Installing a Windows 2012 Domain Controller into a 2000/2003 domain with Exchange 2003
Hello,
I have a client that we are planning to migrate to 2012 over time. They currently have a Windows 200 DC and 2 member servers running Windows 2003, one of which is running Exchange 2003.
We first are going to introduce a 2012 server into the domain and my plan was to DCPromo the 2003 server that isn't running Exchange and raise domain level to 2003 and then demote the 2000 server. I was then going to install the
2012 server into the domain and make it a backup Domain Controller for the time being and leave the newly promoted Windows 2003 server as the primary Domain Controller with all the roles and global catalog. My question is will Exchange 2003 still function
normally in this scenario?
I've been doing research and read some things about Exchange 2003 not working with 2012 Domain Controllers, but I was thinking if the 2003 is still the primary, it might work. We will eventually migrate to 2003, they just don't want to
do it all at once, due to costs and other issues.
Thanks.
I didn't ask if it was supported, I just wanted to know if Exchange 2003 would continue
to function if the Windows 2003 DC still held all the FSMO roles and Global Catalog.
A not supported situation means that it is a situation where Microsoft made no testing or do not guarantee that you can operate with no problems. Following a not supported scenario could be done but is on your own risk.
If it won't, can the 2012 server be a member server in the 2003 AD? The 2000
DC it is replacing, just shares files on the network in addition to being the lone AD server
Yes, it can be a member server.
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile
Similar Messages
-
Windows 2012 Domain Controller NETLOGON error
We have Sonicwall
firewall user authentication System active since last two months. We have Windows 2012 Active directory server setup
with around 1400 user account created. These accounts were created by using following PowerShell scripts
Import-Module ActiveDirectory
#Import CSV
$csv = @()
$csv = Import-Csv -Path C:\Users\Administrator\Desktop\"College User Ac Password Details"\FE\civil.csv
FOREACH ($Person in $csv) {
$name = $Person.UserName
$displayname = $Person.Name
$path = "OU=FE,DC=comp,DC=com"
$password = $Person.Password
$enabled = $True
$changePW = $False
$description="CIVIL"
new-ADUser -SamAccountName $name -Name $name -Description $description -DisplayName $displayname -Path $path -AccountPassword (ConvertTo-SecureString $password -AsPlainText -force) -Enabled $enabled -ChangePasswordAtLogon $changePW -PassThru}
Above script reads an CSV file with username and passwords and create user accounts on Active Directory.
But since today we are facing issue during authentication process. We are unable to logon to Directory server. When Sonicwall firewall tries to authenticate an user, it logged-out same user. When I checked Event logger on Windows Active Directory server it
shows following message.
The dynamic registration of the DNS record 'ForestDnsZones.comp.com. 600
IN A 192.168.0.12' failed on the following DNS server:
DNS server IP address: 216.37.64.6
Returned Response Code (RCODE): 5
Returned Status Code: 9017
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate
registration of the DNS records by the domain controller. To determine what might have
caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and
Support Center. To initiate registration of the DNS records by this domain
controller, run 'nltest.exe /dsregdns' from the command prompt on the domain
controller or restart Net Logon service. Or, you can manually add this record to DNS,
but it is not recommended.
ADDITIONAL DATA
Error Value: DNS bad key.
Above log entry talks about DNS issue. But I did non configured any DNS server on this machine.Authentication was working fine for last
two months , but suddenly from today we are facing above issue. Kindly help me out in resolving this issue.hi,
Im not sure of you setup and don't understand where your sonic wall comes in.
The error with the DNS is that the server is trying to register its DNS entries in the server with the public IP address
216.37.64.6 which I am assuming is your ISP's DNS server?
How is the DNS configured on your domain controller? The domain controller should point to it'self as it's preffered DNS server.
Regards,
Denis Cooper
MCITP EA - MCT
Help keep the forums tidy, if this has helped please mark it as an answer
Blog: http://www.windows-support.co.uk
Twitter: LinkedIn: -
Downgrade of Windows 2012 r2 to Windows 2012 Domain Service Active Directory
I have an uncertainty. we used adprep /forest and adprep /domain tools on windows 2012 R2 to update the domain active directory. But after promoting a domain controller to windows 2012 R2, we realized that a tool we use to authenticate computer account not
supported for domain controllers in Windows 2012 R2. Here comes the question, I can to install direct and promote a domain controller windows 2012 without running the adprep /forest and adprep /domain tools of Windows 2012?.
I hope be clearly.
tks.
migrationsHello,
as others mentioned there is no problem to promote a Windows Server 2012 into the domain as the functional level is fine for this.
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights. -
How do I add my Custom Workflow Activity to FIM 2010 R2 SP1 installed on Windows 2012 server?
Hellos.
I have tried and failed to add my custom.dll into the Windows Server 2012 GAC.
We have a version of FIM 2010 R2 Sp1 running on Windows Server 2008 R2 and that was no problem. There seemed to be a gacutil.exe present on the system which added my assembly.
I cannot find gacutil.exe on the Windows 2012 Server.
I have downloaded and installed Windows SDK for Windows 8. However, when I try the gacutil.exe /i <myCustom.dll> nothing seems to happen.
Are there any guidelines how to add custom workflow activities to FIM when installed on a Windows Server 2012 system?
TIA
*HHWell yes. It is fine when FIM is hosted on Windows Server 2008 R2.My difficulty is that I am using FIM 2010 R2 Sp1 and Windows Server 2012. No GACutility executable.
However, the problem has been resolved. Powershell can be used to modify the assemblies.
I opened a RunAs Administrator PS session. My assembly is in folder c:\Temp
Using Windows Explorer I browsed the folder c:\windows\assembly and noted the System.EnterpriseServices entries: version (2.0.0.0) and public key token (b03f5f7f11d50a3a)
(My version is 2.0.0.0 because when installing FIM and SharePoint 2013 the instructions I used suggested setting .Net version to be 2.0)
These powershell commands got me going...
PS C:\temp> [System.Reflection.Assembly]::Load("System.EnterpriseServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")
GAC Version Location
True v4.0.30319 C:\Windows\Microsoft.Net\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50...
PS C:\temp> $publish = New-Object System.EnterpriseServices.Internal.Publish
PS C:\temp> $publish.GacInstall("c:\temp\RunPowershellLibrary.dll")
PS C:\temp>
PS C:\temp>
PS C:\temp> iisreset
Amazingly I can see the assembly RunPowershellLibrary in my Windows 2012 GAC. :-)
Also, what is more cheering is that the custom activity actually works with FIM 2010 R2 Sp1. -
Can A Windows 2000 Client Join A Windows 2012 Domain ?
I have set up a Server 2012 VM that I have configured as a DC. The desktop environment consists of Windows 7, Windows XP and a few Windows 2000 machines. All desktops can JOIN the 2012 domain, but when I try to add domain users to any of the
Windows 2000 (SP4) workstations, it fails with the error "The trust relationship between this workstation and the primary domain failed".
Unjoining the workstation from the domain (or going into ADUC and deleting the Win 2000 computer from the domain) and trying again yields the same result. I do not have this problem when the Windows 2000 machines are joined to a Server 2008 R2 domain.
At this point, I'm leaning towards setting it up as a 2008 R2 DC, and moving to a 2012 DC once we have weaned ourselves off of the Windows 2000 desktops. Is there any hope of getting things to work with a 2012 DC from the start ?Hi,
Based on my research, Windows 2000 client is not supported for Windows 2012 DC.
Windows client and Windows Server operating systems that are supported to join Windows Server 2012 domains
The following Windows client and Windows Server operating systems are supported for domain member computers with domain controllers that run Windows Server 2012:
Client operating systems: Windows 8, Windows 7, Windows Vista, Windows XP
Computers that run Windows 8 are also able to join domains that have domain controllers that run earlier version of Windows Server, including Windows Server 2003 or later. In this case however, some Windows 8 features may require additional configuration or
may not be available. For more information about those features and other recommendations for managing Windows 8 clients in downlevel domains, see
Running Windows 8 member computers in Windows Server 2003 domains.
Server operating systems: Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003 R2, Windows Server 2003
Cataleya Li
TechNet Community Support -
Windows 2012 root certification authority in a 2003 Domain/ Forest level
Hello,
We are currently on Windows 2003 Domain & Forest Functional Level. Our Root CA is also currently on Windows 2003 DC.
If we have to setup a new Root/Issuing CA ( not exporting the current 2003 CA cert) on Windows 2012 R2 servers, is it then mandatory to first upgrade Domain & Forest levels to 2012 R2 ? Can we have a PKI infrastructure with
Enterprise CA's on a Windows 2012 Platform but the Domain/Forest levels still on 2003 level ? i understand it will be good to have everything on 2012 R2 , but can a mix of 2003 domain level and 2012 CA work ?Hi,
Look at below tread it might help:
https://social.technet.microsoft.com/Forums/windowsserver/en-US/fa8cac92-0f71-426c-ac95-e89e90e1c8d1/certificate-authority-and-forestdomain-functional-level?forum=winserversecurity
Basically the answer is yes you can have CA on 2012 R2 and DFL/FFL still on 2003.
Regards,
Calin -
Install SSAS unattented Install on Windows 2012 Core edition
Dear People who can help.
We are trying to offer SSAS as a Self Service solution in our company. this without giving the user SYSADMIN rights.
When we install this in a vmware environment or on a brick it does not start up SSAS. When we install it on a server with a gui it just work. Does any one know how to solve this problem in Windows 2012 Core edition without a gui?
Thanks in advance,
MichaelHi Michael,
According to your description, when you install the SSAS without GUI, it doesn't start up SSAS. Right?
When we install SQL Server via command line, we have the many installation parameters for Analysis Services. There's one parameter "/ASSVCSTARTUPTYPE" which specifies the startup mode for the Analysis Services service. You
should set it Automatic when do the unattended installation. Also you can start the SQL Server Analysis Services service manually via command line:
net start "SQL Server Analysis Services (MSSQLSERVER)"
Reference:
Install SQL Server 2014 from the Command Prompt
Tips ‘N’ Tricks – Windows – Starting, Stopping, and Restarting Services from Command Line
If you have any question, please feel free to ask.
Regards,
Simon Hou
TechNet Community Support -
Windows 2012 Domain Controllers and RC4
We are using Qualysguard as our vulnerability scanner, and we are getting QID 38601, "SSL/TLS use of weak RC4 cipher". While we have created a GPO to disable RC4 on the 2008/2012 servers, we have 4 Domain Controllers that we haven't included in
the GPO yet. I'm wondering if disabling RC4 on 2012 Domain Controllers will cause problems that I'm not forseeing right now.
Does someone out there have any knowledge of this through experience or otherwise?
Thanks in advance.
Hi,
As far as I know, disable RC4 cipher usage in SSL/TLS wouldn’t affect Kerberos related services on Domain Controller, since Key Distribution Center (KDC) just use the available encryption type to encrypt tickets that requested from our clients with
RC4_HMAC_NT.
More information for you:
Disabling RC4 Cipher KB2868725 relation to Kerberos
https://social.technet.microsoft.com/Forums/sqlserver/en-US/836eba80-a070-486d-98b2-69b6325cb40e/disabling-rc4-cipher-kb2868725-relation-to-kerberos?forum=winserversecurity
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Can I clean install a Windows 7 Pro System Builder on a Lenovo PC with Windows 8 preinstalled?
Hi. I would like to clean install windows 7 on a Lenovo PC that came with Windows 8 core preinstalled. I want to format the entire drive and remove windows 8 and clean install windows 7. I already tried the clean install of Windows 7 Pro to get all of my drivers in line, and now I would like to buy a Product Key.
Would a Windows 7 Pro System Builder work in my case? Would it work just as smoothly as a retail version? I understand that the System Builder is an OEM version that includes the Product Key, COA, and DVD) Just want to make sure before I buy the System Builder version of Windows 7 Pro. Thanks.
Grazzie
Solved!
Go to Solution.that should be retail since it seemed to be used for pc upgrades either way your new system builder key should work. those are called refresh because they re-released them sincea bug was found in thier installers. Do you have any key in the computer atm? or is windows just waiting to be activated?
EDIT: its a good copy look here> http://www.heidoc.net/joomla/technology-science/microsoft/14-windows-7-direct-download-links
Should you want to use the DVD images permanently, and don't own a product key yet, you can order a Windows 7 OEM or retail version from Amazon. The OEM reinstallation versions contain a DVD with a product key just like the retail versions. They are significantly cheaper, but lack a proper box packaging, and don't include technical support by Microsoft. The OEM key will work with the Digital River downloads, so you can just pick the cheapest one. Sometimes better editions are the cheaper ones, so all of the following links to Amazon offers might be worth checking. I've already tried to find good deals for all editions and linked to them here:
I own a Y510p SLI, and Yoga 2 Pro -
If I were to buy the 7 Home Premium SP1 64bit, System Builder OEM DVD 1 Pack from Amazon to install Microsoft Windows 7 on my Macbook Pro, would it be compatible with my computer if I put it in bootcamp? (I have all of the current software updates)
In order to run Windows Applications, you must own the applications and, since they require Windows, you must own Windows. There are technologies like wine that will allow Windows applications to run without Windows, but they tend to be flakey at best.
-
How to setup Autodiscovery for .local internal domains with Exchange 2013
Hi,
I need to know about how i set autodiscovery in local domain.I have local domain eg
abc.local and domin which i received the emails externally is xyz.com.
I have deployed Exchange2013 recently with same above scenario inbound and outbound mails are working fine using OWA.But outlook clients cannot connect to Exchange server with in the LAN.
Please help me out how set auto discovery in local domain and another help i need how i configure the self sign certificate in this scenario.You cannot use a self signed cert for RPC/HTTP connections (which is how the Outlook client is connecting exchange2013). Please check this http://social.technet.microsoft.com/Forums/exchange/en-US/aed4ede9-57c3-44c3-90b4-bdfb3a7f017d/exchange-2013-self-signed-certs-and-outlook-client-access?forum=exchangesvrgeneral
But you can use a certificate from an internal CA which you can install in your network issue a certificate for exchange. Please check this it will help you manage internal certificates for a PC and for a domain. http://technet.microsoft.com/en-us/library/cc754841.aspx
You dont need to configure autodiscover for internal domain added clients. If you have clients on the network which are not members of the domain, using Exchange, this could be Windows, MACs or mobile devices, then you should ensure that autodiscover.example.com
resolves internally to the Exchange server via a split DNS system. http://exchange.sembee.mobi/network/split-dns.asp
Please configure your external and internal URLs as well
http://www.mustbegeek.com/configure-external-and-internal-url-in-exchange-2013/
I recommend to buy a 3rd party certificate as it may create issue for external clients e.g.Outlook anywhere
Thanks, MAS
Please mark as helpful if you find my comment helpful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. -
Creating a New Email address policy for users in another Domain with Exchange 2013 powershell?
Hi
Everyone
Is it possible to create a new-emailaddress policy with Exchange
2013 Powershell, for users within OU´s located on another different
domain/forest than where Exchange 2013 is installed?
There
is a Transitive, two way trust between the domain/forest where the users are
located - and the Exchange 2013, multi tenant domain.
Further
more, and if possible, I need to create linked mailboxes to all these users as
well.
Í have been struckling with this issue for weeks, so please anyone -
advice - and comment.
Best
Regards
Peter
A-ONE SolutionsHi Siddharth
I want to create a new e-mailaaddress policy - and after that create linked mailboxes/users in my account domain with powershell.
Can you help me achieve that ?
I have a powershell CMDlet, but i doesn´t work. (Cannot fint user OU in my account domain)
CMDlet is as follows:
New-EmailAddressPolicy -Name $CustomerName -RecipientContainer "OU=$CustomerName, OU=kunder, DC=Domain, DC=local" -IncludedRecipients 'AllRecipients' -ConditionalCustomAttribute1 $CustomerName -Priority '1' -EnabledEmailAddressTemplates SMTP:%2g%1s@$AcceptedEmailDomain
Where $Customername = test.dk
and Account domain is = OU=kunder, DC=Domain, DC=local
But the command fails with:
New-EmailAddressPolicy : Couldn't find organizational unit "OU=Test.dk, OU=kunder, DC=Domain, DC=local". Make sure you have typed the name correctly.
At line:52 char:1
+ New-EmailAddressPolicy -Name $CustomerName -RecipientContainer "OU=$CustomerNa
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-EmailAddressPolicy], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : [Server=HE-MBX03,RequestId=2cbe1b51-4af2-4c04-9f7e-e440000975e6,TimeStamp=24-03-2014 12:58:19] 2D00FD2A,Mi
crosoft.Exchange.Management.SystemConfigurationTasks.NewEmailAddressPolicy
So, I cannot find the OU on the Account forest/Domain, even though the OU do exists in the Account domain.
Verifying with this:
Get-ADOrganizationalUnit -Identity "OU=$CustomerName,OU=kunder,DC=Domain,DC=local" –Server ‘DC01.domain.local’| FL
This works fine, Can you please help/assist?
Peter -
Hi all,
We have been battling a problem for the last couple of days when we try to add the first windows server 2012 DC to an already existing Domain.
The Server installation goes smoothly and we can add the computer to the domain and its all green.
After we promote the server to a domain controller the WinRM service starts acting up (not responding anymore).
The server manager console shows Remote Management as disabled, and when we try to enable it via the console or Powershell it freezes up.
The AD DS part of the console is saying that there are post-promotion tasks that need to be completed but once we click on the task it takes us to the promotion wizard again, that basically complains that: Failed to open the runspace pool. The Server Manager
WinRM plug-in might be corrupted or missing.
In the Remote Management Event log we see the following entry: "The client got a timeout from the network layer (ERROR_WINHTTP_TIMEOUT)" Event ID 138
We are unable to do anything with the server (demote, add roles, remotely manage...). We tryed the following already:
1. Recreate from scratch
2. Checking the GPOs to see if there is anything setup about RM -> came up with nothing
We just ran out of ideas so HELP PLEASE !
BR
Tomaz PraprotnikHi Cicely,
Yes the error from the Windows Remote Management event log contains (I took out the User and FQDN of the Computer):
Log Name: Microsoft-Windows-WinRM/Operational
Source: Microsoft-Windows-WinRM
Date: 3/29/2013 1:38:53 PM
Event ID: 138
Task Category: Response handling
Level: Error
Keywords: Client
User:
Computer:
Description:
The client got a timeout from the network layer (ERROR_WINHTTP_TIMEOUT)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WinRM" Guid="{A7975C8F-AC13-49F1-87DA-5A984A4AB417}" />
<EventID>138</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>10</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000002</Keywords>
<TimeCreated SystemTime="2013-03-29T12:38:53.786357100Z" />
<EventRecordID>6876</EventRecordID>
<Correlation ActivityID="{18FCFBD2-2B38-0003-D261-FD18382BCE01}" />
<Execution ProcessID="1084" ThreadID="2924" />
<Channel>Microsoft-Windows-WinRM/Operational</Channel>
<Computer></Computer>
<Security UserID="" />
</System>
<EventData>
</EventData>
</Event>
There is also another entry that sometimes comes up:
Log Name: Microsoft-Windows-WinRM/Operational
Source: Microsoft-Windows-WinRM
Date: 3/29/2013 1:36:34 PM
Event ID: 142
Task Category: Response handling
Level: Error
Keywords: Client
User:
Computer:
Description:
WSMan operation Invoke failed, error code 2150859046
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WinRM" Guid="{A7975C8F-AC13-49F1-87DA-5A984A4AB417}" />
<EventID>142</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>10</Task>
<Opcode>2</Opcode>
<Keywords>0x4000000000000002</Keywords>
<TimeCreated SystemTime="2013-03-29T12:36:34.076973400Z" />
<EventRecordID>6869</EventRecordID>
<Correlation ActivityID="{18FCFBD2-2B38-0001-F328-FD18382BCE01}" />
<Execution ProcessID="4888" ThreadID="4392" />
<Channel>Microsoft-Windows-WinRM/Operational</Channel>
<Computer></Computer>
<Security UserID="" />
</System>
<EventData>
<Data Name="operationName">Invoke</Data>
<Data Name="errorCode">2150859046</Data>
</EventData>
</Event>
Best regards
Tomaz Praprotnik -
Unisphere Host Agent cannot install on Windows 2012 R2 Core
Cannot install EMC Unisphere Host Agent on Windows Server 2012 R2 Core server.
When trying to install into Hyper-V 2012 R2 I get an error informing of the requirement for Feb 2013 updates to Windows 8 and Windows server 2012.Cannot install EMC Unisphere Host Agent on Windows Server 2012 R2 Core server.
When trying to install into Hyper-V 2012 R2 I get an error informing of the requirement for Feb 2013
updates to Windows 8 and Windows server 2012. -
RD Connection Broker Fails to install on Windows 2012 R2, fresh install
I have been fighting this for a week
Trying to install RD connection broker service on a Server 2012 R2. I've had multiple errors, ranging from the "Server pending reboot" issue, to the install just hanging for 15-20 minutes and then failing. This is NOT on a DC, and I've
tried it on a fresh 2012 R2 server, and a fully updated Server 2012 R2. It has to be something on the domain I'm joined too, as I can install it with no problem on test servers/domains at my office.Hi CitadelTCS,
Some folk meet this issue because the server is DC, in your case could you try to run SFC /SCANNOW then monitor this issue again.
The related KB:
Use the System File Checker tool to repair missing or corrupted system files
https://support.microsoft.com/en-us/kb/929833?wa=wsignin1.0
I’m glad to be of help to you!
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Maybe you are looking for
-
EXCEPTION in deploying ear file on weblogic server 11g
Hi, I am trying to deploy an ear file on the weblogic server 11g(10.3.5) application installed successfully but when i tried to start application to listen service requests its throws exceptions and application state changed from prepared to failed I
-
MD03- Run MRP for all the material
Hi Expers, How to run the MRP for all the material in the Plant.In Transaction MD03 we can have the option for entering the only one material at one time.If we have 10000 material then do we have to run the MRP for 10000 time? Kindly guide me.... Reg
-
Java Program as a Windows Service
Hi, I was just wondering if it is at all possible to get a java program to run as a windows service? I have a program which updates a database which i could really do with simply running in the background. If anyone could help i would be most greatfu
-
How do I contact MSI Support in the UK?
How do I contact MSI Support in the UK? The email address I used previously ended up going to Accelrys support team! DOH! Cheers BB
-
Revision: 18226 Revision: 18226 Author: [email protected] Date: 2010-10-19 14:13:09 -0700 (Tue, 19 Oct 2010) Log Message: Added latest asdoc ZIPs to all libs (currently only to Flex 4 versions) Added Paths: cairngorm3/maven-repository/com/a