Step by step guide for upgrading Active Directory from Microsoft

Windows 2003 to Microsoft Windows Server 2008

In this blog, I will guide you with a very simple step by step approach on how to upgrade your Active
Directory from Microsoft Windows 2003 to Microsoft Windows Server 2008. Preparing your Active
Directory infrastructure for upgrade to Windows Server 2008 includes the following tasks:

• Prepare Windows Server 2003 forest schema for a domain controller that runs Windows
Server 2008
• Prepare Windows Server 2003 domain for a domain controller that runs Windows
Server 2008

Note: Review the list of operations that Adprep.exe performs in Windows Server 2008, and test
the schema updates in a lab environment to ensure that they will not conflict with any
applications that run in your environment. There should not be any conflicts if your applications
use RFC-compliant object and attribute definitions. For a list of specific operations that are
performed when you update the Active Directory schema, see Appendix of Changes to
Adprep.exe to support AD DS in Windows Server 2008
(http://go.microsoft.com/fwlink/?LinkID=122499).
You can also test the Active Directory upgrade in a test environment with all the applications
configured for testing purposes.

Forest Schema preparation

Before you can add a domain controller that is running Windows Server 2008 to an Active
Directory environment that is running Windows 2000 Server or Windows Server 2003, you must
update the Active Directory schema. You must update the schema from the domain controller
that hosts the schema operations master role (also known as flexible single master operations
or FSMO). If you are performing an unattended installation of Active Directory Domain Services
(AD DS) with Windows Server 2008, you must update the schema before you install the
operating system. For normal installations, you must update the schema after you run Setup
and before you install AD DS.

Use the following procedure to update the Windows Server 2003 Active Directory schema for
Windows Server 2008.

Membership in Enterprise Admins, Schema Admins, and Domain Admins for the domain that
contains the schema master is required to complete this procedure. Review details about using
the appropriate accounts and group memberships
at http://go.microsoft.com/fwlink/?LinkId=83477.

To prepare the forest schema for Windows Server 2008

 1. Log on to the schema master as a member of the Enterprise Admins, Schema Admins,
and Domain Admins groups.

2. Insert the Windows Server 2008 DVD into the CD/DVD drive. Copy the content of the
\sources\adprep folder to an Adprep folder on the schema master.

3. Open a command prompt, and then change directories to the Adprep folder.

4. At the command prompt, type the following command, and then press ENTER:

adprep /forestprep

1. (Optional) If you plan to install a read-only domain controller (RODC) in any domain in
the forest, type the following command, and then press ENTER:

adprep /rodcprep

1. Allow the operation to complete, and then allow the changes to replicate throughout
the forest before you prepare any domains for a domain controller that runs Windows
Server 2008.

Domain Schema preparation

After you prepare the forest, you need to prepare any domain for which you plan to install a
domain controller that runs Windows Server 2008.

Use the following procedure to prepare a Windows 2000 or Windows Server 2003 domain for
Windows Server 2008.

Membership in Domain Admins, or equivalent, is the minimum required to complete this

procedure. Review details about using the appropriate accounts and group memberships
athttp://go.microsoft.com/fwlink/?LinkId=83477.

To prepare a Windows 2003 domain for Windows Server 2008

1. Identify the domain infrastructure operations master role holder as follows:

• In the Active Directory Users and Computers snap-in, right-click the domain
object, clickOperations Masters, and then click Infrastructure.
2. Log on to the infrastructure master as a member of the Domain Admins group.

3. Insert the Windows Server 2008 DVD into the CD/DVD drive. Copy the content of the
\sources\adprep folder to an Adprep folder on the infrastructure master.

4. Open a command prompt, and then change directories to the Adprep folder.

5. Type the following command, and then press ENTER:

 adprep /domainprep /gpprep

1. Allow the operation to complete, and then allow the changes to replicate throughout
the forest before you install a domain controller that runs Windows Server 2008.

After the forest and domain based schema is prepared, new Windows Server 2008 based
domain controllers can be added to the domain.

Install Active Directory on Windows Server 2008

Install Active Directory Domain Services (AD DS) on a Windows Server 2008–based member server that
is located in the domain by using the Active Directory Domain Services Installation Wizard
(Dcpromo.exe). After you install AD DS successfully, the Windows Server 2008–based member server
will become a domain controller. You can install AD DS on any Windows Server 2008–based member
server that meets the domain controller hardware requirements.

