Tag Archives: forest

Domain In-Place Upgrade Method

8867.Microsoft_5F00_Logo_2D00_for_2D00_screen

It is important to keep the domain environments running with its latest versions. It allow organizations to use new features, enhancements available on new directory services. Typically when we upgrade from old DC to new version, we add a new server or servers to the same network and then add it to the existing forest, domain. Then promote it as DC and move roles to the new system. Later on we demote the old DC and later we go with forest and domain functional level upgrades (once all legacy domain controllers are demoted). This is the seamless and preferred method. This we call as swing-server upgrade method.

But due to limitations on budget, resources not all organizations or companies can go with swing-server upgrade method. This issue can address using the in-place upgrade method. In this method we upgrade the operating system of the running domain controller.

Currently available in-place upgrade path is windows server 2008 or windows 2008 R2 to Windows server 2012 or windows server 2012 R2. In following table you can find the versions it can upgrade in to. Please be aware that you can’t use in-place upgrade to upgrade from windows 2003 or 32 bit versions of windows server 2008 to latest windows server 2012. If you need to upgrade from those versions you must use the swing-server method. Also windows server core 2008 R2 to windows server core 2012 not supported for in-place upgrade.

Current Version

Version that can upgrade into

Windows Server Standard 2008 with SP2, Windows Server Enterprise 2008 with SP2

Windows server 2012 Standard or Datacenter

Windows Server Datacenter 2008 with SP2         

Windows server 2012 Datacenter

Windows Web Server 2008

Windows server 2012 Standard

Windows Server Standard R2 2008 with SP1, Windows Server Enterprise R2 2008 with SP1

Windows server 2012 Standard or Datacenter

Windows Server Datacenter R2 2008 with SP1

Windows server 2012 Datacenter

Windows Web Server 2008 R2

Windows server 2012 Standard

Once upgrade is completed you need to manually change the forest and domain functional levels.

Before in-place upgrade it is important to consider on following points,

1)    Hardware Requirements – Before upgrade make sure the current hardware setup support for the new operating system. Verify the free disks space on the server. It is recommended to have at least 20% free space on the partition / disk which holds the active directory database.
2)    Application Compatibility – Sometime DC server also runs different applications (even its not recommended) for the company. So before upgrade you must make sure those are compatible with the new operating system and DC.
3)    Downtime – during the upgrade process the domain services will be down, so you need to prepare for the downtime.
4)    Permissions – you must have domain admin or enterprise admin rights to proceed with upgrade.

Known issues – please refer https://technet.microsoft.com/en-us/library/hh994618 to find out about the known issues for in-place upgrade method.

This is the end of the post and if you have any questions feel free to contact me on rebeladm@live.com

Image source: http://blogs.microsoft.com/wp-content/uploads/2012/08/8867.Microsoft_5F00_Logo_2D00_for_2D00_screen.jpg

Step-by-Step guide to rename Active Directory Domain Name

Few of the blog readers asked me on few occasions if they can change the AD domain name to the different domain name. Answer is yes you can, but you need to aware of the issues it can occur as well. Otherwise you will be end up in a mess with non-functioning infrastructure. Idea of this post is to demonstrate how to rename AD and also to point out some issues you may face with a domain rename.

Following are the critical points you need to consider before AD rename.

1.    Forest Function Level – Forest Function level must be windows server 2003 or higher to perform AD rename.
2.    Location of the Domain – in forest it can have different level of domains. Those can be either complete different domains or child domains. If you going to change the location of the dc in the forest you must need to create trust relationships between domains to keep the connectivity.
3.    DNS Zone – DNS Zone files must be created for the new domain name prior to the rename process in relevant DNS servers.
4.    Folder Path Change – if DFS folder services or roaming profiles are setup, those paths must change in to server-based share or network share.
5.    Computer Name Change – Once the domain is renamed the computers host names will also renamed. So if those are configured to use by applications or systems make sure you prepare to do those changes.
6.    Reboots – Systems will need to reboot twice to apply the name changes including workstations. So be prepare for the downtime and service interruptions.
7.    Exchange Server Incompatibility – Exchange server 2003 is the only supported version for AD rename. All other versions are not supported for this. Also there can be other applications in environment which can be not supported with rename. Make sure you access these risks.
8.    Certificate Authority (CA) – if CA is used make sure you prepare it according to https://technet.microsoft.com/en-us/library/cc816587

Once your infrastructure is ready, to perform the rename process we need an administrative computer or server. It must be a member of domain and should not a DC. It must have “Remote Server Administration Tools” installed. For windows 2012 server it can be add as feature via server manager. For windows 8 or later can download it from http://www.microsoft.com/en-us/download/details.aspx?id=28972

In demo, I am going to rename contoso.com domain to canitpro.local domain. It is runs with windows server 2012 R2.

