Migrate Active Directory 2008 R2 to Active Directory 2012 – Part3

Like any Active Directory migration or upgrade, we need to run the famous “Adprep” to prepare the forest and the domains that we wish to upgrade.

– Run “Adprep” once in each forest you want to upgrade

– Run “Adprep” for each domain you want to upgrade

– We will need a privileged account for each operation

– It’s recommended to run the “Adprep” preparation in a domain controller that holds the needed FSMO role. To identify which domain controller is holding FSMOs role, run  the following command line in any domain controller for each domain.

netdom query fsmo

Don’t forget that there’s 5 FSMO roles, Schema Master and Domain Naming Master are unique in the forest, PDC emulator, Infrastructure master and RID master are unique for each domain.

So in our case we will run 3 times this command, one for each domain.

SNAG-0001

More about FSMO roles in the following technet article, it’s really an interesting reading HERE

The forest and domain functional level must be at least Windows 2000 Native mode. Windows 2000 Mixed mode is not supported. All your domain controllers must run Windows Server 2003 or higher operating system.

You will need the Windows Server 2012 sources for the Adprep.exe tool (\Support\Adprep folder). You can copy the Adprep folder to a desired location and run the Adprep.exe tool from that location. In my case i will copy the folder under the C:\ partition of each domain controller i will run the command from within it.

  • Forest Preparation

In this step, i will prepare our forest for the upgrade. We will need to make this preparation only one time because our environment is composed of only one single forest.

  1. Connect to the domain controller that holds the Schema Master role (in our case, LAB-DC-01.lab.local) with a user member of the Schema Admins group, Enterprise Admins group, and  Domain Admins group of the domain holding the Schema Master role (The built-in Administrator account in the forest root domain is a member of the Schema Admins group by default).
  2. Open a privileged command prompt
  3. Go to Adprep folder, and run the following command :         Adprep /forestPrep        SNAG-0002
  4. Type C then press Enter
  5. You should have the following message if the schema upgrade was successful   :  Adprep successfully updated the forest-wide information                                                                                                                                                                                                                                                                                         SNAG-0003
  6. Verify that replication is completed successfully by following the next steps

Verification Sart

  1. Log on to an administrative workstation that has ADSIEdit installed.
  2. Click Start, click Run, type ADSIEdit.msc, and then click OK.
  3. Click Action, and then click Connect to.
  4. Click Select a well known Naming Context, select Configuration in the list of available naming contexts, and then click OK.
  5. Double-click Configuration, and then double-click CN=Configuration,DC=forest_root_domainwhere forest_root_domain is the distinguished name of your forest root domain.
  6. Double-click CN=ForestUpdates.
  7. Right-click CN=ActiveDirectoryUpdate, and then click Properties.
  8. If you ran adprep /forestprep for Windows Server 2008 R2, confirm that the Revision attribute value is 5, and then click OK.If you ran adprep /forestprep for Windows Server 2008, confirm that the Revision attribute value is 2, and then click OK.
  9. Click ADSI Edit, click Action, and then click Connect to.
  10. Click Select a Well known naming context, select Schema in the list of available naming contexts, and then click OK.
  11. Double-click Schema.
  12. Right-click CN=Schema,CN=Configuration,DC=forest_root_domain, and then click Propertieswhere forest_root_domain is the distinguished name of your forest root domain.
  13. If you ran adprep /forestprep for Windows Server 2008 R2, confirm that the objectVersion attribute value is set to 47, and then click OK.If you ran adprep /forestprep for Windows Server 2008, confirm that the objectVersion attribute value is set to 44, and then click OK.

Verification End

  • Domain Preparation

After preparing the forest, we have to prepare each domain we want to upgrade. If you want to upgrade just one domain, make this operation only on that domain. In our case we will make his operation three times. To help ensure that the domain preparation command runs successfully, complete these steps on the infrastructure operations master role holder for each domain. You need an account that is member of the Domain Admins group

Upgrading LAB.Local domain : Adprep /DomainPrep

SNAG-0004

Upgrading LABX.Local domain : Adprep /DomainPrep

SNAG-0004

Upgrading LABCHILD.Local domain : Adprep /DomainPrep

SNAG-0004


To verify that adprep /domainprep completed successfully

  1. Log on to an administrative workstation that has ADSIEdit installed.
  2. Click Start, click Run, type ADSIEdit.msc, and then click OK.
  3. Click Action, and then click Connect to.
  4. Click Select a well known Naming Context, select Default naming context in the list of available naming contexts, and then click OK.
  5. Double-click Default naming context, double-click the container that is the distinguished name of the domain, and then double-click CN=System.
  6. Double-click CN=DomainUpdates, right-click CN=ActiveDirectoryUpdate, and then click Properties.
  7. If you ran adprep /domainprep for Windows Server 2008 R2, confirm that the Revision attribute value is 5, and then click OK.If you ran adprep /domainprep for Windows Server 2008, confirm that the Revision attribute value is 3, and then click OK.

Verification END

  • Domain Group Policy Preparation

Like Domain preparation, you should upgrade the Group Policy structure, for that, like domain preparation, run the adprep /domainprep /gpprep

NB: If you run this command before adprep /domainprep, this will prepare the domain and the group policies. So you can just run the Adprep /domainprep /gpprep command and it will make both operations.

DONE!

Preparation is complete, now we can start migration 🙂

Advertisements

2 thoughts on “Migrate Active Directory 2008 R2 to Active Directory 2012 – Part3

  1. I have loaded your website in Several different web
    browsers and I must say this website loads a lot faster then
    most. Would you mind e-mailing me the name of your hosting company?
    My personal email is: kentmcfarlane@googlemail.
    com. I’ll even sign up through your own affiliate link if you’d like.
    Cheers

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s