If you have the task of performing an Active Directory migration from Windows Server 2003 to Windows Server 2012 R2, there are a number of steps that you must complete for a smooth transition.


Active Directory migration

Your first step is to get a list of the applications that your company uses and what interaction they have with Active Directory (for example, if any applications authenticate with Active Directory). Some applications will authenticate against your domain, and some applications I’ve seen perform an LDAP query against an OU object within Active Directory. You may also find that some applications authenticate via LDAP against a particular domain controller’s NetBIOS name or IP address. In some cases, this is hardcoded into the applications, so you will want to research how this will affect you if you build new domain controllers or upgrade your current ones.

Once you know how your applications integrate with Active Directory, you will now be able to plan your migration. The best approach is to build new Windows Server 2012 R2 domain controllers and migrate your domain controller roles to your new. The steps to do this are as follows:

  1. Add Windows Server 2012 R2 member servers.
  2. Promote them to domain controllers.
  3. Transfer FSMO roles from the Windows Server 2003 domain controllers to the Windows Server 2012 R2 domain controllers.
  4. Demote the Windows Server 2003 domain controllers.

Exchange compatibility

If your organization is running Exchange, make sure to check the prerequisites for what version of Exchange you will need before migrating to Windows Server 2012 R2—in particular, the service pack level—so your mail continues to run smoothly after the upgrade.

Operating system environment

Domnain and forest functional level

Tools and tips

Useful tools that will help you with your migration planning are as follows:

Subscribe to 4sysops newsletter!

  • As part of your discovery phase (to catalog applications and application dependencies), consider using the Microsoft Assessment and Planning Toolkit (MAP), an agentless tool for inventorying and assessing desktop, server, and cloud migrations. If you use System Center Configuration Manager (SCCM), you can pull inventory reports from there as well.
  • There is also a great free tool called Windows Server 2003 Migration Planning Assistant that will give you tips on how to migrate different workloads to give you a smooth migration.
  • Before you build your new domain controllers, I recommend running a health check on your AD environment in terms of replication between your domain controllers. A great free tool is DCDiag. I recommend running this before you build your new domain controllers, and running it again after your new domain controllers have been built to make sure replication between them is working correctly.
  • If you’re migrating your environment to a new domain, you will need a migration tool that will migrate your users, desktops, servers, and SIDs. Two tools I recommend are ADMT and Quest Migration Manager.
  • It’s also important to clean up your DNS before and after the migration to make sure you don’t have any stale DC/DNS server records in your DNS as this will cause problems with your new environment. You can use the free DCDiag tool to check the DNS health.

Detailed guides

  1. Discover and assess your application dependencies, hardware, and application workloads in your environment. Check if your acpplications are compatible with Active Directory 2012 R2. Use the Microsoft Assessment and Planning Toolkit (MAP) to help you with this step.
    Microsoft Assessment and Planning Toolkit (MAP)
  2. Check the health state of your Active Directory replication, domain controllers, sites and services, and DNS records before you build your new DCs.
    AD Replciation Status Tool
  3. Build your new Windows Server 2012 R2 machines and promote them to DCs as detailed in this guide.
    Active Directory Domain Services Configuration Wizard
  4. Migrate the FSMO roles from your Windows Server 2003 domain controllers to your new Windows Server 2012 R2 DCs as detailed in this guide.
    Transfering the Operations Master
  5. Run DCDiag to check the replication health of all your domain controllers and to ensure that everything has been replicated to your new DCs (objects, GPOs, etc.).
  6. Test all your applications to make sure they are functioning correctly.
  7. When you’re happy with your new environment, you can now demote your Windows Server 2003 domain controllers as detailed in this guide.
    Demote domain controlers
  1. Laurent 8 years ago

    And don’t forget the migration of Active Directory replication from FRS to DFSR with dfsrmig tool.

  2. Author

    That should automatically get upgraded, but here is a guide if anyone is interested in reading more information: http://blogs.technet.com/b/askds/archive/2010/05/27/frs-to-dfsr-migration-tool-released.aspx

Leave a reply

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account