Feb 13 2010
Upgrade a Domain Controller to a new Operating System version and keep the name
If you have the need to keep the name of a domain controller (DC) you have 2 options, an in place upgrade of the DC in question or choosing a “temporary” DC to free the name of it (only one DC exist in the domain).
The following applies only if the DC is NOT running additional applications, e.g. Microsoft Exchange server, Microsoft SQL server or any other one. For a Certification Authority (CA) see at the end.
I don’t prefer an in place upgrade, especially if there is a major change in the OS architecture like from Windows server 2003 to Windows server 2008.
Option 1:
Depending on the OS version, you can do in place upgrades:
+ Windows server NT4 (SP6a) to Windows server 2000 or Windows server 2003 is possible
+ Windows server 2000 to Windows server 2003 or Windows server 2003 R2 is possible
+ Windows server 2000 to Windows server 2008 or higher is NOT possible
+ Windows server 2003 SP1/SP2 or Windows server 2003 R2 SP1/SP2 to Windows server 2008 or Windows server 2008 R2 is possible, only if NO cluster services are installed
+ Windows server 2008 to Windows server 2008 R2 is possible
see this articles for a more detailed explanation of supported upgrade paths (http://support.microsoft.com/kb/810613/en-us) and (http://support.microsoft.com/?kbid=951041)
Option 2:
If you must use different hardware depending on the OS requirements, the old one, let’s call it “DCKeep”, is over it’s lifetime or you have only one DC in the domain, you can work with a “temporary” DC, let’s call it “DCTemp”, either as VM or physical machine (even a laptop if the hardware is capable of the OS).
+ therefore install an additional DC “DCTemp” to the domain, make it DNS server (i prefer always Active directory integrated zones on DC’s), make it Global catalog server ([http://support.microsoft.com/?id=313994] applies also for 2008)
+ move all 5 FSMO roles to “DCTemp” (if the DC you like to keep the name is the FSMO roles holder). ([http://support.microsoft.com/kb/324801] applies also for 2008)
+ check replication with the support tools dcdiag /v, netdiag (not included in Windows server 2008, but works {not supported} if copied from the Windows server 2003 support tools [not on Windows server 2008 R2]) and repadmin /showrepl (or /showreps if Windows server 2000 support tools). Also replmon, Replication monitor GUI version, will help to check the correct replication between all DC’s.
+ if all steps above are error free you can demote “DCKeep” to a member server and rename it or remove it complete from the domain, that way the domain has still a running DC with all needed roles and you can now use the name “DCKeep” again on a new OS version server with the same ip address.
If “DCKeep” has the CA role installed you have to do a backup BEFORE demoting or removing, to restore it on the new server, therefore follow this articles depending on the OS version:
+ Windows server 2000 to Windows server 2003 (http://support.microsoft.com/kb/298138)
+ Windows server 2003 to Windows server 2008 (http://technet.microsoft.com/en-us/library/cc742515(WS.10).aspx)
+ upgrading a CA from Windows server 2000 to Windows server 2008 should be done in a 2 step way over Windows server 2003 to be supported from Microsoft
Thanks for the guide man cant believe no one has commented. Well ill say thanks
This is a most excellent blog!
I am upgrading a 2003 R2 32-bit AD to 2008 R1 32-bit. I have run forestprep and domain prep successfully, introduced the first 2008 member server, promoted it, transferred all the FSMO roles to the new server, set up AD-integrated DNS, all has gone smoothly so far.
The problem is, I need to upgrade 4 or 5 remaining DCs, each in their own site, and would like to keep the computer names if possible. The in-place upgrade is supported in this scenario but for some reason it’s dimmed out when I run setup.
These DCs also are downstream (replica) WSUS servers, and they host DFS data. They are all AD-integrated DNS. Each are GCs. They each have SQL Express 2005, could that be causing it?
One option I have is to use a new server and upgrade each server one at a time and use a different name, and take the old server out only after the new one is in place in that site. Is that a better way?
Any links or suggestions are sincerely appreciated.
Sam