1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Testing 2003 AD domain too see if can cope with 2008 AD preparation / transition

Discussion in 'Software' started by Leehaa, Aug 4, 2011.

  1. Leehaa

    Leehaa Gigabyte Poster

    1,648
    21
    91
    If you've done this, how did you do it? (what were the main methods you used - did you just do a back up, or did you create a test environment?).

    Were there any documents you found useful?

    Were there any things you wish you'd checked?

    Were there any things you would recommend are worth checking?

    I will be building an isolated test network based on our production environment and will test some disaster scenarios (as best possible) in order to create some much needed dr documentation, and the suggestion is that it also makes sense to follow this on with testing forest prep and functional levels etc. for 2008 AD, so any advice would be much appreciated!


    Many thanks,

    Lee
     
    Last edited: Aug 4, 2011
    Certifications: MCP, MCDST, ITIL v3, MBCS, others...
    WIP: BSc IT & Computing, RHCE
  2. SimonD

    SimonD Terabyte Poster Moderator

    3,463
    397
    199
    Actually, I think on the few occasions I did it I just ran the /forestprep and /domainprep commands.

    Ideally if you want to test it (and it really isn't that intrusive) then just create a new virtual DC, sync it up, change the networking environment, grab the roles (obviously when you grab the roles you will be doing so on an isolated LAN, not when it's on the live one), add some more servers to increase your testing platform and then carry out some testing.

    A caveat, once you have grabbed the FSMO roles on the isolated server, that server can never be placed back onto the production network because you will have major conflicts so ensure that you're doing this on the isolated lan and that you're never going to put the machine back into production.

    As far as testing is concerned, once you have raised the forest and domain levels you may want to start adding 2008\2008 r2 dc's and replacing your 2003 dc's when you can. In production it's probably a good idea to look at your naming convention and seeing if you can perhaps change the 2008 dc names slightly, after all if you have dc's named like LON-DC01, LON-DC02 etc and you start adding LON-DC03 as your 2008 box, the last thing you want to do is have DC01 and DC02 decommissioned and your DC's now starting at 03 etc. If you do decide to replace your existing DC's then you have to consider the impact on DNS and DHCP (if you're running them on old DC's).
     
    Certifications: CNA | CNE | CCNA | MCP | MCP+I | MCSE NT4 | MCSA 2003 | Security+ | MCSA:S 2003 | MCSE:S 2003 | MCTS:SCCM 2007 | MCTS:Win 7 | MCITP:EDA7 | MCITP:SA | MCITP:EA | MCTS:Hyper-V | VCP 4 | ITIL v3 Foundation | VCP 5 DCV | VCP 5 Cloud | VCP6 NV | VCP6 DCV | VCAP 5.5 DCA
    WIP: VCP6-CMA, VCAP-DCD and Linux + (and possibly VCIX-NV).
  3. Shinigami

    Shinigami Megabyte Poster

    896
    40
    84
    One practice that larger organizations take, is to disable outbound replication on the DC on which you're performing the Schema changes. If all goes well and rangeupper entries reflect this in the expected manner, you can then reenable replication.

    When moving a 2003 based forest to 2008/R2, you also need to take into consideration a few other things such as your internal PKI (you might want to move this to the latest OS first as a best practice) and some schema changes on the domain side can also undo/break OCS (which can then be fixed by re-running the OCS schema).

    I've seen a list of considerations somewhere, but don't have it handy right now. I just remember that they included the CA, as well as some things regarding servers using Windows Clustering and Terminal Servers. Nothing you can't easily fix, but you do need to keep an eye on them.
     
    Certifications: MCSE, MCITP, MCDST, MOS, CIW, Comptia
    WIP: Win7/Lync2010/MCM
  4. Shinigami

    Shinigami Megabyte Poster

    896
    40
    84
    One practice that larger organizations take, is to disable outbound replication on the DC on which you're performing the Schema changes. If all goes well and rangeupper entries reflect this in the expected manner, you can then reenable replication.

    When moving a 2003 based forest to 2008/R2, you also need to take into consideration a few other things such as your internal PKI (you might want to move this to the latest OS first as a best practice) and some schema changes on the domain side can also undo/break OCS (which can then be fixed by re-running the OCS schema).

    I've seen a list of considerations somewhere, but don't have it handy right now. I just remember that they included the CA, as well as some things regarding servers using Windows Clustering and Terminal Servers. Nothing you can't easily fix, but you do need to keep an eye on them.
     
    Certifications: MCSE, MCITP, MCDST, MOS, CIW, Comptia
    WIP: Win7/Lync2010/MCM
  5. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    Sometimes I image the DC(s) that hold the FMSO roles and then run the /forestprep /domainprep as needed.

    Most of the time I just make sure there is a solid backup and have a note of the directory services restore mode password and then run the commands.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010

Share This Page

Loading...