Panda's Blog

Prepare a Windows 2000 Forest Schema for a Domain Controller That Runs Windows Server 2008 R2

Recently, I got a chance to upgrade a Active Diretory 2000 to Active Directory Service 2008 R2. To me, its a race chance to perform such upgrade and I tell myself that I will document down and share with you all.

Usually, I spend more time on Planning and testing before the actual rollout. Why? It is to minimize error and bring the risk to the lowest. For the upgrade, I will split into 3 phases which consist of the details steps as follow:

1. Pre-upgrade

a. Obtaining Present AD Design and any specific requirement from Client

b. Replicate an actual AD and evaluate the health state of the AD to verify if there is a need to migrate instead of upgrade –

* Promote another Domain Controller using Virtual PC

* Allow replication to stablized and verify if the virtualised DC is able to sync with the production DC.

* Backup a copy of the virtualized Domain Controller

* Demote the virtualised Domain Controller

* Verify if the demoted DC is removed from the production DC successfully

NOTE: If any of the promote and demote fails, you may want to drop the idea of upgrade and process to plan for a AD migration. If you wish to troubleshoot, first make sure your DNS design is correct. :)

c. (IMPORTANT STEP!!!) Disable the network adaptor of the virtual PC for the backup”ed” DC – to isolate your virtual DC from the production network and AD.

d. Start the Virtualized DC and ensure that your Network Configuration’s Primary DNS is pointing to yourself (Virtualized DC).

e. Seized the roles by using ntdsutil (You may follow the steps under the link - http://support.microsoft.com/kb/255504)

f. Remove the other DC using ntdsutil (You may follow the steps under the link - http://support.microsoft.com/kb/216498)

g. You may wish to reboot once all the 5 roles are seized and wait for the first replication to complete before you can proceed with the extend the schema of the AD 2000.

h. Follow the steps under the following link to prepare the AD 2000 using DVD of Windows Server 2008 R2 - http://technet.microsoft.com/en-us/library/cc753437(WS.10).aspx

NOTE: You should use the 32bit adprep executable file which is named – adprep32.exe under the folder – \support\adprep\

i. if the whole process is successful on the virtualised AD, then I will proceed to perform it on the production AD environment. (MUST)

2. Upgrade

a. Make sure the new server running Windows Server 2008 R2 is ready and active. Why? As IT Professional, we must prepare for any issue. Even-though the pre-upgrade test is fine, we should always be prepared for the worse case scenario such as during the AD Preparation, the server was rebooted due to power trip?

b. Perform the AD preparation following the link  http://technet.microsoft.com/en-us/library/cc753437(WS.10).aspx

c. Monitor the AD to ensure replication is working and schedule a reboot. Verify if AD is healthy by checking the eventlog to ensure that there is no error messages.

d. Add Windows Server 2008 R2 as Domain Controller by performing dcpromo.

e. Perform Step C again (without Reboot)

f. Transfer the FSMO Roles from the Old Windows 2000 Server to the Windows Server 2008 R2.

g. Perform Step C again (without Reboot)

h. Remove the role of Domain Controller from the Old Windows 2000 Server (Dcpromo.exe)

i. Perform Step C again (without Reboot)

j. Raise the Domain and Forest Level by following the link - http://www.petri.co.il/raising-windows-server-2008-active-directory-domain-and-forest-functional-levels.htm

k. DONE! And of course, perform Step C again. :)

NOTE: Make sure the old Windows 2000 Server is no longer a DC.

3. Post-upgrade

a. Prepare another machine which can be installed with Windows Server 2008 R2 OS and DCpromo it to be the 2nd Domain Controller

b. Verify if ADS 2008 is working through viewing of eventlogs

Screen Capture of the important steps which I performed on virtualize environment:

Assume that my domain is “mydomain.test”

The FSMO roles are located on the Windows 2000 Server DC.

Insert the Windows Server 2008 R2 DVD media

Locate the adprep32.exe

Follow the website and perform the command adprep32 /forestprep

NOTE: Before running the command to prepare the domain schema, you will need to make sure the domain mode is native mode.

You may follow the following steps to promote the mode.

Once the domain opertation mode is native, you may proceed to the next step to prepare the domain schema – adprep32 /domainprep /gpprep

Once the schema is prepared and there is no error message on the eventlog, we can now add the server running Windows Server 2008 R2 as a domain controller to the Active Directory 2000.

Following are steps to promo the Windows Server 2008 R2 box in summary (I have taken out some screen shots) – You have to make sure that the server network is configured to have the pri dns is pointing the PDC.

Once promoted and rebooted, verify if the AD is functioning.

Next few screen shots is showing how to transfer the FSMO roles over.

After the RID, PDC and Infra Master is taken over by the Win Srv 2008 R2 DC, wait for replication is done properly, demo the old Windows 2000 Server

Check if the old DC is removed from the AD 2000 on the Windows Server 2008 R2 DC.

Once its confirmed, one may proceed to upgrade the AD level.

First domain level.

Next, Forest Level.

DONE! Now the Active Directory Forest level is Windows Server 2008 R2!