Introducing new 2012 R2 domain controllers to a 2003 environment

Introducing new domain controllers running Windows Server 2012 R2 to a Windows Server 2003 environment is relatively straightforward.

The first thing you need to do is ensure that your Windows Server 2003 domain controllers are updated with the most recent service packs and patches. Service Pack 2 has been out for more than 7 years, so it’s reasonably safe to assume that you have it installed. Unless you like living dangerously, you should be reasonably up-to-date with software updates. By “reasonably up-to-date” I mean that you have installed software updates released from at least one of the last 3 patch Tuesdays.

Perform a check to verify that the domain and forest is running at the Windows Server 2003 functional level. It probably is, but you need to ensure that it is before you start adding computers running Windows Server 2012 R2 to the domain.

The next step to take is to add one or more computers running the Windows Server 2012 R2 operating system to the root domain of the forest. Adding more than one is a good idea, as having two new domain controllers gives you a fallback in case something unfortunate happens. Not that it will, but a good part of server administration is being paranoid and preparing for something unfortunate to happen at the most inconvenient possible time.

Configure these computers with static IP address information. While not fundamentally necessary, it’s likely that your new domain controllers will be taking on other roles such as DNS. Having them stick in one place, rather than be subject to the whimsy of DHCP, is generally a good idea.

Add the Active Directory Domain Services role to these computers. You then run the Domain Controller configuration wizard. Note that you do not run dcpromo.exe anymore from the command line. Neither do you run adprep.exe (at least you don’t have to). All of the domain, forest, and schema preparation is handled by the Domain Controller promotion wizard.

Make sure that you add the computer as a domain controller to the existing root domain, not as a new domain controller for a new domain. Once installation has completed and restarted, verify that you can sign on and then promote the second computer.

In the next article, I’ll discuss the next step to take, which is moving FSMO roles to the new Server 2012 R2 domain controllers.