20 Helpful Steps Migrating Windows Server 2003 to 2012 R2
Windows Server 2003 support ends July 14th 2015. While you’ve probably heard this a multitude of times, the severity of support no longer being offered by Microsoft for this aging server offering could be detrimental security wise to the organization you support. The following are 25 steps that I have been walking our customers through at a high level to fast track them off of their aging infrastructure and into Windows Server 2012 R2.
Let’s take a Server that is running Windows 2003 and is a Domain Controller, DHCP, DNS, and some File Services.
Build a new Windows 2012 R2 Server, install all necessary patches and join it to the Domain
Install the AD, DHCP, DNS, and File Services (Including De-Duplication) Roles
Logon to the Existing Windows 2003 Domain Controller and stop the DHCP Server Service
Copy the DHCP Database from the from Windows 2003 (%windir%\system32\dhcp\dhcp.mdb) to the new Windows 2012 R2 Server (c:\Export\DHCP\dhcp.mdb)
NOTE: Only grab the DHCP Database and not the associated log files. This will take all of the associated Scopes from the old server to the new one. It is a complete cutover. If you need to take individual scopes you should use NETSH or the Server Migration Toolkit.
Export the DNS Configuration for all of the Standard Primary and Secondary Zones (Forward and Reverse) and export the DNS Registry keys (HKLM\Software\Microsoft\Windows NT\CurrentVersion\DNS Server\Zones to the new Windows 2012 R2 Server (c:\export\DNS\zones.reg) then copy *.dns from %windir%\system32\dns to the new Windows 2012 R2 Server (c:\export\DNS)
Run net share on the old server to view all of the current shared folders. Review the Permissions and decide which folders to take over to the new server
NOTE: Take this opportunity to clean up old shares. It’s probable most of the data isn’t even required on the new server. Also take this opportunity to review if the permissions are correct and in a desired state for the new server. Using the RoboCopy command below will mirror the permissions.
Logon to the new Windows 2012 R2 Server and configure the following RoboCopy script to mirror all of the desired folders to the new server:
Robocopy “\\<OldServer>\client service advisors” “f:\Client Service Advisors” /MIR /SEC /SECFIX /R:5 /W:15 /MT:12 /V /NP /LOG:f:\RoboCopySync_<OldServer>_clientserviceadvisor.log
Robocopy “\\<Old Server>\client services” “f:\Client services” /MIR /SEC /SECFIX /R:5 /W:15 /MT:12 /V /NP /LOG:f:\RoboCopySync_<OldServer>_clientservices.log
Robocopy “\\<Old Server>\corporate client services” “f:\corporate Client services” /MIR /SEC /SECFIX /R:5 /W:15 /MT:12 /V /NP /LOG:f:\RoboCopySync_<OldServer>_corporateclientservices.log
Robocopy “\\<Old Server>\hrs-pdf-reports” “f:\hrs-pdf-reports” /MIR /SEC /SECFIX /R:5 /W:15 /MT:12 /V /NP /LOG:f:\RoboCopySync_<OldServer>_hrs-pdf-reports.log
NOTE: We normally check the log files generated by this script to check for open files and it can take a few days to fully Sync everything up.
In production we would likely let this run as a scheduled task for a couple of weeks and check back. RobyCopy will only take the changing or missing files so the final run of the script is very quick.
Setup the Shares and Share Permissions on the new Windows 2012 R2 Server.
Disable Strict Name Checking
1. Expand the following key: HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters
2. Create a new DWORD (32-bit) Value of DisableStrictNameChecking
3. Set the Value to 1
NOTE: The above setting assists in moving the name of the old server by the creation of a CNAME record that points to the new Windows 2012 R2 Server.
This addresses the possibility of users creating mapped drives manually to the shares that will no longer exist on the old server.
Logon to the old Windows 2003 Domain Controller and demote it using DCPromo.exe
Rename the old Windows 2003 Server (which is now a member server) to <ServerName>-Old and change the IP Address
In DNS Create a CName Record in DNS that points the old Windows 2003 Server to the name of the new Windows 2012 R2 Server
Logon to the new Windows 2012 R2 Server and change the IP Address to the IP Address of the old Windows 2003 Domain Controller
NOTE: This is important as it addresses clients or servers configured to use the old windows 2003 Server for DNS and allows for a seamless transition. DHCP Migration also requires the use the IP Address of the old server because the existing client leases are tied to that IP Address.
Promote it as a Replica Domain Controller
1. Validate Active Directory DNS Zones are created
2. Validate AD Replication is working via the KCC (Knowledge Consistency Checker)
3. Ensure there are not any errors in the event logs
Migrate DHCP
1. Delete all of the existing database files including logfiles from %windir%\system32\dhcp
2. Copy the old DHCP Database from c:\export\dhcp\dhcp.mdb to %windir%\system32\dhcp
3. Start the DHCP Server and Authorize the DHCP Server
4. You should have all of the scopes from the old server including their leases now
Migrate DNS
1. Import the Registry key from c:\export\dns\zones.reg
2. Copy all of the *.dns files from c:\export\dns to %windir%\system32\dns
3. Restart the DNS Service
4. Validate that all of the Standard Primary and Secondary (Forward and Reverse) lookup zones are there
Validate that you can browse the UNC Path of \\<oldserver>\<share> using the new CNAME
Validate that you can browse the UNC Path of \\<newserver>\<share> using the name of the new Windows 2012 R2 Server
Validate that DNS and DHCP are working properly
Shut down the old Windows 2003 Server
NOTE: Deletion of the Windows Server 2003 virtual or physical machine usually occurs after testing is completed over a period of 3 to 6 months.