Upgrade Domain Controller from Windows Server 2003 to 2016

How to Upgrade Domain Controller running Windows Server 2003 to Windows Server 2016 Domain Controller?

Despite Windows Server 2003 being out of Microsoft support since July 2015, many organizations still rely on this out-of-date operating system for business operations, and many more still use it as part of their primary domain controller infrastructure. This is a major security concern, and it is essential to upgrade the domain controller as Microsoft is no longer releasing any security updates or Windows Updates for Windows Server 2003.

This detailed guide explains the step-by-step process of upgrading Active Directory from 2003 to 2016. Before you start, please ensure you have updated Windows Server 2003 to the very latest available through Windows Update.

Prerequisites:

  • Update Windows Server 2003 with the latest patches available through Windows Update
  • A fresh licensed copy of Windows Server 2016.


Step 1 – Update Windows Server 2003

Objective: Ensure that Windows Server 2003 is updated to the latest patch level to maintain security and compatibility during the upgrade process.

Preparing for the Update:

  • Backup: Before beginning, update Windows Server 2003 with the latest patches available through Windows Update.
  • Check Disk Space: Ensure that there’s sufficient disk space for the updates. A minimum of 1GB free space is recommended.

Choosing the Right Browser:

  • Internet Explorer Issues: Older versions of Internet Explorer on Windows Server 2003 can have compatibility issues with ActiveX Controls, which are essential for Windows Update.
  • Recommended Browsers: Use updated versions of Firefox or Chrome for a smoother experience.

Accessing Windows Update:

  • Click on the Start button.
  • Navigate to Programs.
  • Go to All Programs.
  • Select Windows Update.

Installing Updates:

  • Once on the Windows Update page, click on Express Install to install high-priority updates. Alternatively, you can choose Custom Install to select specific updates.
  • Review the list of available updates. Ensure that all critical updates and service packs are selected.
  • Click Install Updates. The system might prompt you to accept terms and conditions. Read and accept them to proceed.
  • Wait for the updates to download and install. This might take a while depending on the number and size of updates.
  • Once updates are installed, you might be prompted to restart your server. Ensure that all your applications are saved, and then proceed with the restart.

Post-Update Checks:

  • After the restart, log back into the server.
  • Navigate back to the Windows Update page to check if there are any more updates available. Sometimes, certain updates become available only after installing prerequisite updates.
  • Ensure that all updates are installed and that the server is running smoothly.


Step 2 – Understanding the Upgrade Path

Direct Upgrade Limitations:

  • Windows Server 2003 cannot be directly upgraded to Windows Server 2016. If you attempt this, you’ll encounter a setup error. This limitation is due to significant architectural and functional differences between the two server versions.

Indirect Upgrade Path:

  • While there’s a theoretical path to upgrade from Windows Server 2003 to Windows Server 2008, and then from 2008 to 2016, it comes with challenges:
    • This path is only viable if you’re running a 64-bit version of Windows Server 2003.
    • The process involves multiple steps and can be prone to errors, making it a less-than-ideal solution. It’s also time-consuming and may introduce unexpected issues due to the age and differences between the server versions.
    • It’s essential to ensure that all applications and services are compatible with each intermediate server version during the upgrade.

32-bit Version Limitations:

  • If you’re operating on a 32-bit version of Windows Server 2003, a direct or indirect upgrade to Windows Server 2016 is not feasible. This is because Windows Server 2016 doesn’t support 32-bit architectures.

Checking Your Server Version:

  • To determine whether you’re running a 32-bit or 64-bit version of Windows Server 2003:
    1. Click on the “Start” button.
    2. Select “Run” from the menu.
    3. In the “Run” dialog box, type “WinVer” and press Enter.
    4. A window will pop up displaying the version and architecture of your Windows Server. Look for “x64 Edition” for 64-bit or “x86 Edition” for 32-bit.

Recommendation: Given the complexities and potential pitfalls of the upgrade process, it’s often more efficient and safer to set up a fresh installation of Windows Server 2016 on a new machine and then migrate roles, features, and data from the old server.


Step 3 – Preparing for the Upgrade

AIM: To ensure a smooth transition from Windows Server 2003 to Windows Server 2016, preparing adequately is crucial. This step focuses on the prerequisites and initial setup required for the upgrade.

