Hey Checkyourlogs Fans,

 

This week at the TechMentor 2018 Redmond conference we had some great discussions around Migrating your Windows Roles for example from 2003 to 2012 R2 and beyond. I had mentioned that we have a documents that we have used successfully at many clients and I wanted to get it out there to our attendees and friends.

 

This is the process from 2003 – 2012 R2 but it really doesn’t change much moving over to 2016 or 2019. I will update with a later blog post with the 2016 and 2019 process later as this documented process is already complete and I know works 100 %.

 

This was copied straight from one of our Method of Procedure documents just for you.

 

I really hope this helps you out on your Migration journey to Server 2016 and the future Server 2019 coming out hopefully later this year.

 

Dave

 

Active Directory Preparation

Backing up the existing Directory Services

As a change will be made to the existing Schema Partition, we will require a full backup operation prior to the execution of this RFC. Normal backup procedures will suffice and it is an imperative step because the rollback plan requires this.

  1. Login to windows 2003 domain server
  2. Launch the Backup program
  3. Back up the System State to D:\Srvsup\Sysback\(windows 2003 domain server name).BKF
  4. Copy D:\Srvsup\Sysback\(windows 2003 domain server name).BKF to share storage of server.

 

Verifying Healthy Replication

  1. Logon to windows 2003 domain server.
  2. Open a command prompt.
  3. Type repadmin /replsum /bysrc /bydest /sort:delta >c:\repltest.txt.
  4. Open c:\repltest.txt and verify that no errors exist.
  5. If errors exist “DO Not Proceed with the ADPREP” these need to be cleaned up prior to the change.
  6. Return to the command prompt.
  7. Type dcdiag.exe /e /test:frssysvol >c:\frstest.txt.
  8. Open c:\frstest.txt and verify that no errors exist.
  9. If errors exist “DO Not Proceed with the ADPREP” these need to be cleaned up prior to the change.
  10. Return to the command prompt
  11. Type dcdiag /test:fsmocheck >c:\fsmocheck.txt
  12. If errors exist “DO Not Proceed with the ADPREP” these need to be cleaned up prior to the change.
  13. Return to the command prompt.
  14. Type repadmin /SHOWREPS (Windows 2003 Domain server name) >c:\Showreps (Windows 2003 Domain server name).txt
  15. If errors exist “DO Not Proceed with the ADPREP” these need to be cleaned up prior to the change

 

Raise Forest Function Level

The minimum functional level must be at least Windows Server 2003.

  1. Logon to windows 2003 domain server.
  2. Open Active Directory Domains and Trusts.
  3. In the console tree, right-click the Active Directory Domains and Trusts node, and then click Raise Forest Functional Level.
  4. In Select an available forest functional level, click Windows Server 2003, and then click Raise

 

Raise Domain Function Level

  1. Logon to windows 2003 domain server.
  2. Open Active Directory Domains and Trusts.
  3. Right click on the Domain name, and then click on Raise Domain Functional Level….
  4. If you see screen like this (Windows 2003 mode), it means that you do not need to raise your Domain Functional Level.

 

 

Forest /Domain Preparation of Process

In previous versions we need to prepare environment using adprep command to extend schema and configure Infrastructure Master. From Windows Server 2012 and later we don’t have to run adprep first. Windows Server 2012 and later will do that for you if it will detect that adprep was not used before for Schema and Infrastructure preparation

  1. Disable Outbound Replication from windows 2003 dmain server during the Forestprep and Domain Prep Process.
    1. From the Command prompt type repadmin /options sktd01 +DISABLE_OUTBOUND_REPL

Note

We do not want windows 2003 domain server to start replication half way through the Schema Extension process. Once we have completed and verified the Schema Extensions we will re-enable outbound replication for windows 2003 domain server.

