Upgrading your 2008 x86 Domain Controllers into 2008R2

This topic depicts on performing a Domain Upgrade from Domain Controllers running 2008 -32bit to 2008R2. Obviously all of us know that 2008R2 itself is made on 64 bit architecture.
Note: Before doing anything make sure that you have a valid Full Server backup of the existing Domain Controller.
In brief, having 2008R2 FFL & DFL you will acquire the following benefits:

AD Recycle Bin
Active Directory Web Service
Active Directory Administrative Center
Offline Domain Join
Managed Service Accounts
Offline Domain Join
Authentication Assurance

Well before we go further, let us go through the checklists that you should keep in mind prior the upgrade process.
Minimum Hardware requirements:
Windows Server 2008R2
1.4 Ghz CPU
Minimum 2GB RAM
Atleast 64GB hard disk space.

It is better to have 3 logical drives if storage is not a concern and keep AD Database & SYSVOL in a Disk and AD Log files in a seperate Disk. For the RAID Considerations I would go for the following :
RAID 1 -Operating System files
RAID 1 -AD Log files
RAID 0+1 -AD Database + SYSVOL
Once you are done with all the above steps lets dive in to the process.

In short Upgrading a DC involves :
Upgrading AD Schema>>Adding Additional DC>>Transfering FSMO Roles>>Demoting old DC

http://technet.microsoft.com/en-us/library/upgrade-domain-controllers-to-windows-server-2008-r2(v=WS.10).aspx

Verifiy the FSMO role holders using netdom query fsmo

Insert 2008R2 media in the 2008DC and navigate through adprep (by default adprep for 64bit is selected; we should choose adprep32.exe since the old DC’s are 32 bit)

cmd>adprep>adprep32 /forestprep (on Schema Operations master role holder) ; press C to confirm.

>adprep>adprep32 /domainprep ( on Infrastructure master role holder)

*If there are existing 2000 DC’s run  adprep32 /gpprep

*If there are Read Only DC’s run adprep32 /rodcprep

Confirm the Schema update by logging to ADSIEdit.msc

Connect to>select well known Naming Context>Configuration and navigate through the path
cn=schema,cn=configuration,dc=domainname,dc=local -scope base -attr objectVersion”.
Verify the Schema version>>
{13 -> Windows 2000 Server
30 -> Windows Server 2003 RTM, Windows Server 2003 with Service Pack 1, Windows Server 2003 with Service Pack 2
31 -> Windows Server 2003 R2
44 -> Windows Server 2008 RTM
47 -> Windows Server 2008 R2
56 -> Windows Server 2012 RTM}

Promote a pre-configured Windows 2008R2 as a Domain Controller using the DCPROMO.EXE utility.
Finish off with the installation after making sure that no errors were encountered, reboot the box & wait for a session of replication.
http://technet.microsoft.com/en-us/library/cc736355(v=WS.10).aspx

Transfer the FSMO roles to the new 2008R2 Domain Controller->
1) Logon to the 2008 DC (We will use ntdsutil.exe for this purpose where as you may use GUI also for the same
well explained here : http://www.petri.co.il/transferring_fsmo_roles.htm#)
2.Click Start, click Run, type ntdsutil in the Open box, and then click OK.
3.Type roles, and then press ENTER.
4.Type connections, and then press ENTER.
5.Type connect to server servername, and then press ENTER, where servername is the name of the DC(2008R2) you want to assign the FSMO role to.
6.At the server connections prompt, type q, and then press ENTER.
7.Type the following commands:
Transfer domain naming master
Transfer infrastructure master
Transfer PDC
Transfer RID master
Transfer schema master
At the fsmo maintenance prompt, and then press ENTER.
8. At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility.

Verify the role transfer using the command NETDOM QUERY FSMO
Make sure that 2008R2 shows up against all roles.

Wait for another round of replication and make sure that all AD integrated & collaborated services works fine.
Eventually Demote the 2008 DC , format it and use it for someother purpose.
(Make sure that you change the primary DNS IP in all Servers/Clients to that of 2008R2 if the IP used is different)

Advertisements