Prepare 2003 Forest/Domain for 2008 R2 or 2012 Domain Controllers

Similar Messages

• 2003 forest/domain level

  I am currently looking at upgrading our domain from 2003 to 2012.  I currently have 4 domain controllers spread out and all replication is healthy.  I have two 2003 domain controllers and two 2008rs domain controllers.  I need to know what
  is the best practice for promoting a 2012r2 server to a DC and would that cause log on issues?
  I've read some articles online that state all the current domain controllers should be fully updated before bringing in a 2012 domain controller.  Can someone point me in the right direction?  Are there articles I can read regarding this?
  Thank you

  Hi
  CRMNoon,
  If you want to have a 2012 forest and domain level you need to have 2012 DC's only.
  Make sure your domain is healthy. Then when promoting a server 2012 R2 to a DC, you need to consider the current environment and which domain controllers are for the FSMO roles placement.
  http://community.spiceworks.com/how_to/57636-migrate-active-directory-from-server-2003-to-server-2012-r2
  Here is the link for Active Directory Migration from Windows Server 2003 to Windows Server 2012 R2:
  http://blogs.technet.com/b/canitpro/archive/2013/05/27/step-by-step-active-directory-migration-from-windows-server-2003-to-windows-server-2012.aspx
  Know issues for upgrading Domain Controllers to Windows Server 2012 R2
  https://technet.microsoft.com/en-us/library/hh994618.aspx#BKMK_KnownIssues

• Performance Report domain controllers

  Hi AD experts,
  I'm lookink for a tool to generate performance report on some DC's.
  a script to createt Data collector Set (on Perfmon) like http://archive.msdn.microsoft.com/ExPerfwiz
  and the tool to parse the report like PAL : pal.codeplex.com
  Is there any similar tool for DCs?
  Thanks

  I agree with Mr X, SCOM would be your best bet and the script he's provided is useful as well but I'd like to add the following.
  If you don't have a budget to purchase an awesome tool like SCOM and you're looking to perfmon have a look at the links I'm providing below:
  Performance Tuning Guidelines for previous versions of Windows Server
  In there above link they have a few downloads for 2008, R2, and 2012.  In those Word documents you'll have some information on Active Directory.
  Ruling Out Active Directory-Bound Problems
  The above link may have some useful information to you as it relates to GCs
  NTDS Object
  The above link has a lot of information just about perfmon and NTDSAs with any monitoring software you're
  really going to have to figure out what you want to monitor and what's important to you, you're also going to need to baseline what you have because there's no real standard on what's is too high and what is too low.  My environment may have 10 times
  as many LDAP Client sessions as yours and vice versa.  PAL should be able to do what you need.  With the information above you should be able to find the counters you want to monitor.
  If you found this post helpful, please “Vote as Helpful”. If it answered your question, remember to “Mark as Answer”.
  Postings are provided “AS IS” with no warranties, and confers no rights.

• Windows 2008 R2 domain controllers with Windows 2003 forest functional level Supported after Windows 2003 support ends in July 2015

  Hi
  Anyone knows whether Windows 2008 R2 domain controllers with Windows 2003 forest functional level will still be Supported after Windows 2003 support ends in July 2015 ?
  Thanks

  When Windows Server 2003 support ends, you should not have a Windows Server 2003 Domain Controller running if you would like to be supported by Microsoft. This means that there will be no reason to have a DFL or FFL that is lower than Windows Server 2008.
  So, if you are keeping Windows Server 2003 FFL to keep DCs running Windows Server 2003 then this is not supported.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Why can you not introduce a 2003 server into a 2008 domain?

  Hello,
  So we are going to be upgrading our domain very shortly from 2003 to 2008 R2. I know that we are not able to have a 2003 server in the 2008 forest, but the question is why? I'm trying to find some information on Google but can't actually find the reason.
  I have some ideas as to why, but I wanted some solid info, if possible.
  Thank you!

  In that case it depends on current functional level. If you're at 2008 or greater then you would not be able to bring in a 2003 DC.
  http://technet.microsoft.com/en-us/library/cc787385(v=ws.10).aspx
  Regards, Dave Patrick ....
  Microsoft Certified Professional
  Microsoft MVP [Windows]
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

• Windows CAL server 2003 and Domain Server with a 2008 server as domain member

  We have a Windows Server 2003 as domain controller with 70 user CALs, and we have added a Windows 2008 R2 OEM with 5 users licences.
  I have no plans to migrate my domain controller 2003 to 2008 but the 2008 is a member of the domain and I need to know if we are fine with the licences.
  Thanks for your help,
  Alejandro Sueldo

  Hi
  You need CAL for anything that would access the 2008. If a server that is accessed by only 5 user you are ok, but if like a Exchange for your 70 users, then you have to buy more CAL. (that link explain it good;
  http://blogs.msdn.com/b/mssmallbiz/archive/2007/11/06/5942350.aspx)
  Contact the VLSC to be sure at 100% before buying; (866) 230-0560
  Regards, Philippe
  Don't forget to mark as answer or vote as helpful to help identify good information. ( linkedin endorsement never hurt too :o) )
  Answer an interesting question ? Create a
  wiki article about it!

• Compatibility Exchange Server 2003 SP2 and Domain controllers Windows Server 2008 R2

  Hi all, I have this scenario:
  - Two Domain Controllers Windows Server 2003 R2 SP2
  - Two mail servers Exchange Server 2003 with the following version:
    6.5 (Build 7638.2 Service Pack 2)
  I want to upgrade my domain controllers to Windows Server 2008 R2.
  My question is whether exchange Server 2003 6.5 (Build 7638.2 Service Pack 2) is supported with Domain Controllers Windows Server 2008 R2.
  Can you tell me some official Microsoft website where this reflected?
  regards
  Microsoft Certified IT Professional Server Administrator

  Exchange Server 2003 SP2 supports DCs running Windows Server 2008 R2. These DCs should be RWDCs and not RODCs:
  Exchange 2003 SP2 will now be supported against writeable Windows Server 2008 R2 Active Directory Servers.  Additionally, with the General Availability of Exchange Server 2010, and those looking to standardize on Windows
  Server 2008 R2 we have enhanced the supportability of forest and domain functional levels up to Windows Server 2008 R2.  This change is effective immediately on Exchange 2003 SP2.
  Reference: http://blogs.technet.com/b/exchange/archive/2009/11/30/3408893.aspx
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Externally Hosted DNS - How do I set up my 2003 DNS server for sub domain to point to internal IP address??

  I have a domain name(domain.com) DNS hosted at my ISP. I also have 3 sub domains DNS hosted at the same ISP pointing to various external ip addresses (mail.domain.com, vpn.domain.com and ts.domain.com). We want to set up sales.domain.com to point to an
  internal 10. IP address. We have AD integrated DNS servers for our 2003 AD domain. The AD domain name is totally different than the hosted domain name in question. I currently edit the host file for a couple of PC's but this isnt practical company wide so
  I want to add entries on our internal AD DNS servers to resolve the locally hosted site. If i recall, someone once told me that you cannot just put an A record for one sub domain, I would have to have entries on my 2003 DNS server to resolve anything related
  to the domain.com name. Is this accurate? If so, what is the proper way to configure my 2003 AD DNS server to resolve anything domain.com related for my internal users while still allowing my ISP to do the DNS lookup for the internet.

  On my 2003 AD integrated DNS server...i rightclick forward lookup zone and choose...new zone..primary zone (store zone in AD checkbox checked)..i chose to all DNS servers in the AD domain for replication...zone name sales.domain.com....allow secure updates
  option....then i added an A record in that zone...sales.domain.com..pointed that towards my internal 10. IP address...is this correct? It seems to be working correctly for the sales.domain.com DNS record...and i tested the other sub domains...and those look
  like they are going to my ISP for DNS resolution...
  Is this the correct procedure? I did this on a test AD domain and not my production...i want to make sure i dont break everything under the domain.com by incorrectly adding 1 sub domain..

• Question about adding Windows 2012 R2 Domain Controller, into a native Windows 2008 R2 single forest domain

  I current have a two server domain, both Windows 2008 R2 and fully updated.   The two servers are on subnet 10.0.1.0 /24
  - Windows 2008 R2 Server A: 10.0.1.1 (DC, GC, FSMO, DNS)
  - Windows 2008 R2 Server B: 10.0.1.2 (DC, GC)
  AD Domain: COMPANY.LOCAL
  I have a second connected subnet, 192.168.1.0 /24) which is routed to the 10.0.1.0/24 subnet and I would like to install a Windows 2012 R2 server onto a server on that subnet and make it a domain controller with AD-Integrated DNS and DHCP for the 192.168.1.0
  /24 subnet.
  - Windows 2012 R2 Server C: 192.168.1.1
  What are the proper progression steps, in order to bring up the Windows 2012 R2 server and then add it to my COMPANY.LOCAL domain and then promote it do a DC/GC/AD-Integrated DNS server?   Are they anything like the following:
  1. Install Windows 2012 R2 server (Server C)
  2. Point Windows 2012 R2 server DNS servers at Server's A and B
  3. Perform AD prep to extend AD schema to support Windows 2012 R2 domain controllers
  4. Promote Windows 2012 R2 server to domain controller (install local DNS service on Server C, during this step)
  * Question:  Will Windows automatically create a DNS zone for the Windows 2012 R2 subnet (192.168.1.0/24) AND also include the DNS zone from the previous Windows 2008 R2 domain (10.0.1.0 /24)?  Or will I need to add the 10.0.1.0 /24 zone to the DNS
  server on Server C, even though the DNS from the Windows 2008 R2 domain is AD integrated?

  Hi,
  Regarding the issue here, please take a look into below articles:
  System Requirements and Installation Information for Windows Server 2012 R2
  http://technet.microsoft.com/en-us/library/dn303418.aspx
  Release Notes: Important Issues in Windows Server 2012 R2
  http://technet.microsoft.com/en-us/library/dn387077.aspx
  Install a Replica Windows Server 2012 Domain Controller in an Existing Domain (Level 200)
  http://technet.microsoft.com/en-us/library/jj574134.aspx
  Here is an example for promoting Windows Server 2012 to a DC, see:
  Step-by-Step Guide for Setting Up A Windows Server 2012 Domain Controller
  http://social.technet.microsoft.com/wiki/contents/articles/12370.step-by-step-guide-for-setting-up-a-windows-server-2012-domain-controller.aspx
  As the server is promoted to a DC, DNS Zones will be replicated and synchronized to it automatically whenever the new one is added to an AD DS domain,  bascially there is no special need to add zones,  for more information, please see:
  Understanding Active Directory Domain Services Integration
  http://technet.microsoft.com/en-us/library/cc726034.aspx
  Hope this may help
  Best regards
  Michael
  If you have any feedback on our support, please click
  here.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Error with adprep /domainprep /gpprep for 2008 R2

  While prepping our 2003 forest for 2008 R2, I am getting an error running 'adprep32 /domainprep /gpprep' in one of my child domains.  The forestprep ran fine and domainprep ran fine on all of the other (8) domains -- it's just this one that is giving
  me fits.
  The error is the apparently common "Adprep was unable to complete because the call back function failed."  The key lines from the log files appear to be:
  [2010/06/11:11:15:53.088]
  Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is cn=a3dac986-80e7-4e59-a059-54cb1ab43cb9,cn=Operations,cn=DomainUpdates,cn=System,DC=sa,DC=convergys,DC=com.
  [2010/06/11:11:15:53.088]
  LDAP API ldap_search_s() finished, return code is 0x20
  [2010/06/11:11:15:53.088]
  Adprep verified the state of operation cn=a3dac986-80e7-4e59-a059-54cb1ab43cb9,cn=Operations,cn=DomainUpdates,cn=System,DC=sa,DC=convergys,DC=com.
  [Status/Consequence]
  The operation has not run or is not currently running. It will be run next.
  [2010/06/11:11:15:53.088]
  Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is cn=446f24ea-cfd5-4c52-8346-96e170bcb912,cn=Operations,cn=DomainUpdates,cn=System,DC=sa,DC=convergys,DC=com.
  [2010/06/11:11:15:53.088]
  LDAP API ldap_search_s() finished, return code is 0x20
  [2010/06/11:11:15:53.088]
  Adprep verified the state of operation cn=446f24ea-cfd5-4c52-8346-96e170bcb912,cn=Operations,cn=DomainUpdates,cn=System,DC=sa,DC=convergys,DC=com.
  [Status/Consequence]
  The operation has not run or is not currently running. It will be run next.
  [2010/06/11:11:15:53.213]
  Adprep was unable to complete because the call back function failed.
  [Status/Consequence]
  Error message: (null)
  I have checked all of the known causes of this problem (http://technet.microsoft.com/en-us/library/dd464018(WS.10).aspx) and verified that none of these are the
  cause.
  When I look at one of the other child domains where this ran, both of those regkeys exist. Based upon the whenChanged and whenCreated attributes, cn=a3dac986-80e7-4e59-a059-54cb1ab43cb9 appers to be a product of this schema change, but cn=446f24ea-cfd5-4c52-8346-96e170bcb912
  has a whenCreated date of 12/11/2003 and a whenChanged date of 12/29/2005, which makes me wonder if this key is maybe the product of an earlier schema update that perhaps failed in this domain?
  This is driving me nuts. Can someone help?  If not, I'm going to have to open a Premier incident and I'd really like to avoid that.
  Thanks.
  Ed Bell - Specialist, Network Services, Convergys

  Hi,
  FYI.
  On July 1st we will be making Windows Server 2008 R2 General forum read only. After receiving a lot of feedback from the community, it was decided that this forum
  is a duplication and therefore redundant of the
  General Forum. So, until July 1st, we will start asking customers to redirect their questions to the
  General Forum. On June 11th, CSS engineers will move any new threads to the
  General Forum.
  Please post a reply to
  the announcement thread
  if you have any feedback on this decision or the process. You can also email
  [email protected]
  Regards,
  Wilson Jia
  This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can
  be beneficial to other community members reading the thread. ”

• Raising the functional level on a large forest/domain with a DC offline?

  Hello All
  I've done what research that I can and haven't been able to find a definitive answer outside of people purposely taking a DC offline while raising the functional level of a forest in case they need to do an authorative restore, but I have a bit of a different
  situation and I just need to confirm something.
  I have to perform the task on a very large AD infrastructure that includes 90+ domain controllers globally and I've run into a scheduling conflict that is out of my control. One of the locations overseas will be going through some maintenance during
  my time window when I will be raising the functional level of the forest and domain.
  The question is, what happens to the DC that is offline during this period? Once it is restarted, do the changes replicate to that DC, or do I need to perform the task in place for that DC? If anyone has any links or instructions on how to bring a DC online
  after the functional level of both the forest and domain have been raised, please let me know.

  The DC can be offline and it won't be an issue.  when it comes back online the changes should replicate to it.  Just don't keep it offline longer than the tombstonelifetime.
  Paul Bergson
  MVP - Directory Services
  MCITP: Enterprise Administrator
  MCTS, MCT, MCSE, MCSA, Security, BS CSci
  2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
  Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
  Please no e-mails, any questions should be posted in the NewsGroup.
  This posting is provided AS IS with no warranties, and confers no rights.

• DFS? Raising Forest level to 2008

  I have recently upgraded my domain controllers to Server 2008R2. We currently have one 2008 R2 DFS server that was setup on the 2003 domain. Do I need to do anything to the DFS server before I raise the function level of the from 2003 to 2008?
  Thank you,
  Cecil

  Hi Cecil,
  Based on my understanding, we don’t need to do much about the DFS server before upgrading.
   I guess that our target focuses on whether we can utilize the complete DFS feature after we upgrade our domain or forest function level to Windows Server 2008.
  In fact, after we upgrade our domain or forest function level to Windows Server 2008, we need to manually enable DFS-Replication and DFS-Namespace.
  Regarding DFS feature, the following thread can be referred to as reference.
  Windows Server 2008 R2 DFS features
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/30c7c282-3504-429f-83e6-b8b88f3d20a2/windows-server-2008-r2-dfs-features?forum=winserverDS
  In addition, regarding DFS, the following article can also be referred to for more information.
  DFS Step-by-Step Guide for Windows Server 2008
  http://technet.microsoft.com/en-us/library/cc732863(v=ws.10).aspx
  Best regards,
  Frank Shen

• Upgrade to Server 2012 R2 domain controllers from 2003

  I am at a loss as to what I did wrong here. Everything seems to be working fine except for one subnet (which is behind a hardware firewall).
  We had two Server 2003 domain controllers and one of them was failing.  I raised the forest functional level of our old primary domain controllers to 2003.  I built the first replacement Server 2012 R2 domain controller.  Added the AD DS roles
  and promoted it as a domain controller.  I let it sit for a couple days.  The FSMO roles were currently being handled by our other 2003 domain controller.  Once this had been sitting for a while (don't recall how long) I ran dcpromo on the failing
  server and demoted it.  Once demoted I shut it down and pulled it out of the rack.  I then built our second 2012 R2 server and gave it the same IP as the failing one.  Installed the AD DS roles and integrated DNS as prompted by the wizard. 
  I then made it the operations master for Schema master, Domain naming master, PDC, RID pool manager, and Infrastructure master.  Then I ran dcpromo on the second 2003 domain controller to demote it and removed it from the network.  I then demoted
  the first new controller (DC03) changed the hostname and IP to the name and IP of the second 2003 controller and promoted it again.  I'm not sure at what point things broke, but everything works from the same subnet that the domain controllers are in,
  just not a second subnet that is through a hardware firewall.  I don't see anything getting blocked while watching firewall logs so I don't think the firewall is the issue.
  Here is the dcdiag and ipconfig from the first controller (which has all 5 FSMO roles).
  Microsoft Windows [Version 6.3.9600]
  (c) 2013 Microsoft Corporation. All rights reserved.
  C:\Users\username>dcdiag /v /test:dns
  Directory Server Diagnosis
  Performing initial setup:
     Trying to find home server...
     * Verifying that the local machine WGDDC01, is a Directory Server.
     Home Server = WGDDC01
     * Connecting to directory service on server WGDDC01.
     * Identified AD Forest.
     Collecting AD specific global data
     * Collecting site info.
     Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=wgd,DC=inet,LD
  AP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
     The previous call succeeded
     Iterating through the sites
     Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name
  ,CN=Sites,CN=Configuration,DC=wgd,DC=inet
     Getting ISTG and options for the site
     * Identifying all servers.
     Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=wgd,DC=inet,LD
  AP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
     The previous call succeeded....
     The previous call succeeded
     Iterating through the list of servers
     Getting information for the server CN=NTDS Settings,CN=WGDDC01,CN=Servers,CN=
  Default-First-Site-Name,CN=Sites,CN=Configuration,DC=wgd,DC=inet
     objectGuid obtained
     InvocationID obtained
     dnsHostname obtained
     site info obtained
     All the info for the server collected
     Getting information for the server CN=NTDS Settings,CN=WGDDC02,CN=Servers,CN=
  Default-First-Site-Name,CN=Sites,CN=Configuration,DC=wgd,DC=inet
     objectGuid obtained
     InvocationID obtained
     dnsHostname obtained
     site info obtained
     All the info for the server collected
     * Identifying all NC cross-refs.
     * Found 2 DC(s). Testing 1 of them.
     Done gathering initial info.
  Doing initial required tests
     Testing server: Default-First-Site-Name\WGDDC01
        Starting test: Connectivity
           * Active Directory LDAP Services Check
           Determining IP4 connectivity
           * Active Directory RPC Services Check
           ......................... WGDDC01 passed test Connectivity
  Doing primary tests
     Testing server: Default-First-Site-Name\WGDDC01
        Test omitted by user request: Advertising
        Test omitted by user request: CheckSecurityError
        Test omitted by user request: CutoffServers
        Test omitted by user request: FrsEvent
        Test omitted by user request: DFSREvent
        Test omitted by user request: SysVolCheck
        Test omitted by user request: KccEvent
        Test omitted by user request: KnowsOfRoleHolders
        Test omitted by user request: MachineAccount
        Test omitted by user request: NCSecDesc
        Test omitted by user request: NetLogons
        Test omitted by user request: ObjectsReplicated
        Test omitted by user request: OutboundSecureChannels
        Test omitted by user request: Replications
        Test omitted by user request: RidManager
        Test omitted by user request: Services
        Test omitted by user request: SystemLog
        Test omitted by user request: Topology
        Test omitted by user request: VerifyEnterpriseReferences
        Test omitted by user request: VerifyReferences
        Test omitted by user request: VerifyReplicas
        Starting test: DNS
           DNS Tests are running and not hung. Please wait a few minutes...
           See DNS test in enterprise tests section for results
           ......................... WGDDC01 failed test DNS
     Running partition tests on : DomainDnsZones
        Test omitted by user request: CheckSDRefDom
        Test omitted by user request: CrossRefValidation
     Running partition tests on : ForestDnsZones
        Test omitted by user request: CheckSDRefDom
        Test omitted by user request: CrossRefValidation
     Running partition tests on : Schema
        Test omitted by user request: CheckSDRefDom
        Test omitted by user request: CrossRefValidation
     Running partition tests on : Configuration
        Test omitted by user request: CheckSDRefDom
        Test omitted by user request: CrossRefValidation
     Running partition tests on : wgd
        Test omitted by user request: CheckSDRefDom
        Test omitted by user request: CrossRefValidation
     Running enterprise tests on : wgd.inet
        Starting test: DNS
           Test results for domain controllers:
              DC: WGDDC01.wgd.inet
              Domain: wgd.inet
                 TEST: Authentication (Auth)
                    Authentication test: Successfully completed
                 TEST: Basic (Basc)
                    The OS
                    Microsoft Windows Server 2012 R2 Standard (Service Pack level:
   0.0)
                    is supported.
                    NETLOGON service is running
                    kdc service is running
                    DNSCACHE service is running
                    DNS service is running
                    DC is a DNS server
                    Network adapters information:
                    Adapter [00000010] Broadcom NetXtreme Gigabit Ethernet:
                       MAC address is B0:83:FE:C1:98:07
                       IP Address is static
                       IP address: 10.240.1.23
                       DNS servers:
                          10.240.1.23 (WGDDC01) [Valid]
                          10.240.1.24 (WGDDC02) [Valid]
                          127.0.0.1 (WGDDC01) [Valid]
                    The A host record(s) for this DC was found
                    The SOA record for the Active Directory zone was found
                    Warning: no DNS RPC connectivity (error or non Microsoft DNS s
  erver is running)
                    [Error details: 5 (Type: Win32 - Description: Access is denied
           Summary of test results for DNS servers used by the above domain
           controllers:
              DNS server: 10.240.1.23 (WGDDC01)
                 All tests passed on this DNS server
                 Name resolution is functional._ldap._tcp SRV record for the fores
  t root domain is registered
              DNS server: 10.240.1.24 (WGDDC02)
                 All tests passed on this DNS server
                 Name resolution is functional._ldap._tcp SRV record for the fores
  t root domain is registered
           Summary of DNS test results:
  Auth Basc Forw Del  Dyn  RReg Ext
              Domain: wgd.inet
                 WGDDC01                      PASS WARN n/a  n/a  n/a 
  n/a  n/a
           ......................... wgd.inet passed test DNS
        Test omitted by user request: LocatorCheck
        Test omitted by user request: Intersite
  C:\Users\dsmythe>ipconfig /all
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : WGDDC01
     Primary Dns Suffix  . . . . . . . : wgd.inet
     Node Type . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . : No
     WINS Proxy Enabled. . . . . . . . : No
     DNS Suffix Search List. . . . . . : wgd.inet
  Ethernet adapter WGD_INET:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
     Physical Address. . . . . . . . . : B0-83-FE-C1-98-07
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 10.240.1.23(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 10.240.1.1
     DNS Servers . . . . . . . . . . . : 10.240.1.23
                                         10.240.1.24
                                         127.0.0.1
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Tunnel adapter isatap.{2C28B0FA-6BF8-4201-A6DA-081AED63B496}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  When I try to bind a machine to the domain I get an error message that says "
  The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "wgd.inet":
  The error was: "This operation returned because the timeout period expired."
  (error code 0x000005B4 ERROR_TIMEOUT)
  The query was for the SRV record for _ldap._tcp.dc._msdcs.wgd.inet
  The DNS servers used by this computer for name resolution are not responding. This computer is configured to use DNS servers with the following IP addresses:
  10.240.1.24
  10.240.1.23
  Verify that this computer is connected to the network, that these are the correct DNS server IP addresses, and that at least one of the DNS servers is running.
  Please let me know if I'm missing something or if there are other things I can check.
  Thanks!
  I forgot to mention that after the 2003 domain controllers were out of the environment, I raised the domain and forest functional level to 2012 R2.  All clients in the environment are Windows XP Pro or above.  The XP Pro boxes will be going away as
  soon as our vendor supports their software to run on Windows 7.

  We now have 2 2012 R2 DCs. The 2003 DCs are gone. Metadata from the old DCs is all cleaned up. DNS seems to be working fine in 3 out of 4 subnets. The 4th is behind a hardware firewall and I can see the IP address of the machine I am trying to bind to the
  domain connecting to the two new domain controllers but the client machine that is trying to bind gives an error.  An Active Directory Domain Controller for the domain wgd.inet could not be contacted.  It seems that this is just a DNS issue for one
  particular subnet (10.240.2.0/24).  This subnet is setup in AD Sites and Services\Sites\Subnets\10.240.2.0/24 (Site: Default-First-Site-Name).
  When trying to do anything with nslookup from the 10.240.2.0/24 subnet it times out.  The route is there and I can watch it connect through our hardware firewall over port 53.
  DC01
  Microsoft Windows [Version 6.3.9600]
  (c) 2013 Microsoft Corporation. All rights reserved.
  C:\Users\dsmythe>netdom query fsmo
  Schema master               WGDDC01.wgd.inet
  Domain naming master        WGDDC01.wgd.inet
  PDC                         WGDDC01.wgd.inet
  RID pool manager            WGDDC01.wgd.inet
  Infrastructure master       WGDDC01.wgd.inet
  The command completed successfully.
  C:\Users\dsmythe>ipconfig /all
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : WGDDC01
     Primary Dns Suffix  . . . . . . . : wgd.inet
     Node Type . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . : No
     WINS Proxy Enabled. . . . . . . . : No
     DNS Suffix Search List. . . . . . : wgd.inet
  Ethernet adapter WGD_INET:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
     Physical Address. . . . . . . . . : B0-83-FE-C1-98-07
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 10.240.1.23(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 10.240.1.1
     DNS Servers . . . . . . . . . . . : 10.240.1.23
                                         10.240.1.24
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Tunnel adapter isatap.{2C28B0FA-6BF8-4201-A6DA-081AED63B496}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  C:\Users\dsmythe>
  DC02
  Microsoft Windows [Version 6.3.9600]
  (c) 2013 Microsoft Corporation. All rights reserved.
  C:\Users\dsmythe>netdom query fsmo
  Schema master               WGDDC01.wgd.inet
  Domain naming master        WGDDC01.wgd.inet
  PDC                         WGDDC01.wgd.inet
  RID pool manager            WGDDC01.wgd.inet
  Infrastructure master       WGDDC01.wgd.inet
  The command completed successfully.
  C:\Users\dsmythe>ipconfig /all
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : WGDDC02
     Primary Dns Suffix  . . . . . . . : wgd.inet
     Node Type . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . : No
     WINS Proxy Enabled. . . . . . . . : No
     DNS Suffix Search List. . . . . . : wgd.inet
  Ethernet adapter NIC1:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
     Physical Address. . . . . . . . . : B0-83-FE-C1-9F-74
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 10.240.1.24(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 10.240.1.1
     DNS Servers . . . . . . . . . . . : 10.240.1.24
                                         10.240.1.23
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Tunnel adapter isatap.{4F45E51E-FC2F-49ED-85CF-0750A9EEECF5}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  C:\Users\dsmythe>

• Existing 2003 forest functional level -- 2012 forest functional level in production environment?

  Hello experts!  
  A quick question if it can be one:
  Is it possible to raise a forest functional level from 2003 to 2012 in a production environment (only 2003 DCs with existing roles to only 2012 DCs)?  If so, is there a standard implementation of the upgrade process
  (migration of roles, migration tools, etc.)?
  many thanks!
  David

  hi,
  Thanks for posting. 
  Sorry i don't know if i am understanding your question. Are you talking about upgrading your DC's in your current forest to 2012 then raising the functional level? 
  If so, first of all you can only raise the forest and domain functional levels when all DC's in the forest and domain are at 2012 or higher. 
  To get your domain unto 2012 DC's there are a couple of paths you can adopt, but generally the simplest is:
  1. Introduce your first 2012 / 2012 R2 DC into your existing domain, this will extend the schema with the additional attributes that are required to 2012 - this is an automatic process during promotion of your first 2012 DC.
  2. Go through and start replacing your existing domain controllers. You don't normally do an inlace upgrade, the preferred method would be to use different hardware, built up the new DC to replace your existing one, then demote the existing one - keep going
  through this process until all your DC's are 2012.
  NB: which ever DC(s) currently holds the FSMO roles you will need to transfer these to one of your new 2012 DC's before you decommission that one. 
  if i've got what you were asking wrong, please let me know, otherwise hopefully this helps.
  Regards,
  Denis Cooper
  MCITP EA - MCT
  Help keep the forums tidy, if this has helped please mark it as an answer
  Blog: http://www.windows-support.co.uk 
  Twitter:   LinkedIn:

• Domain Functional Level: 2008 R2 to 2012 R2

  My current forest and domain functional levels are 2008 R2. I know I can safely upgrade the functional levels in most cases, but I want to specifically know with regards to Lync.
  Our entire environment, including Lync, is running on Windows Server 2012 R2. (We have no domain joined clients.)
  Can I safely raise the forest and domain functional levels to 2012 R2 without impacting Lync?

  you can easily upgrade the funtional level without any issues since you have all the Domain Controllers on Win server 2008R2.
  http://support2.microsoft.com/kb/2869728/en-us
  For more details : Listed below link has the table which shows the effects of upgrading the domain functional levels to Windows 2012
  http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels
  pankaj(MCT)