Install windows 2012 R2 domain server

  1. Build a new Windows 2012 R2 Server (Make sure you fully patch it).
  2. Logon to windows 2012 R2 Server – The account used to logon must have “Domain Admins” rights.
  3. Ensure that DNS is configured to windows 2003 domain controller server.
  4. Join it to the Domain.
  5. Open the Server Manager console and click on Add roles and features.
  6. Select Role-based of featured-based installation and select Next.
  7. Select the Active Directory Domain Services, DHCP Server and file services (including De-Duplication) roles.
  8. Accept the default features required by clicking the Add Features button.
  9. On the Features screen click the Next button.
  10. On the Confirm installation selections screen click the Install button.
  11. Click the Close button once the installation has been completed.

 

Forest /Domain Verification of Process

  1. Logon to windows 2003 domain server.
  2. Click Start, click Run, type ADSIEdit.msc, and then click OK.
  3. Click Action, and then click Connect to.
  4. Click Select a well known Naming Context, select Configuration in the list of available naming contexts, and then click OK.
  5. Double-click Configuration, and then double-click CN=Configuration,DC=forest_root_domain.
  6. Double-click CN=ForestUpdates.
  7. Right-click CN=ActiveDirectoryUpdate, and then click Properties.
  8. Confirm that the revision attribute value is correct for the version of adprep /forestprep, and then click OK.

Note

  • For Windows Server 2012 R2, the value is 15.
  • For Windows Server 2012, the value is 11.
  • For Windows Server 2008 R2, the value is 5.
  • For Windows Server 2008, the value is 2.

 

  1. Click ADSI Edit, click Action, and then click Connect to.
  2. Click Select a Well known naming context, select Schema in the list of available naming contexts, and then click OK.
  3. Right-click CN=Schema,CN=Configuration,DC=forest_root_domain, and then click Properties.
  4. Confirm that the objectVersion attribute value is correct for the version of adprep /forestprep, and then click OK.

Note

  • For Windows Server 2012 R2, the value is 69.
  • For Windows Server 2012, the value is 56.
  • For Windows Server 2008 R2, the value is 47.
  • For Windows Server 2008, the value is 44.

 

  1. Now that we have successfully verified the Schema Extensions on windows 2003 domain server we can re-enable the outbound replication:
    1. From the Command prompt type

      repadmin /options (windows 2003 domain server name) -DISABLE_OUTBOUND_REPL

       

Force Replication and Convergence

Once the Schema Extensions have been successfully applied to windows 2003 domain controller server they need to be replicated to the rest of the domain controllers in the forest. This can be done manually by following the steps below

  1. Logon to windows 2003 domain controller server.
  2. Type repadmin /kcc.
  3. Type repadmin /syncall /e /d /a >c:\postrootschema-repl-Pull.txt.
  4. Open c:\postrootschema-repl-Pull.txt – Ensure that at the bottom of the file “SyncAll terminated with no errors” exists – If there are errors – These must be fixed before proceeding.
  5. Type repadmin /syncall /e /d /a /P >c:\postrootschema-repl-Push.txt.
  6. Open c:\postrootschema-repl-Push.txt – Ensure that at the bottom of the file “SyncAll terminated with no errors” exists – If there are errors – These must be fixed before proceeding.

 

File Server Migration

Robocopy to mirror folers and permissions

  1. Logon to windows 2003 domain controller server.
  2. Run net share and view all of the current shared folders.
  3. Review the Permissions and decided which folders to take over to the new server.

Note

  • This is a good time to look at cleaning up some of the old shares.  It is likely that most of the data isn’t even required on the new server.
  • It is also a good time to review the permissions to see if they are correct and in a desired state for the new server

 

  1. Using the RoboCopy command below will mirror the permissions.
  2. Logon to Windows 2012 R2 server.
  3. Configure a RoboCopy script to mirror all of the desired folders to the new server.

