Window server 2003R2 AD Upgrade Window server 2012R2 AD

Enterprise 2023-07-29 06:47:30 views: null

Window server 2003R2 AD Upgrade Window server 2012R2 AD

In this article, I mainly introduce the upgrade and migration of AD domain. It mainly includes the following two processes:

1. Upgrade directly from Windows server 2003 R2 to window server 2012R2;

2. Upgrade directly from Windows server 2003 R2 to window server 2008R2, and then directly upgrade from Windows server 2008 R2 to window server 2012R2

 Three servers are installed in my environment, the systems are window server 2003R2, window server 2008R2, and window server 2012R2. Among them, the 2003R2 server has been joined to the domain and becomes a domain controller, the domain name is gdut.com, and now the window server 2003R2 AD needs to be upgraded to the window server2012 R2 AD. The details of the three servers are as follows:

server system

Computer name

IP

DNS

window server2003r2

DC1

192.168.80.14

192.168.80.14

window server2008r2

DC2

192.168.80.15

192.168.80.14

window server2012r2

DC3

192.168.80.15

192.168.80.14

Let me talk about the first process first: Windows server 2003 R2 is directly upgraded to window server 2012R2

1. First, I check the schema version number of the domain controller DC1. The operation to check the version number is: enter regedit on the command line, open the registry, and locate:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters, find the parameter Schema Version to view the version. From the figure below, you can see that the current AD schema version of DC1 is 30 ( the schema version of window server 2003R2 is 30, and the schema version of window server 2008R2 is 47. The schema version of window server 2012R2 is 69).

 

2. Then I added DC3 (window server 2012R2 server) to the domain (gdut.com), making DC3 an additional domain controller, but the following error occurred during the process of adding the domain (see the figure below). From the error message, we can know that the forest functional level of the current domain is Windows2000 , and it needs to be upgraded to Windows server 2003 forest functional level or higher . 

 

 

3. Then go back to DC1, in AD users and computers, change the domain functional level to Window Server 2003 (the domain functional level of the deployed window server 2003R2 domain controller defaults to window 2000 mixed mode)


4. In the AD domain and trust relationship, change the forest functional level to window server 2003 ( the default forest functional level is window 2000 )

 

5. After upgrading the functional level, continue to return to DC3 for the next step, but a warning will pop up here: prompting that no domain controller running windows server 2008 or later can be found in the domain . This warning will be described later .

 

6. Then ignore this warning, enter the password for the directory restore mode, and continue the installation.

 

 

7. Continue to the next step until the prerequisite check, and install after passing the check.


8. After the installation is complete, go to DC1 to check the version of the schema again, enter regedit in the command line, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters, and then find the parameter Schema Version to check the version, and now the version has become 69 . Remember the version number you checked in the first step? That's right, it was 30 at the beginning, but it has been upgraded to 69 now, but I didn't manually expand the architecture during this process. The architecture expansion is automatically expanded when window server2012R2 is added to the domain. Just imagine, if I add window server 2008R2 to the domain of window server 2003R, will it automatically expand the architecture as above? Leave a suspense here for a while, and the following will tell you the answer.


 

Next, transfer the operating host of DC1 to DC3, and then downgrade DC1 to get a pure window server 2012R2 domain; this shows that the window server 2003R2 domain can be directly upgraded to window server 2012R2 in one step; but don’t forget The warning that appears during the installation process, the consequence of directly upgrading from window server2003R2 to window server2012R2 is: you cannot install a read-only domain controller (RODC) in this domain environment in the future . Therefore, the official suggestion is to upgrade from window server2003R2 to window server2008R2 first, and then upgrade from window server2008R2 to window server2012R2. The specific upgrade steps continue as follows:

 

 

 

 

 

The following is the second process: Windows server 2003 R2 is first upgraded to window server 2008R2, and then upgraded from Windows server 2008 R2 to window server 2012R2

1. First upgrade window server 2003R2 to window server 2008 R2. My environment is still the original three servers. Currently, only DC1 is the domain controller. DC2 and DC3 have not yet joined the domain. The following figure is a screenshot of the domain controller DC1.

 

2. Add DC2 to the gdut.com domain to make DC2 an additional controller, but the following error occurs during the domain addition process:

The error prompts that the architecture must be extended to window server 2008R2 before DC2 can be deployed as an additional domain controller. Now remember the problem I mentioned earlier? Will adding window server 2008R2 to the domain of window server 2003R2 automatically expand the architecture? The answer is no, the error message tells us that we need to manually extend the shelf.


3. Okay! Next, I started to expand the architecture, and returned to DC1 to mount the image (ISO) of window server2008 R2 to the CD

 

 

4. After the image is mounted, switch to the adprep directory on the D drive (the window server2008r2 image just mounted is on the D drive) on the command line.

