DC. 10. Transfer all the FSMO roles from the old DC to the new DC. 11. Verify that the old DNS Server Zone type is Active Directory-Integrated. 12. Install DNS component on new server and configure it as a new DNS Server (Active Directory Integrated-Zone is preferred). All the DNS configuration should be replicated to the new DNS server with Active Directory Replication.
Note:It is a good practice to take the old DC offline for several days and check whether everything works normally with the new server online. If so, you may let the old DC online and run DCPROMO to demote it.
13. Run dcpromo on the old server to demote and remove.
Run dcdiag
and netdiag
from the command prompt on the old machine to check for errors. If you have some, solve them first. For these tools you have to install the support\tools\suptools.msi from the 2003 installation disk.
Add the new 2008 R2 server to the domain as a member server.
Prepare the current Active Directory forest to accept a Server 2008 R2 DC. You do this by running
Adprep.exe /forestPrep (Adprep32.exe /forestPrep on x86 server)
on the current DC. Adprep is found on the Server 2008 R2 installation DVD in the Support\adprep folder. Some Antivirus software can sometimes interfere with this command. You may want to temporarily disable the antivirus service from running on the Schema Master until the process has been completed.
http://technet.microsoft.com/en-us/library/cc731728%28WS.10%29.aspx
The next step is to run Adprep.exe in each domain, while logged on to the domain controller holding the Operations Master FSMO role. This command is only run on that server. You do not run this command on each domain controller. You must be logged into that server as a Domain Admin. One of these two commands should be run.
Adprep.exe /domainPrep Adprep.exe /domainPrep /gpPrep
If you already ran the /gpPrep parameter for Windows Server 2003, you do not need to run it again for Windows Server 2008 or Windows Server 2008 R2. This command adds only the inheritable access control entries (ACEs) on Group Policy objects (GPOs) in the SYSVOL shared folder. The additional ACEs give enterprise domain controllers read access permissions on GPOs. These permissions are required to support Resultant Set of Policy (RSOP) functionality for site-based policy.
Insert Windows Server 2008 Installation Disc in the new server. Run “dcpromo” (drive:\support\adprep\) on new server to promote it as an additional domain controller in existing Windows 2003 domain, afterwards you may verify the installation of Active Directory.
Enable Global Catalog on new server and manually Check Replication Topology and afterwards manually trigger replication (Replicate Now) to synchronize Active Directory database between 2 replicas.
http://technet.microsoft.com/en-us/library/cc755257.aspx
To add or remove the global catalog
1. Open Active Directory Sites and Services. To open Active Directory Sites and Services, click Start , click Administrative Tools , and then click Active Directory Sites and Services .
To open Active Directory Sites and Services in Windows Server® 2012, click Start , type dssite.msc .
2. In the console tree, click the server object to which you want to add the global catalog or from which you want to remove the global catalog.
Where? Active Directory Sites and Services\Sites\SiteName\Servers
3. In the details pane, right-click NTDS Settings of the selected server object, and then click Properties .
4. Select the Global Catalog check box to add the global catalog, or clear the check box to remove the global catalog.
Check that replication has completed. At a command prompt on the the new DC
nltest /server:<servername> /dsgetdc:<domainname>
Verify that the isGlobalCatalogReady attribute has a value of TRUE.
After replication is completed disable Global Catalog on the old DC.
Transfer FSMO roles from old server to new server.
Verify that the old DNS Server Zone type is Active Directory-Integrated.
http://support.microsoft.com/kb/816101
Install DNS component on new server and configure it as a new DNS Server (Active Directory Integrated-Zone is preferred). All the DNS configuration should be replicated to the new DNS server with Active Directory Replication.
To move a DHCP database and configuration from a server that is running Windows Server 2003 or Windows Server 2008 to another server that is running Windows Server 2008:
1. Log on to the source DHCP server by using an account that is a member of the local Administrators group.
2. Click Start, click Run, type cmd in the Open box, and then click OK.
3. Type netsh dhcp server export C:\dhcp.txt all , and then press ENTER.
Note: You must have local administrator permissions to export the data. Configure the DHCP server service on the server that is running Windows Server 2008
1. Click Start, click Administrative Tools, click Server Manager. If needed acknowledge User Account Control.
2. In Roles Summary click Add Roles, click Next, check DHCP server, and then click Next. Import the DHCP database
1. Log on as a user who is an explicit member of the local Administrators group. A user account in a group that is a member of the local Administrators group will not work. If a local Administrators account does not exist for the domain controller, restart the computer in Directory Services Restore Mode, and use the administrator account to import the database as described later in this section.
