we have a DC who is running in Windows Server 2003 and i want to migrate that to a more recent version, the thing is there is no path at microsoft to do that.
if i install a new DC on let’s say Windows Server 2019 i’m afraid that my users will lose their profile on their system to a new one, is there something to do to keep user profile after joining a new domain ?
the server is used only to log users, dns and dhcp .
The migration path would be Server 2003 → Server 2012 R2 → Server 2019 to upgrade your existing domain. Essentially you’ll need to perform two separate DC migrations and use Server 2012 R2 as a bridge between 2003 and 2019.
I’d avoid this route at all costs. Things will get messy with NTFS permissions and trying to migrate profiles between the two domains. This is the equivalent to an unrecoverable DC failure and a worse case scenario you don’t want to be in.
Can you provide a little more info on your environment?
Is your current AD domain using a “.local” domain? If so you might want to consider migrating to a new domain use a proper subdomain. There are ways to migrate users/groups/computers to a new domain, but it can be slow and tedious work.
That Microsoft certification material that recommended .local domains probably ruined many people’s days.
OP doesn’t need to migrate the server. Join the new servers to the domain as additional domain controllers, promote the new guys FSMO roles and decommission the old servers. Worst it can happen is that you need to change DNS settings.
Of cours backup everything first.
there is only one domain controler, it share no data, only authenticate users, dns and dhcp, the server is 2003 server, de 20 workstations are windows 10 pro
if i do that will i lose my user profiles on their workstation or it will follow ?
and yes it’s a .local
My personal opinion, this is the correct answer for the easiest upgrade path. Once the new DCs have been promoted and the last of the 2003 DCs removed, it’s a simple process to upgrade AD to the latest version.
This.
You have two routes:
I’d suggest adding a second server running a more recent OS as a secondary DC, then upgrade the existing one.
I haven’t done upgrades from 2003 before (i’ve retired them and added newer DCs) but i have done upgrades from 2008r2 → 2012r2 without any issues to speak of.
I’ve been running the same AD domain here since 2002.
As always, have backups.
Oh… one thing i forgot.
As part of your upgrade you will (if you have multiple DCs - which you don’t yet, but may have if you go through with adding one) need to go through the change from FRS to DFS-R replication when you go from 2008 R2 to 2012 R2 from memory (or maybe from 2012R2 to support 2016 DCs).
However, if you have only ONE DC there’s no replication yet.
So in your case you can maybe skip that FRS->DFS-R upgrade step if you stick with a single DC.
Definitely though - have backups, but in my experience upgrading DCs is not a big problem.
You will need to run adprep and forestprep in earlier versions though recent releases will do this for you automatically. And with a single DC, there’s no replication to all DCs before proceeding to worry about.
Then again, if you need to restore a DC from backup you may need to re-join the clients to it. But… like i said, i’ve never had a DC upgrade from one OS version to the next go south.
edit:
Its to add 2016 DCs to an older domain. To add 2016 DCs you need to migrate from FRS to DFS-R replication:
DFS-R first shipped with 2008 R2 (i think it was R2, most people skipped non-R2 2008 anyway as it was crap).