Choosing the Upgrade Path:

Given the complexities and potential issues with direct upgrades, the most reliable method is to set up a fresh installation of Windows Server 2016. Once this is done, you can migrate the domain controller services from Windows Server 2003 to the new 2016 server.

Understanding the Prerequisites:

Before initiating the upgrade, it’s essential to meet specific criteria to ensure the process’s success. These prerequisites are:

Domain Functional Level:

  • Your Windows Server 2003 Domain Controller should be operating at the “Windows Server 2003” Domain Functional Level.
  • If your server is currently on “Windows Server 2000 Mode”, upgrading to the “Windows Server 2003” Domain Functional Level is imperative. This ensures compatibility and smooth migration to the 2016 server.To check and upgrade your Domain Functional Level:
    1. Open the ‘Active Directory Users and Computers’ tool on your Windows Server 2003 machine.
    2. Right-click on the domain root name and select “Raise domain functional level”.
    3. If it’s not already set to “Windows Server 2003”, choose this option and apply the change.

Windows Server 2016 Setup:

  • A dedicated server machine is required for the new installation.
  • This server should have a fresh, licensed copy of Windows Server 2016 installed. Ensure that the server meets the minimum hardware requirements for Windows Server 2016, including RAM, processor speed, and storage capacity.
  • It’s also recommended to install all critical updates for Windows Server 2016 before proceeding with the migration.
Elsewhere On TurboGeek:  PowerShell OneLiners: Automation Tips and Tricks

Backup and Documentation:

Before making any significant changes, it’s a best practice to:

  • Take a complete backup of your Windows Server 2003, including all Active Directory data. This ensures you have a fallback option in case of unforeseen issues.
  • Document your current server configuration, network settings, and any custom configurations. This will be useful for reference during the migration process.


Step 4 – Check the Domain Functional Level on Windows Server 2003

Objective: Before migrating to Windows Server 2016, ensuring that your current Windows Server 2003 is operating at the correct Domain Functional Level (DFL) is crucial. This step will guide you through the process of checking and, if necessary, adjusting the DFL.

Access Active Directory Users and Computers:

  • Click on the Start button.
  • Navigate to Administrative Tools.
  • Select Active Directory Users and Computers.

Check the Domain Functional Level:

  • In the left pane, locate your domain root name (e.g., turbogeek.co.uk).
  • Right-click on the domain root name.
  • From the context menu, select Properties.
  • In the properties window, navigate to the General tab. Here, you can view the current Domain Functional Level.

Raise the Domain Functional Level (if necessary):

  • If the displayed Domain Functional Level is not “Windows Server 2003”:
  • Right-click on the domain root name again.
  • Select Raise domain functional level.
  • In the pop-up window, choose “Windows Server 2003” from the available options.
  • Click OK and then Apply.

Note: If you cannot raise the DFL, ensure that all domain controllers are running at least Windows Server 2003 and that no domain controllers are running older versions like Windows 2000.

Prepare for Migration to Windows Server 2016:

  • Remember, when you eventually migrate to Windows Server 2016, the Forest Functional Level will also need to be updated to “Windows Server 2016”.
  • Before initiating the migration, ensure you have a machine with a basic installation of Windows Server 2016 ready. This machine will be crucial for the migration process.
Migrate Windows Server 2003 Domain Controller
Windows Server 2003 Domain Controller


Step 5 – Building the Windows Server 2016 Domain Controller

Prerequisites:

  • Ensure you have a Windows Server 2016 machine already set up.

Setting up Active Directory Domain Services (ADDS):

  1. Open Server Manager.
  2. Navigate to Add Roles & Features.
  3. Select and install the Active Directory Domain Services role from the list of roles.
  4. Once the ADDS role is successfully installed, return to Server Manager.
  5. Choose the option to Promote this server to a domain controller.