You can install AD DS using the Windows Server 2008 Windows interface. The Windows interface in
Windows Server 2008 provides two wizards that guide you through the Active Directory Domain
Services (AD DS) installation process. One wizard is the Add Roles Wizard, which you can access in Server
Manager. The other wizard is the Active Directory Domain Services Installation Wizard (Dcpromo.exe),
which you can access in either of the following ways:

• When you complete the steps in the Add Roles Wizard, click the link to start the Active
Directory Domain Services Installation Wizard.
• Click Start, click Run, type dcpromo.exe, and then click OK.

Membership in the local Administrator account, or equivalent, is the minimum required to complete
this procedure. Review details about using the appropriate accounts and group memberships
at http://go.microsoft.com/fwlink/?LinkId=83477.

To install AD DS on a Windows Server 2008–based member server:

1. Click Start, and then click Server Manager.

2. In Roles Summary, click Add Roles.
3. If necessary, review the information on the Before You Begin page, and then clickNext.
4. On the Select Server Roles page, select the Active Directory Domain Services check box,
and then click Next.
5. If necessary, review the information on the Active Directory Domain Services page, and
then click Next.
6. On the Confirm Installation Selections page, click Install.
7. On the Installation Results page, click Close this wizard and launch the Active Directory
Domain Services Installation Wizard (dcpromo.exe).
8. On the Welcome to the Active Directory Domain Services Installation Wizard page,
click Next. If you want to install from media, or identify the source domain controller for
AD DS replication as part of the installation of the additional domain controller, click Use
advanced mode installation.
9. On the Operating System Compatibility page, review the warning about the default
security settings for Windows Server 2008 domain controllers, and then clickNext.
10. On the Choose a Deployment Configuration page, click Existing forest, click Add a
domain controller to an existing domain, and then click Next.
11. On the Network Credentials page, type the name of any existing domain in the forest
where you plan to install the additional domain controller. Under Specify the account
credentials to use to perform the installation, click My current logged on credentials or
click Alternate credentials, and then click Set. In theWindows Security dialog box,
provide the user name and password for an account that can install the additional
domain controller. To install an additional domain controller, you must be a member of
the Enterprise Admins group or the Domain Admins group. When you are finished
providing credentials, click Next.
12. On the Select a Domain page, select the domain of the new domain controller, and then
click Next.
13. On the Select a Site page, select a site from the list or select the option to install the
domain controller in the site that corresponds to its IP address, and then clickNext.
14. On the Additional Domain Controller Options page, make the following selections, and
then click Next:
a. DNS server: This option is selected by default so that your domain controller can
function as a DNS server.
b. Note: If you select the option to install DNS server, you might receive a message
that indicates that a DNS delegation for the DNS server could not be created and
that you should manually create a DNS delegation to the DNS server to ensure
reliable name resolution. If you are installing an additional domain controller in
either the forest root domain or a tree root domain, you do not have to create
the DNS delegation. In this case, click Yes and disregard the message.
c. Global Catalog: This option is selected by default. It adds the global catalog,
read-only directory partitions to the domain controller, and it enables global
catalog search functionality.
d. Read-only domain controller. This option is not selected by default. It makes the
additional domain controller read only.
15. If you selected Use advanced mode installation on the Welcome page, the Install from
Media page appears. You can provide the location of installation media to be used to
create the domain controller and configure AD DS, or you can have all the replication
done over the network. Note that some data will be replicated over the network even if
you install from media. For information about using this method to install the domain
controller, see Installing AD DS from Media.
16. If you selected Use advanced mode installation on the Welcome page, the Source
Domain Controller page appears. Click Let the wizard choose an appropriate domain
controller or click Use this specific domain controller to specify a domain controller that
you want to provide as a source for replication to create the new domain controller, and
then click Next. If you do not choose to install from media, all data will be replicated
from this source domain controller.
17. On the Location for Database, Log Files, and SYSVOL page, type or browse to the
volume and folder locations for the database file, the directory service log files, and the
system volume (SYSVOL) files, and then click Next.Windows Server Backup backs up the
 directory service by volume. For backup and recovery efficiency, store these files on
separate volumes that do not contain applications or other nondirectory files.
18. On the Directory Services Restore Mode Administrator Password page, type and
confirm the restore mode password, and then click Next. This password must be used to
start AD DS in Directory Service Restore Mode (DSRM) for tasks that must be performed
offline.
19. On the Summary page, review your selections. Click Back to change any selections, if
necessary.To save the settings that you have selected to an answer file that you can use
to automate subsequent Active Directory operations, click Export settings. Type the
name for your answer file, and then click Save. When you are sure that your selections
are accurate, click Next to install AD DS.
20. On the Completing the Active Directory Domain Services Installation Wizard page,
click Finish.
21. You can either select the Reboot on completion check box to have the server restart
automatically or you can restart the server to complete the AD DS installation when you
are prompted to do so.