Robocopy “\\<OldServer>\client service advisors” “f:\Client Service Advisors” /MIR /SEC /SECFIX /R:5 /W:15 /MT:12 /V /NP /LOG:f:\RoboCopySync_<OldServer>_clientserviceadvisor.log

 

Robocopy “\\<Old Server>\client services” “f:\Client services” /MIR /SEC /SECFIX /R:5 /W:15 /MT:12 /V /NP /LOG:f:\RoboCopySync_<OldServer>_clientservices.log

 

Robocopy “\\<Old Server>\corporate client services” “f:\corporate Client services” /MIR /SEC /SECFIX /R:5 /W:15 /MT:12 /V /NP /LOG:f:\RoboCopySync_<OldServer>_corporateclientservices.log

 

Robocopy “\\<Old Server>\pdf-reports” “f:\pdf-reports” /MIR /SEC /SECFIX /R:5 /W:15 /MT:12 /V /NP /LOG:f:\RoboCopySync_<OldServer>_hrs-pdf-reports.log

 

Note

We normally check the log files generated by this script to check for open files.   Normally it can take a few days to fully Sync everything up.  
In production we would likely let this run as a scheduled task for a couple of weeks and check back.
RobyCopy will only take the changing or missing files so the final run of the script is very quick

 

  1. Setup the Shares and Share Permissions on the new Windows 2012 R2 Server.

 

Disable Strict Name Checking

  1. Logon to Windows 2012 R2 server.
  2. Run regedit and expand the following key:  HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters.
  3. Create a new DWORD (32-bit) Value of DisableStrictNameChecking.
  4. Set the Value to 1.

 

Note

We use the above setting to help us steal the name of the old server by the creation of a CNAME record that points to the new Windows 2012 R2 Server.
This is important because a lot of users could have created mapped drives manually to the shares that will no longer exist on the old server

 

 

Export DHCP database and DNS Configuration

Export DHCP Database

  1. Logon to windows 2003 domain controller server.
  2. Stop the DHCP Server Service.
  3. Copy the DHCP Database from the from Windows 2003 (%windir%\system32\dhcp\dhcp.mdb) to windows 2012 r2 Server.
  4. Make sure you only grab the DHCP Database and not the associated log files.

 

Note

This will take all of the associated Scopes from the old server to the new one.   It is a complete cutover.  If you need to take individual scopes you should use netsh or the Server Migration Toolkit.

 

Export the DNS Configuration for all of the Standard Primary and Secondary Zones (Forward and Reverse)

  1. Logon windows 2003 domain server.
  2. Export the DNS Registry keys (HKLM\Software\Microsoft\Windows NT\CurrentVersion\DNS Server\Zones).
  3. Copy *.dns from %windir%\system32\dns.

 

IP Address SWAP

  1. Logon windows 2003 domain server.
  2. Demote the old Windows 2003 Domain Controller using DCPromo.exe.
  3. Rename the old Windows 2003 Server (which is now a member server) to <ServerName>-Old.
  4. Note the IP Address of <ServerName>-Old and change the IP Address.
  5. DNS Create a CName Record in DNS that points the old Windows 2003 Server to the name of the new Windows 2012 R2 Server.
  6. Logon to the new Windows 2012 R2 Server.
  7. Change the IP Address to the IP Address of the old Windows 2003 Domain Controller.

Note

This is a very important step because if clients or servers are configured to use the old windows 2003 Server for DNS this will allow for a seamless transition.
Also DHCP Migration requires us to use the IP Address of the old server because the existing client leases are tied to that IP Address.

