0

We have 2 Domain Controllers running Windows Server 2003 R2 x64. DC1 has the FSMO roles and DC2 acts as a 'secondary' DC. Both are Global Catalog servers.

DC1 has these roles installed: Domain Controller, DNS Server, Application Server (IIS), File Server and Print Server. DC2 has these roles installed: Domain Controller, DNS Server, Application Server (IIS) and File Server.

There is also a trust relationship between the current domain of these two DCs and a different one which is located in the same location.

What we want to achieve is to upgrade both servers to Windows Server 2008 R2 with a clean install process on both machines, not a direct upgrade from 2003 R2 to 2008 R2.

I am looking for the best practice to achieve that goal. Can you please help me understand the best way to achieve that?

Which server do I have to upgrade first? How can I preserve all of the settings and data from each role?

user201420
  • 1
  • 1
  • 1

1 Answers1

1

What I have noticed is that you are running file-services and IIS Services on a Domain Controller, this should not be done! I suggest you to separate those services, if possible IIS and file-services as well.

Furthermore have you thought about a Domain Migration to a single domain and separating your Sites via OUs / Sites&Services ? About the DCs you could install and prmote them to a GC while the old masters stays available and integrate them into the Domain, next step would be moving the FSMO rule to the new master(s).

Afterwards you simple demote the old DCs to member Servers, in case of trouble there are very good KBs if demoting fails in technet. Your settings should be preserved.

Feel free to contact me about detailed help in a private message

Becks TibiaFun
  • 148
  • 9
  • File Services is not used anymore, thanks for the suggestion. The other domain in managed by another team and it isn't an option to migrate the two of them into one. So, what are you saying is this: Demote DC2 to member server, install Server 2008 R2, transfer the FSMO Roles and after the replication do the same process for the DC1. Right? – user201420 Mar 21 '14 at 10:17
  • First install the new DCs, then promote them, then transfer, then demote, About team management you can use Active Directory delegation to delegate/customize the permissions on the specific OUs – Becks TibiaFun Mar 21 '14 at 13:32
  • But, we won't add any new DCs to the domain. Everything will happen on the same two existing servers. – user201420 Mar 24 '14 at 06:38
  • And that is the bad idea IMHO... Install 2 other DCs, then promote, then transfer. You should prefer a clean installation for a DC, and not an upgraded one. – Becks TibiaFun Mar 24 '14 at 08:59