Deploying a Windows Server 2012 R2 Domain Controller in an existing Win2003 Functional Level Domain.

My first task before deploying a Windows Server 2012 R2 Domain Controller in a Windows Server 2003 forest functional level environment was to run the Test-ADDSDomainControllerInstallation cmdlet and determine my domain environment’s readiness to accept the new Windows Server 2012 R2 Domain Controller installation without any glitches:

[ws2012r2]: PS C:\Users\admin\Documents> Test-ADDSDomainControllerInstallation -DomainName genesys.net | fl
WARNING: A script or application on the WS2012R2 remote computer is sending a prompt request. When prompted, enter sensitive information such as credentials or password
only if you trust the remote computer and the application or script requesting it.
SafeModeAdministratorPassword:******

WARNING: A script or application on the WS2012R2 remote computer is sending a prompt request. When prompted, enter sensitive information such as credentials or password
only if you trust the remote computer and the application or script requesting it.
Confirm SafeModeAdministratorPassword:******

Message : Verification of user credential permissions failed. Failed to examine the Active Directory forest. The error was: ldap_search() failed, err=1
000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1
Errors may be the result of insufficient credentials for a remote operation. Consider setting explicit credentials for this operation.

Context : Test.VerifyUserCredentialPermissions.DCPromo.General.78
RebootRequired : False
Status : Error

The initial test failed as indicated above. The failure was due to the fact that at the time of deployment, one of the two Domain Controllers had just failed. I had been running two virtual machines as domain controllers. DC00 was running Windows Server 2003 R2 and DC01 had Windows Server 2008 R2. DC00 (running Windows Server 2003 R2) held all the FSMO roles before the failure. To resolve this error, I had to seize all the FSMO roles and move them to DC01 (WS2008 R2 domain controller).In a previous post, I wrote about seizing the FSMO roles with PowerShell.

I couldn’t remember the SafeModeAdministratorPassword which basically is the DSRM password, so I used the ntdsutil tool to reset the DSRM password as shown in the screenshot:

DSRM

DSRM01

After the above changes had been made, I restarted the WS2012 machine on which I intended to install Active Directory. I ran the Test-ADDSDomainControllerInstallation again and this time with success:

Test-ADDS

Now, I’m ready to start the actual Active Directory installation:

InstallAddsWin2003domainlevel

Most of the installation process involves the upgrade of the current schema version from 47 (Windows Server 2008 R2) to 69 (Windows Server 2012 R2 Schema). It is worth mentioning at this point that Pre-Windows Server 2012, the adprep command had to be separately run pre-installation to upgrade the schema. With Windows Server 2012, the upgrade happens automatically .The machine restarts after the schema upgrades and DNS installation are complete:

InstallAddsWin2003domainlevel01

InstallAddsWin2003domainlevel02

After restart, I noticed the ADUC console was not installed. Still trying to figure out why though, but I manually installed it with the Install-WindowsFeature -Name rsat-adds -IncludeAllSubFeature -IncludeManagementTools cmdlet, verified AD and DNS settings and confirmed the current Active Directory schema version to be 69 with the Get-ADRootDSE cmdlet. The same cmdlet also confirms that this is a Windows2012R2 domain controller in a Windows2003 domain and forest functional level as indicated in the screenshot:

schemaversion02

ntdssettings

Running the dcdiagnostics command gives me an idea of what errors if any to deal with. Some of the Replication errors occurred as a result of a non existent Domain Controller (DC00 running Windows Server 2003 failed). I will have to run a Domain Controller metadata cleanup to remove the failed Domain Controller object from the system:

dcdiag00

dcdiag01

As mentioned earlier, this installation requires PowerShell 3.0 or PowerShell 4.0.

Advertisements
This entry was posted in Active Directory, Active Directory Domain Services, AD Forest, DCPromo, Domain Controller, DSRM, Flexible Single Master Operations, FSMO, NTDSUtil, PowerShell, PowerShell 3.0, Powershell 4.0, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2 and tagged , , , , , , , , , , , . Bookmark the permalink.

One Response to Deploying a Windows Server 2012 R2 Domain Controller in an existing Win2003 Functional Level Domain.

  1. Hi

    First i want to thank the author for his awesome information.
    You can also get valuable info from http://dntoolz.com

    Thanks.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s