I have prepare a server which runs windows server 2012 R2 as member server to perform the rename. You can install Remote Server Administration Tools by Server manager > Add roles and features. Make sure you select AD DS and AD LDS tools under the RSAT.

rename1

Before we start the rename make sure forest domain activities are stopped. Such as adding new DC, changing forest configuration etc.

Also I went ahead and create the relevant DNS zone for new domain name in primary DNS server. (in my blog you can find complete dns article which explain about DNS zone setup)

rename2

Then in the member server log in as domain admin and open the command prompt with admin rights.

First we need to create a report which explains the current forest setup. To do that type rendom /list and press enter.

rename3

This will create an xml file with name Domainlist.xml in the path above command is executed. In my demo its C:\Users\Administrator.CONTOSO

rename4

To proceed it need to be edited to match with the new domain name. Make sure you save the file after edits.

rename5

Then type rendom /upload command from same folder path.

rename6

To check the domain readiness before the rename process type rendom /prepare

rename7

Once its pass with no errors, execute rendom /execute to proceed with rename. It will reboot all domain controllers automatically.

rename8

rename9

All workstations and servers will needs to reboot twice to apply changes. Username and password will not change, but the domain name will be new one.

With rename process domain controllers will not be renamed. Those need to change manually.

rename10

It can do using command netdom computername DC.contoso.com /add:DC.canitpro.local

rename11

Then type netdom computername DC.contoso.com /makeprimary:DC.canitpro.local once complete, reboot the DC.

rename12

We can see it’s changed after reboot.

rename13

The next thing we need to fix is the group policies. It’s still uses the old domain name.

rename14

To fix this type and enter gpfixup /olddns:contoso.com /newdns:canitpro.local

rename15

Then run gpfixup /oldnb:CONTOSO /newnb:canitpro

rename16

We done with that too. The only thing we need to run is random /end to stop the rename process and unfreeze the DC activity.

rename17

This ends the rename process and we have a dc now with a new domain name.

If you have any question about this feel free to contact me on rebeladm@live.com

Step by Step guide to setup Active Directory on Windows Server 2008

This tutorial will explain how to install AD on server 2008. This will valid for windows 2008 R2 as well.

Requirement:

Minimum: Single processor with 1.4 GHz (x64 processor) or 1.3GHz (Dual Core)

Minimum: 512 MB RAM

Minimum: 32 GB or greater

  • The first step is to assign a ip to the server that you going to deploy the AD. Its nessary to install it as DNS server too. So its better to have fixed ip it doesn't mean you cannot install AD without fixed ip address but it will solve lot of issues if you used fixed ip.

In here the server ip is 10.0.0.14. Since we going to make it as DNS server too you should use the same ip as the preferred DNS server.

  • Next step is to install the Active directory roles. Unlikely the older version of windows servers Microsoft highly recommend to use server manager option to install roles before you run dcpromo.

 

  • Click on start menu and select the Server Manager

  • Select the roles from the right hand panel and click on add roles option.

  • From the roles list select the "Active Directory Domain Services" role and Click "Next"

  • Review the confirmation and click on "Next"

  • Review the installation confirmation and click on "Next"

  • It will take few minutes to complete and when its done you will get this confirmation. And then click on "Close"

After that you will need to do a reboot.

  • After reboot please open up the "server Manager" again. And then click on "Roles" there you will see the "Active Directory Domain Services" is successfully installed in there. click on it then you will get a window like below.

     

     

    In their please pay attention to the message

     

     

    So please click on that link and it will start the DCPROMO wizard.

     

  • So next step to go through the DC promo wizard.
  • To start the installation click on "Next"

  • Click on "Next"

  • Since we going to install New domain Controller in new forest please select the option "Create a new domain in new forest" option and click on "Next"

  • Now we have to provide the name for our domain controller. It must be FQDN. In our case I used rebeladmin.com as the domain. Please click "Next" after it.

  • In this window it will ask to select forest function level. If you going to add server 2003 domain controller to your forest later don't select the function level as server 2008. If you going to use full features of 2008 Ad you must select forest function level as server 2008. In my case I used server 2008. Click on "Next" after the select.

  • In next window since it's the first DC we should make it as DNS server too. Leave the default selection and click on "Next"

  • If the wizard cannot create a delegation for the DNS server, it displays a message to indicate that you can create the delegation manually. To continue, click "Yes"

  • In next window it will show up the database location. It its going to be bigger AD its good if you can keep NTDS database in different partition. Click on "Next" after changes.

  • In next window its asking to define a restore mode password. Its more important if you had to do a restore from backup in a server crash. Click on "Next" after filling it.

  • Next window is giving you a brief of the installation. Click on "Next"

  • Then it will start the installation of the AD. It will take some time to complete. After complete of the installation perform a server reboot.

  • After the reboot now you can login to the domain. Please use the login as following example

User name : your domain\administrator

Password : XXXXXXXX

  • Now its done and you can view the active directory options on administrative tools menu

Hope this tutorial is clear for you guys. If any question please ask me on rebeladm@live.com