2. Copy the exported DHCP database file to the local hard disk of the Windows Server 2008-based computer.
3. Verify that the DHCP service is started on the Windows Server 2008-based computer.
4. Click Start, click Run, type cmd in the Open box, and then click OK.
5. At the command prompt, type netsh dhcp server import c:\dhcpdatabase.txt all , and then press ENTER, where c:\dhcpdatabase.txt is the full path and file name of the database file that you copied to the server.
Note When you try to export a DHCP database from a Windows 2000/2003 domain controller to a Windows Server 2008 member server of the domain, you may receive the following error message:
Error initializing and reading the service configuration - Access Denied
Note You must have local administrator permissions to import the data.
6. To resolve this issue, add the Windows Server 2008 DHCP server computer to the DHCP Admins group at the Enterprise level and redo steps 4 & 5.
7. If the “access is denied” error message occurs after you add the Windows Server 2008 DCHP server computer to the DHCP Admins group at the Enterprise level that is mentioned in step 6, verify that the user account that is currently used to import belongs to the local Administrators group. If the account does not belong to this group, add the account to that group, or log on as a local administrator to complete the import and redo steps 4 & 5. Authorize the DHCP server
1. Click Start, point to All Programs, point to Administrative Tools, and then click DHCP.
Note You must be logged on to the server by using an account that is a member of the Administrators group. In an Active Directory domain, you must be logged on to the server by using an account that is a member of the Enterprise Administrators group.
2. In the console tree of the DHCP snap-in, expand the new DHCP server. If there is a red arrow in the lower-right corner of the server object, the server has not yet been authorized.
3. Right-click the server object, and then click Authorize.
4. After several moments, right-click the server again, and then click Refresh. A green arrow indicates that the DHCP server is authorized.
http://technet.microsoft.com/en-us/library/cc740017(v=ws.10).aspx
To demote a domain controller On a domain controller, click Start, and then click Run.
In Open, type dcpromo to open the Active Directory Installation Wizard, and then click Next.
On the Remove Active Directory page, click Next, and then continue to follow the wizard.
http://technet.microsoft.com/en-us/library/cc794931(v=ws.10).aspx
Applies To: Windows Server 2008, Windows Server 2008 R2 If you move a domain controller to a different site, you must change the IP address of the domain controller to an IP address that maps to a subnet that is associated with the site. To change an IP address, you use the TCP/IP client settings in the properties of the network connection. You can use this procedure to change all appropriate values in the TCP/IP client settings on a domain controller, including preferred and alternate DNS servers, as well as Windows Internet Name Service (WINS) servers (if appropriate). Obtain these values from your design team. If you change the static IP address of a domain controller, make sure that the IP address is included in the respective Dynamic Host Configuration Protocol (DHCP) scope. You must also verify that DNS resource records are updated on the DNS server that the domain controller references as the preferred DNS server in TCP/IP settings. In DNS, verify the values of the following resource records. If they have not updated automatically, update the IP address in these resource records: Host (A) or host (AAAA) resource records
Name Server (NS) resource records
Use the DNS snap-in to update the following DNS values that apply to this domain controller: On the Forwarders tab in the properties of a DNS server, update the IP address on DNS servers for which this domain controller is designated as a forwarder.
Use the procedure Update the IP Address for a DNS Delegation for all delegations to this domain controller.
On the Zone Transfers tab in the properties of a forward lookup zone, update the IP address for any primary or seconday DNS zone transfers to this domain controller.
Membership in Domain Admins, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477). To change the static IP address of a domain controller Log on locally to the domain controller whose IP address you want to change. Click Start, point to Administrative Tools, click Server Manager, and then click View Network Connections. In the Network Connections dialog box, right-click the appropriate connection, and then click Properties. In the Connection Properties dialog box, double-click Internet Protocol Version 4 (TCP/IPv4) or Internet Protocol Version 6 (TCP/IPv6). In IP address, type the new address. In Subnet mask, type the new subnet mask if it has changed. In Default gateway, type the new default gateway. In Preferred DNS server, type the address of the Domain Name System (DNS) server that this computer contacts if it has changed. In Alternate DNS server, type the address of the DNS server that this computer contacts if the preferred server is unavailable. If this domain controller uses WINS servers, click Advanced, and then, in the Advanced TCP/IP Settings dialog box, click the WINS tab. If an address in the list is no longer appropriate, click the address, and then click Edit. In the TCP/IP WINS Server dialog box, type the new address, and then click OK. Repeat steps 11 and 12 for all addresses that have to be changed, and then click OK twice to close the TCP/IP WINS Server dialog box and the Advanced TCP/IP Settings dialog box. Click OK to close the Internet Protocol (TCP/IP) Properties dialog box.