EternalMajin.net

Adding a Server 2008 R2 x64 DC to an existing 2003 x86 DC domain

In an effort to see what pitfalls I may run into should we ever actually upgrade the servers at work, I will be setting up a virtual network that represents, though not fully, the network I deal with on a daily basis.  For this project, I started with a 2003 x86 server as a primary DC.  The plan was to add a 2008 R2 x64 server as another DC, in preparation of later making it the primary DC, converting away from 2003 at all, and eventually to 2012 servers.  These are the steps I went through:

  1. Win2008
    • Add Active Directory Domain Services in Roles, follow wizard, straight forward
    • Go into server manager -> roles -> ADDS -> “Run the active directory domain services installation wizard (dcpromo.exe)”
    • Error after choosing to use the existing forest – need to run ADPrep from the 2008r2 media on the 2003 server.
    • Does not work
  2. Win2003
    • (media/support/tools)repadmin /replsum /bysrc /bydest /sort:delta
      • Nothing shows up for mine.  Ideal is 0 fails, and delta less than replication time
    • netdom query FSMO (2003 did not work, 2008 did) – tells you what server has the FSMO role – all roles on Test2003
    • repadmin /showrepl – to show schema master has performed inbound replication since last time server restarted
    • Hotfix 919151 needed – move x86/adprep.exe to the home folder, then run it with adprep /forestprep
    • Woops – copy the files from the 2008R2 support/adprep folder into the extracted adprep folder from the hotfix, then run adprep /forestprep.
      • Updates to schema47
  3. Re-evaluating my approach
    • Work procedure was 2003 x86 to 2008 x86, and not R2 from what I can tell.
    • I need to go from 2003 x86 to 2008 R2 x64 with this project
    • Duh, adprep32 instead of adprep on the Win2008R2 disk.  Simple crap!
  4. Win2003
    • adprep32 /forestprep (off the WIn2008R2 disk, ./Support/Tools/adprep/)
    • adprep32 /domainprep /gpprep
      • Domain is not in native mode – error
        • AD User and Computers
        • Right click domain name -> Raise Domain Functional Level
        • “Windows 2003 Mode” as I’m on all Win7 machines other than this Win2003 server
        • Raise
      • /domainprep /gpprep now works
  5. Win2008
    • Back to dcpromo – Success!  Ran through pretty much the default options, other than choosing existing domain
    • Also chose to make the 2008 server a DNS server and Global Catalog option as well, as I eventually plan to get rid of the 2003
    • Move Roles to 2008 to mimic work network
      • All but PrimaryDC
        • Get-ADDomainController -filter * | Select-Object Name, Domain, Forest, OperationMasterRoles | ft -Autosize
        • Move-ADDirectoryServerOperationMasterRole -Identity Win2008-1 -OperationMasterRole SchemaMaster,DomainNamingMaster,RIDMaster,InfrastructureMaster

This should have been very quick. I don’t think any of the hotfix stuff was needed if I would have noticed the adprep32.exe file to begin with. I had seen many references to the 32-bit adprep, but usually in conjunction with the hotfix, so I figured that’s where it came from. Oh well, that’s what these labs are for!

I set up our 2008 DCs a few years ago, but apparently they were also x86 machines when I thought they were x64 2008 R2 machines. I’m sure I ran into the same problem then and was told to just go ahead and use the x32. Bah, ugly work.

Current network setup:
Win2003 x86: Primary DC, DNS, DHCP
Win2008 R2 x64: DC, all other roles but primary
Win 7 x64: workstation
pfSense: Routing, HAVP antivirus

Tags: , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *