Even its been over decade after windows server 2003 release , It’s no wonder that still organizations using windows server 2003 / windows server 2003 R2 as their domain controllers. Microsoft has announced that windows server 2003 / windows server 2003 R2 supports ends on 2015, July 14th (http://support2.microsoft.com/lifecycle/search/default.aspx?sort=PN&alpha=Microsoft+Windows+Server+2003&Filter=FilterNO). So the day has come to plan out for the upgrades if you still running those versions in infrastructure.
This guide will explain how we can transfer DC FSMO roles from windows server 2003 to windows server 2012 R2 which is latest. In Windows DC environment FSMO roles holds all the information about DC and its necessary to have all this 5 roles working correctly to maintain proper DC environment. The 5 FSMO roles as following,
• Schema master
• Domain naming master
• RID master
• PDC emulator
• Infrastructure master
You can find more information about this roles from http://support.microsoft.com/kb/197132
For the demonstration I am using the following setup
|
Server Name |
Operating System |
Server Roles |
|
canitpro-dc2k3.canitpro.local |
Windows server 2003 SP2 x86 |
Active Directory FSMO roles, DNS |
|
CANITPRO-DC2K12.canitpro.local |
Windows server 2012 R2 x64 |
Additional Domain Controller, DNS |
So in here I already added windows 2012 r2 server to domain and make it additional domain controller. Currently it do not hold any FSMO roles. My plan is to migrate all the FSMO roles in to windows 2012 r2 server.
Note : In before if we adding windows 2008 server to windows 2003 environment, first we need to prepare the forest and domain schema by running adprep \forestprep and adprep \domainprep from windows 2008 source files \ support \ adprep. But in windows 2012 you do not need to worry about it when adding 2012 as additional domain controller. When you run the dcpromo it will automatically update it in windows 2003 remotely.
Transfer RID master, PDC emulator, Infrastructure master Roles
As the first step let’s look how we can transfer these 3 roles over to new server.
• Log in to the windows 2012 R2 server as domain administrator
• Click on Server Manager > Tools > Active Directory Users and Computers
• In MMC, right click on the domain name > click on “Operation Masters”
• In next window it will show the 3 FSMO roles. The default is “PDC”. In there it shows the current PDC holder. Then it is asking if need to change it to new windows 2012 r2 server click on change. There for lets go ahead and click on “Change”
• Then it’s asking for confirmation. Click yes to continue.
• Once its confirm as operation completed we can see the window shows the current PDC role holder as new windows 2012 r2 server.
• Please repeat the same steps to transfer the RID master and Infrastructure master Roles
Transfer domain naming master role
• Log in to the windows 2012 R2 server as domain administrator.
• Click on Server Manager > Tools > Active Directory Domains and Trusts.
• In MMC right click on Active Directory Domains and Trusts > click on Operation Master.
• In here it shows the current domain naming master role holder (canitpro-dc2k3.canitpro.local) and its asking if we need to move it to windows server 2012 R2 (CANITPRO-DC2K12.canitpro.local). Click on change to move the role over.
• Then it’s asking for confirmation and click yes to continue.
• Once its confirm about task completion we can see current domain naming master is windows server 2012 R2 (CANITPRO-DC2K12.canitpro.local).
Transfer schema master role
• Log in to the windows 2012 R2 server as domain administrator.
• Open “Run” window in server (Windows key + R) and type regsvr32 schmmgmt.dll and press enter.
• It will give the confirmation message and click on ok to continue.
• Then again open “Run” window and type mmc and click ok
• Then in mmc window click on File > Add-Remove snap-in
• Then from snap in select “Active Directory Schema” and click on “Add” button
• Then click on Ok button to continue
• Then right click on “Active Directory Schema” and click on “Change Active Directory Domain Controller”
• In Next window select the windows server 2012 R2 DC (CANITPRO-DC2K12.canitpro.local) and click ok.
• It will give information message and click ok to continue.
• Then right click on “Active Directory Schema” and click on “Operation Master”
• In here it shows the current schema master role holder (canitpro-dc2k3.canitpro.local) and its asking if we need to move it to windows server 2012 R2 (CANITPRO-DC2K12.canitpro.local). Click on change to move the role over.
• Then it’s asking for confirmation and click yes to continue.
• Once it’s confirm about task completion we can see current schema master is windows server 2012 R2 (CANITPRO-DC2K12.canitpro.local).
Now we successfully move all 5 fsmo roles over to new windows server 2012 R2. To confirm it open command prompt in new server and type command netdom query fsmo and press enter.
Yipeeee!!! Its shows as all fsmo roles moved successfully.
It will take some time to move all the data over. After that it’s safe to demote the DC role from the windows 2003 server.
Once its demote 2003 DC make sure you raise the forest functional level and domain functional level in to windows server 2012 R2 to experience new changes.
If you have any questions regarding the post feel free to contact me on rebeladm@live.com
This is very good, thank you. Very good guide.
This guide is amazing! Very detailed! Thank you for this post! It's realyy helpfull!
Thanks for your very detailed post…!
Thanks a lot. More helpful.
Did the steps and transfer the roles, query fsmo also shows that the new server in the the new roles holder but….getting error in DCDIAG:
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
netdom query pdc(from other dc):
The specified domain either does not exist or could not be contacted.
The command failed to complete successfully.
Please help..
it doesnt seems PDC role is moved. you need to move it.
Thanks for detailed post.
I wish to know what need to take care if you have Microsoft Exchange in your environement
Good information. It's important to note if you move the PDC emulator role, you will need to change the NTP configuration on the old and new PDC emulator systems. https://technet.microsoft.com/en-us/library/cc786897(v=ws.10).aspx
Thanks a lot. More helpful. However, In the case dc2k3 do not use and removing dc2k3 is necessary, could you pls post how to remove dc2k3 in this case. thank you very much Dishan M. Francis.
great article, helped tremendously.
do this activity change the domain function level from 2003 to 2012?
Thank you so much for this information. I don’t need to move the roles that often, increasing the risk of forgetting something, so these step-by-step instructions were very useful.
Great step by step. Just used it to move FSMO roles from an old 2003 DC to 2008, then up to 2012. Thanks, much appreciated.
This is 2021. This will guide me through my long time due migration.
Thanks a lot! Cheers!
Great!! Impossible do better and simplest!