Small Business Server 2003 to 2012 R2 Migration and Virtualized Domain Controller Questions

scottalanmiller

RODCs are new to 2008 and can't be supported on a 2003 Forest. An RODC also cannot be used in your project here. You need to make a normal, every day DC.

garak0410

@scottalanmiller said:

RODCs are new to 2008 and can't be supported on a 2003 Forest. An RODC also cannot be used in your project here. You need to make a normal, every day DC. Wait, why is it saying "read only"? What have you selected?

I am having problems attaching a screenshot...so I emailed to you Scott. This is after I click NEXT when adding to my existing domain...In the Wizard, it is the Domain Controller Options. READ ONLY is NOT CHECKED but when it fails, I cannot select any other options here.

scottalanmiller

Hmm... It is definitely acting like RO is selected. I see that it is not in the screenshot.

scottalanmiller

Here is the image:

garak0410

@scottalanmiller said:

Here is the image:

Let me break for lunch and then reboot the new DC virtual and try again.

scottalanmiller

Okay. Lunch in 20 for me too.

garak0410

Let me back up to the first screen in this wizard:

Which option do I choose here for my situation, which is this new server will eventually be the new domain controller once the other one is demoted. So, I want to make sure the domain name remains the same when the new DC takes over...

Add a domain controller to an existing domain
Add new domain to an existing forest
Add a new forest

Which one of the above options are correct? I assumed the first one, right?

scottalanmiller

Yes, the first one.

garak0410

@scottalanmiller said:

Yes, the first one.

OK, I realized that message was a warning so I put in my admin password and moved on...now, LOL, I get this:

Dashrender

You need to make sure the new server is pointing to the old server for DNS.

Presumably that is the case if you already joined that domain.

scottalanmiller

@garak0410 said:

@scottalanmiller said:

Yes, the first one.

OK, I realized that message was a warning so I put in my admin password and moved on...now, LOL, I get this:

LOL to the first bit.

Is your 2003 box not authoritative for its zone?

Dashrender

In reading the last few posts - I'm wondering if you can go from 2003 directly to 2012 R2? I did a 2003 R2 (non SBS) to 2012 R2 last week with no problems.

Is your license for Server 2012 R2 a Volume License? If so, you can download a copy of Server 2008 R2, upgrade from 2003 first, remove ADDS from 2003, then transition to the 2012 R2.

I'll see if I can find anything to confirm going from 2003 directly to 2012 R2.

garak0410

@scottalanmiller said:

@garak0410 said:

@scottalanmiller said:

Yes, the first one.

OK, I realized that message was a warning so I put in my admin password and moved on...now, LOL, I get this:

LOL to the first bit.

Is your 2003 box not authoritative for its zone?

This is just like parenting. No real manual on how to do it. LOL

Well, I got to this screen (covered up the domain name but I do see my current domain in REPLICATE FROM. OK to hit next?

Dashrender

when you click Next the wizard should do the forest prep needed to allow you to install a windows 2012 server as a DC.

garak0410

Will BRB...got a heavily used printer down.

garak0410

OK, the paths looked good, so hitting next (masking out my actual domain and PC names)

Review Options show this:

Configure this server as an additional Active Directory domain controller for the domain "mydomain.local".

Site Name: Default-First-Site-Name

Additional Options:

Read-only domain controller: No

Global catalog: Yes

DNS Server: Yes

Update DNS Delegation: No

Source DC: domainPC.mydomain.local

Database folder: C:\Windows\NTDS

Log file folder: C:\Windows\NTDS

SYSVOL folder: C:\Windows\SYSVOL

The DNS Server service will be configured on this computer.

This computer will be configured to use this DNS server as its preferred DNS server.

So, looking good here to continue to proceed?

scottalanmiller

Looks good to me.

Dashrender

@scottalanmiller said:

Looks good to me.

agreed, just like mine did.

garak0410

Ready to click FINISH

First part of results not in screen shot:

Windows Server 2012 R2 domain controllers have a default for the security setting named "Allow cryptography algorithms compatible with Windows NT 4.0" that prevents weaker cryptography algorithms when establishing security channel sessions.

For more information about this setting, see Knowledge Base article 942564 (http://go.microsoft.com/fwlink/?LinkId=104751).

Dashrender

As long as you don't have any NT servers or workstations connecting you should be good.

I was concerned that maybe my XP machines might have an issue, but there hasn't been one!

Click install.

FYI, you might want to edit your photo, your domain name is listed there.