Configuring the Domain Controller:

  1. Select Add a domain controller to an existing domain on the deployment configuration page.
  2. Enter the name of your existing domain.
  3. Provide the Domain Admin credentials and click Next.
Migrate Windows Server 2003 Domain Controller

Domain Controller Options:

  1. On the Domain Controller Options page, ensure you select both Domain Name System (DNS) and Global Catalog.
  2. Click Next.
  3. You may encounter a warning stating, “A Domain controller running Windows Server 2008 or later could not be located on this domain”. This warning can be safely ignored for now.
  4. Set a Directory Services Restore Mode (DSRM) password. This password is crucial for restoring the domain controller in case of failures. Ensure you remember or securely store this password.
  5. Click Next.
Migrate Windows Server 2003 Domain Controller

Addressing DNS Warnings:

  1. You might receive a warning on the DNS Options page: “A delegation for this DNS server cannot be created because the authoritative parent zone cannot be found”. This indicates a potential issue with DNS delegation.
  2. If you attempt to proceed by clicking Next, you might encounter an error related to the DNS authoritative parent zone.
  3. To address this, you’ll need to ensure proper DNS configurations are in place, which might involve creating a new DNS delegation or ensuring the DNS server settings are correctly configured.


Step 6 – Fix DNS Delegation

Addressing DNS Delegation on Server 2003:

  1. Open the DNS Manager application on your Server 2003 Domain Controller (or dedicated DNS server).
    • Navigate: Start > Run > Type dnsmgmt.msc and press Enter.
  2. In the DNS Manager, create a new Delegation Zone.
  3. Point this new zone to the IP address of your Server 2016.

Continuing Installation on Server 2016:

  1. Switch back to your Server 2016 Domain Controller.
  2. On the DNS Options page, click Next. You should no longer encounter the previous error with the DNS delegation fixed.
  3. On the Additional Options screen, ensure the option “Replicate from ANY DOMAIN CONTROLLER” is selected.
  4. Click Next on the Review Options page.
  5. The system will now check all prerequisites for the installation.
    • Ensure all checks complete successfully.
  6. Click Next to finalize the addition of the Server 2016 machine as a domain controller.
  7. Once the process completes, you’ll have successfully upgraded and added the Server 2016 as a domain controller.


Step 7 – Post Upgrade Tasks

Domain Synchronization:

  • After the upgrade, allowing the domain to synchronize fully is crucial.
  • Ideally, let the synchronization process run uninterrupted for 48 hours. This ensures all domain data is updated and consistent across domain controllers.

Handling the Server 2003 Domain Controller:

  1. Turn off the Server 2003 domain controller. This will prevent it from actively participating in the domain.
  2. However, do not decommission or remove the Server 2003 domain controller immediately. Windows provides a grace period of 180 days before the server is considered “tombstoned” or permanently out of sync.
  3. During this grace period, monitor the new Server 2016 domain controller for any issues or discrepancies. This provides a safety net in case you need to revert to the Server 2003 domain controller.

Enhancing Redundancy:

  • To add redundancy and ensure high availability, set up an additional Server 2016 domain controller. This ensures that if one domain controller faces issues, the other can take over, minimizing downtime.

Updating Domain Functional Level:

  1. Once you’re confident in the stability of your Server 2016 domain controllers and have decommissioned the Server 2003 domain controller, it’s time to update the domain functional level.
  2. Update the domain functional level to “Windows Server 2016”. This allows you to leverage the latest features and security enhancements provided by Windows Server 2016.

Additional Resources:

  • If you have any questions or need further clarification on any steps, refer to the official Microsoft Q&A about Windows Server 2003 end of life. This resource provides comprehensive information and answers to common queries.

Richard.Bailey

Richard Bailey, a seasoned tech enthusiast, combines a passion for innovation with a knack for simplifying complex concepts. With over a decade in the industry, he's pioneered transformative solutions, blending creativity with technical prowess. An avid writer, Richard's articles resonate with readers, offering insightful perspectives that bridge the gap between technology and everyday life. His commitment to excellence and tireless pursuit of knowledge continues to inspire and shape the tech landscape.

You may also like...

1 Response

  1. 16/03/2023

    […] Active Directory is the backbone of many modern enterprise environments—a centralized platform for managing user accounts, groups, computers, and other resources. With PowerShell, managing Active Directory has never been more accessible. PowerShell is a powerful command-line tool that can help automate many tasks related to Active Directory management. This blog post will cover some of the most useful PowerShell oneliners for effective Active Directory management. […]

Leave a Reply

Your email address will not be published. Required fields are marked *

Translate »