Upgrading Existing Domain Controllers
If
the decision has been made to upgrade all or some existing hardware to
Windows 2008, the process for accomplishing this is straightforward.
However, as with the standalone server, you need to ensure that the
hardware and any additional software components are compatible with
Windows 2008. The requirements for the server to upgrade are as follows:
The operating system on the domain controllers is Windows Server 2003 SP1 or higher.
The
domain controller hardware exceeds the Windows 2008 requirements and
all software is compatible with Windows 2008, including antivirus
software and drivers.
There
is enough disk space free to perform the operating system and Active
Directory upgrade. Specifically, verify that your free space is at least
twice the size of your Active Directory database plus the minimum 8GB
needed to install the operating system.
The specific steps are as follows:
1. | Insert the Windows Server 2008 DVD into the DVD drive of the server to be upgraded.
|
2. | The Install Windows page should appear automatically. If not, choose Start, Run and then type d:\Setup, where d: is the drive letter for the DVD drive.
|
3. | Click Install Now.
|
4. | Click
the large Go Online to Get the Latest Updates button. This ensures that
the installation has the latest information for the upgrade.
|
5. | Depending on your license rights, enter your product key if prompted and click Next.
|
6. | Select I Accept This Agreement on the License page, and click Next to continue.
|
7. | Click the large Upgrade button.
|
8. | Review the compatibility report and verify that all issues have been addressed. Click Next to continue.
|
9. | The
system then copies files and reboots as a Windows 2008 server,
continuing the upgrade process. After all files are copied, the system
is then upgraded to a fully functional install of Windows 2008 and then
reboots again. All this can take some time to complete.
|
10. | After
the final reboot, the domain controller will be at the familiar
Ctrl+Alt+Del screen. After logon, the domain controller opens to the
Server Manager console. The domain controller upgrade is complete.
|
Repeat for all domain controllers that will be upgraded.
Replacing Existing Domain Controllers
If
you need to migrate specific domain controller functionality to the new
Active Directory environment but plan to use new hardware, you need to
bring new domain controllers into the environment before retiring the
old servers.
Windows 2008 uses a
roles-based model. To make a Windows 2008 server a domain controller,
the Active Directory Domain Services role is added. This is the most
thorough approach, and the following steps show how to accomplish this
to establish a new Windows 2008 domain controller in a Windows 2000/2003
Active Directory domain:
Note
This procedure
assumes that the Windows 2008 operating system has been installed on the
server. The server does not need to be a domain member.
1. | Log on to the new server as an administrator.
|
2. | Launch Server Manager.
|
3. | Select the Roles node.
|
4. | Click Add Roles.
|
5. | Click Next.
|
6. | Select the Active Directory Domain Services check box, and click Next.
|
7. | Click Next on the Information page.
|
8. | Click Install to install the role. This installs the binaries necessary for the server to become a domain controller.
|
9. | Click Close on the Installation Results page.
|
10. | In the Server Manager console, expand the Roles node and select the Active Directory Domain Services node.
|
11. | In the Summary section, click the Run the Active Directory Domain Services Installation Wizard (dcpromo.exe) link.
|
12. | Click Next on the Welcome page.
|
13. | Select the Existing Forest option button.
|
14. | Select the Add a Domain controller in an Existing Domain option button, and click Next.
|
15. | Enter the name of the domain.
|
16. | Click Set to specify alternate credentials to use for the operation.
|
17. | Enter the credentials of a domain administrator in the target domain, and click OK.
|
18. | Click Next to continue.
|
19. | Select the appropriate domain for the new domain controller, and click Next. In this example, the companyabc.com domain is used.
|
20. | Select a site for the domain controller, and click Next.
|
21. | Select
the Additional Domain Controller Options, which are DNS Server and
Global Catalog by default. The Read-Only Domain Controller option is not
available, as this is the first Windows 2008 domain controller in the
domain. Click Next.
|
22. | Select locations for the database, log files, and the SYSVOL, and then click Next.
|
23. | Enter the Directory Services Restore Mode administrator password, and then click Next.
|
24. | Review
the summary, and then click Next. The Installation Wizard creates the
domain controller and replicates the Active Directory database, which
might take some time depending on the network and the size of the Active
Directory database.
|
25. | After the wizard completes the installation, click Finish.
|
26. | Click Restart Now to reboot the new domain controller.
|
This process should be repeated for each new replacement domain controller.
Moving Operation Master Roles
Active
Directory Domain Services sports a multimaster replication model, in
which any one server can take over directory functionality, and each
full domain controller contains a read/write copy of directory objects.
There are, however, a few key exceptions to this, in which certain
forestwide and domainwide functionality must be held by a single domain
controller in the forest and in each domain respectively. These
exceptions are known as Operation Master (OM) roles, also known as
Flexible Single Master Operations (FSMO) roles. There are five OM roles,
as shown in Table 1.
Table 1. FSMO Roles and Their Scope
| FSMO Roles | Scope |
|---|
| Schema master | Forest |
| Domain naming master | Forest |
| Infrastructure master | Domain |
| RID master | Domain |
| PDC emulator | Domain |
If the server or
servers that hold the OM roles are not directly upgraded to Windows 2008
but will instead be retired, these OM roles will need to be moved to
another server. The best tool for this type of move is the NTDSUTIL
command-line utility.
Follow these steps
using NTDSUTIL to move the forestwide OM roles (schema master and domain
naming master) to a single Windows 2008 domain controller:
1. | Open a command prompt (choose Start, Run, type cmd, and press Enter).
|
2. | Type ntdsutil and press Enter. The prompt will display ntdsutil:.
|
3. | Type roles and press Enter. The prompt will display fsmo maintenance:.
|
4. | Type connections and press Enter. The prompt will display “server connections:”.
|
5. | Type connect to server <Servername>,
where <Servername> is the name of the target Windows 2008 domain
controller that will hold the OM roles, and press Enter.
|
6. | Type quit and press Enter. The prompt will display fsmo maintenance:.
|
7. | Type transfer schema master and press Enter.
|
8. | Click
Yes at the prompt asking to confirm the OM change. The display will
show the location for each of the five FSMO roles after the operation.
|
9. | Type transfer naming master and press Enter.
|
10. | Click OK at the prompt asking to confirm the OM change.
|
11. | Type quit and press Enter, then type quit and press Enter again to exit the NTDSUTIL.
|
12. | Type exit to close the Command Prompt window.
|
Now the forestwide FSMO roles will be on a single Windows 2008 domain controller.
The domainwide FSMO roles
(infrastructure master, RID master, and PDC emulator) will need to be
moved for each domain to a domain controller within the domain. The
steps to do this are as follows:
1. | Open a command prompt (choose Start, Run, type cmd, and press Enter).
|
2. | Type ntdsutil and press Enter.
|
3. | Type roles and press Enter.
|
4. | Type connections and press Enter.
|
5. | Type connect to server <Servername>,
where <Servername> is the name of the target Windows 2008 domain
controller that will hold the OM roles, and press Enter.
|
6. | Type quit and press Enter.
|
7. | Type transfer pdc and press Enter.
|
8. | Click OK at the prompt asking to confirm the OM change.
|
9. | Type transfer rid master and press Enter.
|
10. | Click OK at the prompt asking to confirm the OM change.
|
11. | Type transfer infrastructure master and press Enter.
|
12. | Click Yes at the prompt asking to confirm the OM change.
|
13. | Type quit and press Enter, then type quit and press Enter again to exit the NTDSUTIL.
|
14. | Type exit to close the Command Prompt window.
|
The preceding steps need to be repeated for each domain.