 

Server Roles Migration

Promote windows 2012 R2 server as Replica Domain Controller

  1. Logon to the new Windows 2012 R2 Server.
  2. On the Server Manager, notification is made available on the dashboard highlighted by an exclamation mark. Select it and amidst the drop down menu select Promote this server to a domain controller.
  3. Select add a Domain Controller into existing domain.
  4. Ensure the target domain is specified.  If it is not, please either Select the proper domain or enter the proper domain in the field provided.
  5. Click Change, provide the required Enterprise Administrator credentials and click the Next button.
  6. Define if server should be a Domain Name System DNS server and Global Catalog (GC). Select the Site to which this DC belongs to and define Directory Services Restoration Mode (DSRM) password for this DC.
  7. Click the Next button on the DNS options screen.
  8. In the Additional Options screen you are provided with the option to install the Domain Controller from Install From Media (IFM). Additionally you are provided the option to select the point from which DC replication should be completed. The server will choose the best location for AD database replication if not specified. Click the Next button once completed.
  9. Specify location for AD database and SYSVOL and Click the Next button.
  10. Next up is the Schema and Domain preparation.  Alternately, one could run Adprep
    prior to commencing these steps, regardless, if Adprep is not detected, it will automatically be completed on your behalf.
  11. Finally, the Review Options screen provides a summary of all of the selected options for server promotion. As an added bonus, when clicking View Script button you are provided with the PowerShell script to automate future installations. To click the Next button to continue.
  12. Should all the prerequisites pass, click the Install button to start the installation.
  13. Validate Active Directory DNS Zones are created.
  14. Validate AD Replication is working via the KCC (Knowledge Consistency Checker).
  15. Ensure there are not any errors in the event logs.

 

Migrate DHCP Server Role

  1. Logon to the new Windows 2012 R2 Server.
  2. Delete all of the existing database files including logfiles from %windir%\system32\dhcp.
  3. Copy the old DHCP Database from c:\export\dhcp\dhcp.mdb to %windir%\system32\dhcp.
  4. Start the DHCP Server and Authorize the DHCP Server.
  5. You should have all of the scopes from the old server including their leases now.

 

Migrate DNS Server Role

  1. Logon to the new Windows 2012 R2 Server.
  2. Import the Registry key from c:\export\dns\zones.reg.
  3. Copy all of the *.dns files from c:\export\dns (from the old windows 2003 domain controller) to %windir%\system32\dns.
  4. Restart the DNS Service.
  5. Validate that all of the Standard Primary and Secondary (Forward and Reverse) lookup zones are there.

 

Migrate Printer Server Role

  1. Logon to the old windows 2003 printer server.
  2. Download and install x64 driver for each printer on the windows 2003 server.

Note

If the 64 bit driver is missing the Printer Migration Wizard will fail.

 

  1. Logon to the new Windows 2012 R2 Server.
  2. Open Server Manager and click All Servers in the navigation pane.
  3. Click Manage in the Menu Bar and then click Add Roles and Features.
  4. Click Next, select Role or feature-based Installation, and then click Next.
  5. On the Select destination server page, select the server to install the Print and Document Services on. The default server is the local server. Then click Next.
  6. Click Next on the Select features page.
  7. On the Print and Document Services page, review the notes for the administrator and then click Next.
  8. On the Select role services page, choose the role services that you wish to install. By default, Print Server is selected automatically.
  9. Click Next until the Confirm installation selections page is displayed. Click Install to install the required role services.
  10. Open Print Management.
  11. In left pane, click Print Servers, right-click the print server that contains the printer queues that you want to export, and then click Export printers to a file. This starts the Printer Migration Wizard.
  12. On the Select the file location page, specify the location to save the printer settings, and then click Next to save the printers.
  13. Right-click the destination computer on which you want to import the printers, and then click Import printers from a file. This launches the Printer Migration Wizard.
  14. On the Select the file location page, specify the location of the printer settings file, and then click Next.
  15. Click Next to import the printers..

 

 

Validate

 

  1. Validate that you can browse the UNC Path of \\<oldserver>\<share> using the new CNAME.
  2. Validate that you can browse the UNC Path of \\<newserver>\<share> using the name of the new Windows 2012 R2 Server.
  3. Validate that DNS and DHCP are working properly.
  4. Shut down the old Windows 2003 Server.

 

Note

We normally don’t delete the virtual machine or remove the physical server for at least a few months.