Migration From Windows 2003 AD to 2016

Tutorial on how to perform Migration from Windows 2003 AD to 2016

It is NOT possible to migrate Windows 2003 AD to 2019 directly as the minimum requirement to add a Windows Server 2019 Domain Controller is a Windows Server 2008 functional level Components used in this lab

  1. Windows 2003R2 Server with Exchange 2003 SP2 (WIN2003 – 192.168.1.170)
  2. Windows 2016 Server – (WIN2016 – 192.168.1.172)
  3. Windows 7 Pro – (WIN7PRO – DHCP)

Windows 2016 Server as Additional Domain Controller

Setup a new Windows 2016 Server with latest patches installed and join to existing AD Domain

Verify the DNS Server is pointing to the existing Windows 2003 AD Domain Controller

Get-DnsClientServerAddress -AddressFamily IPv4

InterfaceAlias               Interface Address ServerAddresses                                                                                                                                                                                                   
                             Index     Family                                                                                                                                                                                                                    
--------------               --------- ------- ---------------                                                                                                                                                                                                   
Ethernet0                            5 IPv4    {192.168.1.170}      

Join to AD Domain and reboot

$cred = New-Object System.Management.Automation.PsCredential("mylab\administrator", (ConvertTo-SecureString "[email protected][email protected]#$" -AsPlainText -Force))
$DomainName = "mylab.local"

Add-Computer -DomainName $DomainName -Credential $cred 
Restart-Computer

Raise Forest & Domain Functional Level to Windows 2003

Raise Domain Functional Level from Windows 2000 Native to 2003 in Active Directory User and Computers

Right click on AD Domain and select Raise Domain Functional Level

Migration From Windows 2003 AD to 2016

Raise the current Domain Functional Level from Windows 2000 mixed to Windows Server 2003

Migration From Windows 2003 AD to 2016

Click OK to proceed

Migration From Windows 2003 AD to 2016

Domain Functional Level had been raised to Windows 2003 successfully

Migration From Windows 2003 AD to 2016

Raise Forest Functional Level from Windows 2000 to 2003 in Active Directory Domains and Trusts

Migration From Windows 2003 AD to 2016

Raise the Current Forest Functional Level from Windows 2000 to Windows Server 2003

Migration From Windows 2003 AD to 2016

Forest Functional Level had been raised to Windows 2003 successfully

Migration From Windows 2003 AD to 2016

New Additional AD Domain Controller

Login to the new Windows 2016 Server as Domain Administrator to

Disable Windows Firewall or verify that all the required ports are alllowed by following Firewall Ports Required to Join AD Domain & Firewall Ports Required for AD Replication

#Disable Windows Firewall
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False

Promote it as Additional Domain Controller and Reboot

#Install AD Domain Services 
install-windowsfeature AD-Domain-Services -IncludeManagementTools

#Addtional Domain Controller
$Password = "[email protected][email protected]#$" | ConvertTo-SecureString -AsPlainText -Force

Install-ADDSDomainController -DomainName “mylab.local” `
-InstallDns:$true `
-NoRebootOnCompletion:$false `
-SafeModeAdministratorPassword $Password `
-Force:$true

New Windows 2016 Server had been promoted as additional domain controller successfully

Migration From Windows 2003 AD to 2016

Verification of AD, SYSVOL & DNS Replication

Verify the AD Replication between Windows 2003 & 2016 AD Domain Controller are working fine with "repadmin /replsum"

Verify NETLOGON & SYSVOL is shared on Windows 2016 AD Domain Controller

Create a new GPO in Windows 2016 AD Domain Controller and verify the new GPO is displayed in Windows 2003 AD Domain Controller

Open DNS Manager and verify all the DNS records are displayed

Migration from Windows 2003 AD to 2016 by transferring FSMO Roles

Login to Windows 2016 DC, and run the following PowerShell

#Verify the placement of existing FSMO Roles
Get-ADDomain | Select-Object InfrastructureMaster, RIDMaster, PDCEmulator
Get-ADForest | Select-Object DomainNamingMaster, SchemaMaster

#Move all FSMO Roles to Windows 2016 DC
Move-ADDirectoryServerOperationMasterRole -Identity “WIN2016” –OperationMasterRole DomainNamingMaster,PDCEmulator,RIDMaster,SchemaMaster,InfrastructureMaster

Update Directory Access in Exchange 2003

Open Exchange System Manager, and right click on Servers – AD01 – Properties – Directory Access

Change the Configuration Domain Controller, Domain Controllers & Global Catalog Servers to the new Windows 2016 DC

Uncheck Automatically Discover Servers, and add WIN2016 manually

Reboot the Exchange 2003 Server with the new configuration to ensure that it is working fine

Decommissioning of Windows 2003 Domain Controller

  1. Remove Windows 2003 Domain Controller with dcpromo
  2. Change the DNS Server to point to Windows 2016 DC prior reboot the server

Verify Exchange 2003 is functioning

  1. Verify all Exchange related services are started
  2. Verify inbound & outbound Email is working fine

Migration of Windows 2003 to 2016 is completed successfully for now.

We are going to use the same lab to verify the steps required to migrate from Exchange 2003 to Office 365 soon.

Appendix

A. Windows Server 2019 & Windows 10 failed to join to Windows 2003 AD Domain as SMBv1 is disabled by default

Verify the SMBv1 is disabled and enabled it with PowerShell

# Verify the SMBv1 is disabled
Get-WindowsOptionalFeature -Online -FeatureName "SMB1Protocol"


FeatureName      : SMB1Protocol
DisplayName      : SMB 1.0/CIFS File Sharing Support
Description      : Support for the SMB 1.0/CIFS file sharing protocol, and the Computer Browser protocol.
RestartRequired  : Possible
State            : Disabled
CustomProperties :
                   ServerComponent\Description : Support for the SMB 1.0/CIFS file sharing protocol, and the Computer
                   Browser protocol.
                   ServerComponent\DisplayName : SMB 1.0/CIFS File Sharing Support
                   ServerComponent\Id : 487
                   ServerComponent\Type : Feature
                   ServerComponent\UniqueName : FS-SMB1
                   ServerComponent\Deploys\Update\Name : SMB1Protocol

# Enable SMBv1
Enable-WindowsOptionalFeature -Online -FeatureName "SMB1Protocol" -All

B. No Network Card Driver found in Windows XP running on VMware Workstation 15.5 Pro

Delete ethernet0.virtualDev = "e1000" manually in .vmx file

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top