 

5. Then enter the adprep /forest Prep command to upgrade the forest structure, and an adprep warning will appear (make sure all domain controllers in the forest have been upgraded to Windows 2000 service pack 4 (sp4) or later before running adprep) and press C to continue. ( Note: 32-bit version runs adprep32, 64-bit version runs adprep , my system here is 64-bit )

 

6. Then enter adprep /domain P rep to expand the domain structure (note that the AD forest must be expanded before the AD domain can be expanded.) , if the following error occurs, you need to change the domain functional level and forest functional level of DC1 to window server 2003 (The default is window 2000 native mode), and then re-enter the command

 

 

7. Enter adprep  / domainprep /gpprep to update the group policy.

 

8. Run adprep /rodcprep to update AD's support for RODC.

 

9. At this point, after the architecture expansion is completed, add DC2 to the domain gdut.com again to become an additional domain controller. The operation of adding a domain is relatively simple, so it will not be described here. After DC2 is successfully added to the domain, if you want to change the domain functional level to 2008 or 2008R2, sorry, you can’t do it, because there are currently two domain controllers in the domain environment, and the version of DC1 is window server 2003R2, you must set the DC1 is downgraded so that there are no domain controllers of version 2003R2 in the entire domain environment, so that the operation of changing domain functions or forest functions can be performed. Before downgrading, you need to transfer all the operation hosts to DC2. Below I will transfer the operation hosts to DC2 through the command line.

10. Perform the following operations under DC2. Use the command netdom query fsmo to query which domain controller the operating host is located in the domain. As can be seen from the figure below, the operating hosts are currently located in DC1.

 

11. Then enter in the command line : ntdsutil, press Enter ; enter roles, press Enter; enter connction, press Enter

 

12. Enter connect to server DC2 and press Enter; then enter quit and press Enter

 

13. Then enter a question mark (?), and the command to transfer the operation host will pop up

 

14. Then enter the command to transfer the operation master: Enter the Transfer infrastructure master command to transfer the structure operation master

 

15. Enter the transfer naming master command to transfer the domain naming operation master,

 

16. Enter the transfer PDC command to transfer the PDC operation host

 

17. Enter transfer RID master to transfer the RID operation master.

 

18. Enter transfer schema master to transfer the schema operation master.

 

19. So far, all operating hosts have been transferred. Then you need to downgrade DC1, enter dcpromo on the DC1 command line, and then downgrade DC1. The specific operation is too simple to describe.

 

20. After DC1 is downgraded, the last step is to change the IP address of DC2's DNS body. The original DNS points to the IP address of DC1.

 

 

21. After DC1 is downgraded successfully, the entire domain environment is a pure window server 2008R2AD. At this time, the domain functional level and forest functional level can be raised; log in to DC2 with a domain administrator, open AD users and computers, and change the domain functional level to window Server 2008 or window server 2008R2 will do.

 

22. Open the AD domain and trust relationship, and change the forest functional level to window server 2008 or window server 2008r2; so far, window server 2003r2AD has been completely upgraded to window server 2008r2 AD

 

 

23. Then upgrade window server 2008 R2 AD to window server 2012 R2 AD. The operation of the upgrade process is almost the same as upgrading from window server 2003 R2 AD to window server 2008 R2 AD. Note that I said almost the same, that is, there are differences The place. When upgrading from window server 2008 R2 AD to window server 2012 R2 AD, you do not need to manually expand the architecture like upgrading from window server 2003 R2 AD to window server 2008 R2 AD, because the architecture will be automatically extended during the upgrade from 2008R2 to 2012R2, that is, you can directly expand the window Server 2012R2 joins the domain, just perform the operations after step 9 above. The specific steps will not be repeated, you can verify by yourself!

Summarize:

1. Window server 2003 R2 can be directly upgraded to window server 2012R2 (this method is not recommended), during which there is no need to manually expand the architecture, but the read-only domain controller (RODC) cannot be deployed in this domain in the future.

2. The window server 2003 R2 is upgraded to the window server 2008R2. This process requires manual expansion of the architecture, otherwise it cannot be upgraded.

3. When upgrading from window server 2008 R2 to window server 2012R2, there is no need to manually expand the architecture, and it will automatically expand during the upgrade process, and you can also deploy a read-only domain controller (RODC) in this domain in the future.

Guess you like

Origin blog.csdn.net/qq_20663229/article/details/79671407
Recommended
Ranking
vue project automated build tools 1.0, support for multi-page build
JDBC add, update, delete data
SpringCloud combat service in response to the decline tutorial series (Chapter IV)
A segmentation fault (core dumped) error occurs when C+11 compiles and calls the PCL library
Django achieve websocket
Go语言并发之道--笔记1
Three-tier structure and application
Zhejiang data structure after-school exercise practice two 7-2 Reversing Linked List (25 points)
Front-end interview brushing day9 (updated daily high-frequency inspection points for front-end interviews)
The difference between the shell of the single and double quote
Daily
More
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)

Code World

© 2018 codetd.com