• Active Directory 2003 to 2012 R2 Migration – Part 1 – Introduction

    Posted on February 5, 2015 by in Latest News, Troubleshooting, Tutorials


    With the End of life day looming for Server 2003 (July 14th 2015) for those of you haven’t been living under a rock…. It’s all the rage to migrate away from your trusty 2003 AD environment to a more modern 2008 R2 or 2012 R2 environment.

    In fact, it’s all I’ve really been working on for the last 7-8 months, so what better topic to cover for my next round of blogs than an AD 2003 to 2012 R2 migration.

    As with all of my blogs I try to incorporate those tools you will need in a real world environment, not simply giving you information on how to transfer the FSMO roles and say there we go 2012 migration complete…We all know in a real world it’s not that simple.

    I’m going to look at covering off all the pre-work you need to do before even considering deploying the first 2012 R2 server.

    With that said here’s a brief look at the topics I’ll be covering. Obviously it’s quite a lengthy series so will be split in to various parts.

    • Checking AD health prior to upgrade
    • AD Upgrade pre-requisites
    • Deploying server 2012 R2 and prepping AD for deployment of 2012 R2 DC
    • Promoting 2012 R2 server to domain controller
    • Checking AD health following introduction of new DC
    • Transferring FSMO roles
    • Pre-requisites before demoting old 2003 DC
    • Decommissioning of 2003 DC

    In terms of the environment I will be using for this migration, it is a single forest/domain/server setup as shown in the diagram below

    30-01-2015 20-32-51-0181

    There are three users account. Two are standard users account and one is an administrative account called “adtasks”.

    All tasks will be carried out using the adtasks account and NOT the built in administrative account! I will show you the required permissions needed as we go through.

    30-01-2015 20-20-04-0201

    To start with adtasks is simply a member of domain users and domain admins

    30-01-2015 20-20-19-0199

    We have one group in the environment which user Michael Riccioni is a member of. This is simply used to secure permissions to a shared folder located on the domain controller.

    30-01-2015 20-20-08-0200

    When logged in as Michael Riccioni

    30-01-2015 20-31-11-0185

    When logged in as Mike Riccioni

    30-01-2015 20-31-38-0184

    There is also a very simple GPO linked to the domain which removes a couple of items from the start menu

    30-01-2015 21-41-32-0095

    30-01-2015 21-45-20-0094

    Finally, aside from the usual DNS entries, I’ve also added two manual entries called NTP and Router.

    30-01-2015 20-41-44-0172

    That pretty much covers the environment I will be using, and from the above topics we are covering off you can see we have a fair amount to cover so on-wards with the first phase which is checking the AD health and AD upgrade pre-requisites, which should be coming very shortly…

Protected by WP Anti Spam