Before starting the migration process, ensure you have:
- Administrative privileges on both servers
- Backup of your current Active Directory (System State backup recommended)
- Windows Server 2008 installation media or ISO
- Network connectivity between both servers
First, install Windows Server 2008 on your new hardware. Then run these commands in an elevated command prompt to prepare the forest and domain:
dcdiag /v /c /d /e /s:currentDC > dcdiag.log
repadmin /showrepl
repadmin /replsummary
These commands will verify your current AD health and replication status.
Run the following PowerShell script to install AD DS and promote the server:
Import-Module ServerManager
Add-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
Install-ADDSDomainController
-DomainName "yourdomain.com"
-InstallDNS:$true
-Credential (Get-Credential)
-DatabasePath "C:\Windows\NTDS"
-LogPath "C:\Windows\NTDS"
-SysvolPath "C:\Windows\SYSVOL"
-NoRebootOnCompletion:$false
After the new DC is up, transfer all Flexible Single Master Operations (FSMO) roles:
# List current FSMO holders
netdom query fsmo
# Transfer roles using ntdsutil
ntdsutil
roles
connections
connect to server newDC.yourdomain.com
q
transfer schema master
transfer naming master
transfer PDC
transfer RID master
transfer infrastructure master
q
q
Once you've verified all roles have transferred and replication is working properly, demote the old server:
dcpromo /forceremoval
After demotion, you may need to manually clean up metadata using:
ntdsutil
metadata cleanup
connections
connect to server newDC.yourdomain.com
q
select operation target
list domains
select domain 0
list sites
select site 0
list servers in site
select server oldDC
q
remove selected server
q
q
Complete these final steps:
- Update DNS settings on all clients to point to the new DC
- Verify Group Policy replication
- Test authentication from multiple workstations
- Monitor event logs for several days
For additional verification, run:
dcdiag /test:FSMOCheck /v
dcdiag /test:Advertising /v
dcdiag /test:MachineAccount /v
Before starting the migration process, ensure you have:
- Administrative credentials for both servers
- Network connectivity between old and new servers
- AD health check completed on the 2003 server (run 'dcdiag /v')
- System state backup of current DC
- Sufficient disk space on the new server
First, install Active Directory Domain Services role on the new server:
# PowerShell command to install AD DS Import-Module ServerManager Add-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
Run this on the new server to add it to the existing domain:
# Using dcpromo with answer file dcpromo /unattend /InstallDns:yes /ConfirmGc:yes /CreateDNSDelegation:no /ReplicaOrNewDomain:replica /ReplicaDomainDNSName:yourdomain.local /UserDomain:yourdomain /UserName:administrator /Password:**** /DatabasePath:"C:\Windows\NTDS" /LogPath:"C:\Windows\NTDS" /SYSVOLPath:"C:\Windows\SYSVOL" /SafeModeAdminPassword:*****
After replication completes, transfer all FSMO roles to the new server:
# Command to transfer all roles netdom query fsmo # Then for each role: ntdsutil roles connections connect to server newdc.yourdomain.local quit transfer schema master transfer naming master transfer PDC transfer RID master transfer infrastructure master
Check the AD replication status and verify operations:
repadmin /showrepl repadmin /replsummary dcdiag /test:replications /v dcdiag /test:fsmocheck /v
Once you confirm the new DC is functioning properly:
# On the old 2003 server dcpromo /forceremoval
After demotion, clean up metadata:
# On the new 2008 DC ntdsutil metadata cleanup connections connect to server newdc.yourdomain.local quit select operation target list domains select domain 0 list sites select site 0 list servers in site select server olddc.yourdomain.local quit remove selected server
- Update DHCP to point to new DC for DNS
- Reconfigure any applications using LDAP
- Verify GPO replication
- Test user logins and group policies
If you encounter replication errors:
repadmin /syncall /A /e /q
For DNS issues:
dnscmd /clearcache