Migrating to Active Directory 2008 R2

Adding New AD 2008 R2 Servers to an Existing Active Directory Environment

The migration to Active Directory 2008 R2 comes with a number of prior considerations.  First of all, Microsoft only provides a migration method from Active Directory 2003 Native mode and higher to Active Directory 2008 R2.  You cannot be running Active Directory 2000 or in some form of mixed mode in Active Directory 2003 to get to Active Directory 2008 R2 using the tools from Microsoft.

Also as part of the migration process is validate the impact of update the Active Directory schema to the latest 2008 R2 version.  Most applications are not impacted by an Active Director schema update or version update of AD as most applications just use a service account at a domain level that is not impacted by a migration of Active Directory.  Applications that are impacted are applications that modified the Active Directory schema when the product was installed.  As an example, Exchange updates the AD schema to add in objects to support email addresses and other messaging components.  Office Communications Server modifies the AD schema to add in an Instant Messaging address for AD users.  System Center management products typically update the schema to add schema objects for computer accounts, computer and system profile options, etc.  Third party products like Cisco Unity (voicemail) updates the schema to create voicemail box objects.

So if you have ever had a product that modified the schema as part of the installation, those products are the ones you want to target to check with the vendor to see if there are known compatibility problems with the version of the product you are using in regard to AD 2008 R2.

After all various considerations regarding applications and hardware compatibility have been thoroughly validated, the most common method of migrating from Active Directory 2003 or Active Directory 2008 to Active Directdory 2008 R2 is to add a new Windows 2008 R2 server as a member server, run DCPromo to make the member server a domain controller, and in the process Active Directory is updated to support Active Directoroy 2008 R2.

This initial server installation extends the schema which is the main shift in the migration process and builds up the first AD 2008 R2 domain controller.  Once the first Global Catalog server is in place, other global catalog / domain controller systems in the organization can be retired with new AD 2008 R2 domain controller / global catalog server systems.  The step by step process to add the first AD 2008 R2 domain controller in the system starts with having a Windows 2008 R2 server added as a member server of the domain and then performing the following steps:

1.            Log on to the new server as an administrator.

2.            Launch Server Manager.

3.            Select the Roles node.

4.            Click Add Roles.

5.            Click Next.

6.            Select the Active Directory Domain Services check box, and click Next.


The .NET Framework 3.5.1 features are required; if prompted to install, click Add Required Features.

7.            Click Next on the Introduction page.

8.            Click Install to install the role. This installs the binaries necessary for the server to become a domain controller.

9.            Click Close on the Installation Results page.

10.          In the Server Manager console, expand the Roles node and select the Active Directory Domain Services node.

11.          In the Summary section, click the Run the Active Directory Domain Services Installation Wizard (dcpromo.exe) link.

12.          Click Next on the Welcome page.

13.          Select the Existing Forest option button.

14.          Select the Add a Domain Controller to an Existing Domain option button, and click Next.

15.          Enter the name of the domain.

16.          Click Set to specify alternate credentials to use for the operation.

17.          Enter the credentials of a domain administrator in the target domain, and click OK.

18.          Click Next to continue.

19.          Select the appropriate domain for the new domain controller, and click Next. In this example, the companyabc.com domain is used.

20.          Select a site for the domain, and click Next.

21.          Select the Additional Domain Controller Options, which are DNS Server and Global Catalog by default. The Read-Only Domain Controller option is not available if this is the first Windows Server 2008 R2 domain controller in the domain. Click Next.

22.          Click Yes if presented with a DNS Delegation warning dialog box.

23.          Select locations for the database, log files, and the SYSVOL, and then click Next.

24.          Enter the Directory Services Restore mode administrator password, and then click Next.

25.          Review the summary, and then click Next. The installation wizard will create the domain con-troller and replicate the Active Directory database, which might take some time depending on the network and the size of the Active Directory database.

26.          After the wizard completes the installation, click Finish.

27.          Click Restart Now to reboot the new domain controller.

This process should be repeated for each new replacement domain controller.

Since Windows 2008 R2 is a 64-bit only operating system, there is no support to perform an inplace upgrade from a Windows 2003 or 2008 32-bit domain controller.  The typical process is to build and update a Windows 2008 R2 server as a new domain controller, thus replacing 2003 and 2008 domain controllers with new 2008 R2 systems.  As part of the update process, many organizations are choosing to replace physical servers with virtual servers, and as such systems are replaced during the Active Directory upgrade process.

A portion of the above excerpt came from my book “Windows Server 2008 R2 Unleashed”, a 1550-page hardcover book covering everything from Active Driectory Design and migration, to Remote Desktop Services (“terminal services”), to Windows administration, to configuring DHCP/DNS, to Hyper-V R2, and more.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2010 IDG Communications, Inc.