Windows Server 2008 introduces many improvements and new features in the Active Directory infrastructure. Some of the most important features are:
– Flexible Password Policies
– Active Directory Auditing
– Read Only Domain Controllers RODC
In a series of screencasts, we will demonstrate in a Step-by-Step fashion these new features.
In this screencast, we show you how to migrate Active Directory domain to Windows Server 2008. There are two approaches in this process:
– You can introduce your first Windows Server 2008 Domain Controller in Active Directory by performing an in-place upgrade of an existing Windows 2003 DC (Windows 2000 DC has to be upgraded to Windows 2003 DC first, before you can in-place upgrade it to Windows 2008)
– You can add a fresh installed Windows 2008 member server and promote it as a DC.
In the following screencast, you will see the first approach – in-place upgrade of a Windows 2003 Domain Controller. There are a couple of very important considerations that you should have in mind before you proceed with your migration scenario.
â— First, you have to make sure that your Active Directory is healthy and you have perfect replication between the existing Domain Controllers. Using NetDiag, DCDiag, Repadmin from Windows Support tools could help you in this task. It is a very wrong approach to expect that an in-place upgrade will solve your existing Active Directory problems.
â— You should have a good backup of your Domain Controllers, including the system state. If you have more than one DC (which you should) – backup all of them or at least two DC.
â— Check whether you cover the hardware requirements. Make sure that you have enough free space in the boot volume. You should have at least 14062 MB available to be able to start the in-place upgrade. There is an elegant way to extend your boot volume using the Windows Server 2008 installation disk, and it is demonstrated in the following screencast: How to perform an In-place Upgrade of Windows Server 2008.
â— Check and raise, if necessary, the Domain and Forest functional levels. You cannot upgrade directly from Windows 2000 mixed or Windows Server 2003 interim domain functional levels.
â— The first Windows Server 2008 Domain Controller in the forest must be a Global catalog server, and it cannot be a Read Only Domain Controller, RODC.
â— Check the FSMO roles assignments. When you prepare the existing AD, you should run adprep /forestprep on the Schema operations master and adprep /domainprep /gpprep on the infrastructure master.
In the following screencast, we will demonstrate in-place upgrade of a Windows Server 2003 Domain Controller, which is the only one DC in the domain and holds all the FSMO roles.