Wednesday, April 29, 2009

2003 to 2008 Domain Controller Migration Checklist

So I am all done now removing our 03 AD server and replacing it with new hardware running server 08. Apart from a small exchange 2007 hiccup things went quite smoothly. Since I didn't find a short and concise checklist out there on this process I figured I would post one.

The following is my post-process brain-dump of the things to keep in mind along with a few comments and links I found helpful. It's by no means authoritative or comprehensive but should cover most of the process from a high level for upgrading a single DC in your average single domain environment with multiple domain controllers.

Removing old 2003 Server:
  • Verify you're getting good backups of the server to be retired
  • Migrate away any FSMO roles to another DC
  • Migrate radius/IAS to another server - Check IAS logs to test/confirm migration (located at %systemroot%\System32\LogFiles here's the format)
  • DHCP - In a multiple DHCP server environment with enough space in your other server's scope simply deactivate your scope on the server to be retired and let the other server pickup the leases as they expire. You'll want to make sure you wait till all eases are expired off the server before you stand up the replacement DC. In a single DHCP server environment (or if you don't want to wait for leases to expire) you'll have to do a hot cut over and migrate the database from the old to the new. Handy trick for migrating DHCP reservations here
  • DNS - Assuming your hosts have redundant DNS servers this should be straightforward.
  • Certificate Services - Microsoft Guide Here
  • AD - You'll want to make absolutely SURE the changes made with the demotion have fully replicated in your environment before you add the new DC.
  • KMS - If you have KMS running on your DC for activating OS installations you'll want to remove it (slmgr -ipk)
  • Anti-Virus
  • Any Monitoring Software
  • Backup Agent
  • Remove From Domain
Installing New 2008 Domain Controller:
  • Add server to domain - customize OS as desired - UAC, IE ESC, etc)
  • Turn off hibernation (why is this enabled by default Microsoft?) - powercfg.exe /hibernate off
  • Install Backup Agent and take full backup
  • Monitoring software
  • Anti-Virus
  • AD/DNS - dcpromo gives you the option to install DNS when it runs, no need to do separately
  • DHCP - See link above on migrating reservations
  • Activate KMS - (slmgr.vbs /ipk and then slmgr.vbs /ato)
  • Cert Services - Install per documentation
  • Migrate FSMO roles - Warning about infrastructure master not valid for single domain environments
  • Configure SNTP. If the new DC will be holding the PDC emulator role you'll want to configure external time syncing. See links at the bottom here. (w32tm /config /manualpeerlist:"ntp0.cornell.edu 0.pool.ntp.org 1.pool.ntp.org" /syncfromflags:manual /reliable:yes /update)
Again, I didn't meticulously document my procedure as I went through it so there may be a few small things missed. However if you have anything to add feel free to add a comment!

No comments: