Subscribe to Windows IT Pro
November 04, 2011 06:27 PM

Upgrading Active Directory to Windows Server 8 (Screenshot Gallery)

It’s easier than you think
Sean Deuby
Windows IT Pro
InstantDoc ID #141178
Rating: (2)

In the list of “Things that keep an Active Directory administrator up at night”, upgrading your Active Directory schema has always been near the top. This concern has been around since Active Directory was first introduced with Windows 2000 and has continued ever since. Why is upgrading your Active Directory schema so concerning? It all boils down to two words: Can’t Undo. An Active Directory  schema extension, which is always part of the upgrade to a new release of the Windows Server OS, is extremely difficult to reverse, and only done in the most dire circumstances.

In the intervening eleven years since this process was introduced, however, the ADPREP process has been proven to be very reliable, and excessive worry about this process unjustified. In Windows Server 8, Microsoft has gone a step further and streamlined and integrated the ADPREP forest and domain upgrades and DCPROMO domain controller promotion processes into one Active Directory Domain Service Configuration Wizard that takes care of everything.

Let’s step through the process as I upgrade my Windows Server 2008 R2 home forest to Windows Server 8. My forest currently has two Windows Server 2008 R2 domain controllers and three sites. I’m going to upgrade using an IT generalist scenario for a small to medium business: I want a Windows Server 8 domain controller in my Active Directory forest to take advantage of new features (such as new UIs for the Recycle Bin and fine grained password policies), and I don’t want to sweat the small stuff.

To do this, I’ll take a Windows Server 8 member server and make it a domain controller by following the step-by-step instructions in the Add Roles and Features and AD DS Configuration wizards.

To clearly see the screenshots, be sure to tap the nearly-invisible "fullscreen" in the lower-right of the screenshot below, then the little "i" in the upper left for descriptions of each image. You can easily move back and forth through the screenshots with the left and right arrow keys.

The first step in the Windows Server 8 forest upgrade process is to install Active Directory Domain Services (AD DS) on your target Windows Server 8 server. To accomplish this, you must add it as a role. First, choose Add Role in Server Manager and select a role-based installation. Next, select the destination server you want to add this role to. (Note that this ability to install a role remotely is new to Windows Server 8.) I’ve chosen the local server, WS8DP01. Choose Active Directory Domain Services, and you’ll get a popup that tells you the Active Directory module for Windows PowerShell will also be installed. The Features page of the Add Roles and Features Wizard will then allow you to add other features. In this example I didn’t add any extra features. The next page of the wizard gives a very brief overview of what Active Directory does, and tells you that 1) you should have a minimum of two DCs in every domain, 2) DNS will be installed on the local machine if it’s not installed already, and 3) the process will also install DFS (distributed file system) components. These components are used to replicate SYSVOL information to other DCs in the domain. After a confirmation page, the role and features are installed. To continue into the actual upgrade / promotion process, choose the “Promote this server to a domain controller” link. This fires up the Active Directory Domain Services Configuration Wizard. In my upgrade scenario (by far the most common), I’ve chosen “Add a domain controller to an existing domain”. You’re next presented with several core options you can install. DNS will probably already be checked, and Global Catalog will be checked by default (the new default since Windows Server 2008). You can choose whether to make this new DC a read-only domain controller (RODC), and you can install it into a particular site in your site topology (I chose my Hub site in my hub-and-spoke model). The last fields are not actually optional. You must specify the Directory Services Restore Mode (DSRM) password to be used if you must boot the DC into this mode for recovery purposes. The next page presents you with the option to create a DNS delegation record for this soon-to-be domain controller. Since the DC will be a member of the Deuby.net root domain, no delegation record is necessary, and indeed the checkbox is unchecked by default. Finally, you can choose install DC data from media. This is a backup of another domain controller using the NTDSUTIL IFM command (check). This is an extremely useful option if you have a large enterprise with a large AD database, and don’t wish to replicate it over the wire. This feature has been available for a while, but using it required a special option when running the DCPROMO command. In Windows Server 8 it’s been incorporated into the main AD DS installation wizard. Next you’re presented with a summary page of the installation options you’ve chosen. I’ve chosen to show you this page because of one very useful button, View Script. This button shows you the 13 lines of PowerShell code to execute everything you’ve specified in the wizard, which you can then re-use for further Windows Server 8 DC promotions without need to go through the wizard again. Next, the wizard can optionally run a number of checks to ensure the role installation runs smoothly. Click on “Run prerequisites check” to perform the check; you can see the results of my check below. Domain controller installation and forest / domain upgrade Clicking on the Install button begins the installation. The first item that’ll get your immediate and undivided attention are the two little words “Upgrading forest” as the wizard runs ADPREP /FORESTPREP. When that completes, the wizard displays “Upgrading domain” as it run ADPREP /DOMAINPREP. After this big-scope items have completed, the wizard continues with the actual promotion of the local machine to domain controller. Interestingly, it appears to first replicate the database locally before it begins the various installation steps. Group Policy Management Console is installed. NETLOGON is stopped. Object replication begins (top of the page). DNS is configured. The next four slides show the results of the entire operation.

This process of upgrading a forest, domain, and domain controller to Windows Server 8 in my small forest took 30 minutes from start to finish. Your mileage may vary, of course, as forest and domain upgrade times are dependent on the number of DCs you have and your site topology.

This seamless, integrated process isn’t for everyone; many large environment AD administrators will still want to break up the upgrade process and monitor it closely. For the 80% of Active Directory installations around the world that are cared for by IT generalists, however, this new upgrade and promotion process will make upgrading Active Directory to Windows Server 8 a much simpler process.

Follow Sean on Twitter at @shorinsean.

Related Articles




Related Content:

ARTICLE TOOLS

Comments

Add A Comment
    There are no comments to display. Be the first one!
You must log on before posting a comment.

Are you a new visitor? Register Here

Blog Archive




    Dev Pro Left-Brain SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

    © 2012 Penton Media, Inc.

    Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

    Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.