Questions About Adding First 2012 R2 domain controller to an existing 2008 Domain

Our current domain controllers are all running Server 2008 and are VMs in our local office.  We plan to add a new domain controller and also create a new AD site.  This new domain controller will be the only domain controller in the new remote
site.  It will also be a VM on a new 2012 R2 Hyper-V server at the new remote site.
There is currently only one site (the default first site).
The steps planned are to create a new site to represent the remote location in AD configured with the subnets that apply to the remote site.  (Computers in our local office should continue to use the domain controllers in our office and remote PCs should
start using the new domain controller.)
Then build the new domain controller VM, join to the domain as a member server and then promote it to domain controller of the new site.
Are any steps missing?
Do we need to do anything special with time sync settings on Hyper-V or will both the Hyper-V host and the domain controller guest just automatically sync time with the PDC domain controller across a WAN connection at the main site?
Is there a way to prepare the domain/schema for the new 2012 R2 domain controller in advance so that the new domain controller can be installed later without needing Schema Admin or Enterprise admin permissions during the installation?

> Where can I find what is correct for 2012 R2 domain controllers running
> on Hyper-V 2012 R2 hosts?
There's no "one fits all" advice on this topic, but I agree with Ahmed:
Within a domain, the DCs provide a hierarchical time source, and since
clients are required to be in sync with DCs, this is a "must be".
If your HV hosts are member of the domain they are hosting, things can
easily go crazy if you do not disable host time sync.
Greetings/Grüße,
Martin
Mal ein
gutes Buch über GPOs lesen?
Good or bad GPOs? - my blog…
And if IT bothers me -
coke bottle design refreshment (-:

Similar Messages

  • Question about adding Windows 2012 R2 Domain Controller, into a native Windows 2008 R2 single forest domain

    I current have a two server domain, both Windows 2008 R2 and fully updated.   The two servers are on subnet 10.0.1.0 /24
    - Windows 2008 R2 Server A: 10.0.1.1 (DC, GC, FSMO, DNS)
    - Windows 2008 R2 Server B: 10.0.1.2 (DC, GC)
    AD Domain: COMPANY.LOCAL
    I have a second connected subnet, 192.168.1.0 /24) which is routed to the 10.0.1.0/24 subnet and I would like to install a Windows 2012 R2 server onto a server on that subnet and make it a domain controller with AD-Integrated DNS and DHCP for the 192.168.1.0
    /24 subnet.
    - Windows 2012 R2 Server C: 192.168.1.1
    What are the proper progression steps, in order to bring up the Windows 2012 R2 server and then add it to my COMPANY.LOCAL domain and then promote it do a DC/GC/AD-Integrated DNS server?   Are they anything like the following:
    1. Install Windows 2012 R2 server (Server C)
    2. Point Windows 2012 R2 server DNS servers at Server's A and B
    3. Perform AD prep to extend AD schema to support Windows 2012 R2 domain controllers
    4. Promote Windows 2012 R2 server to domain controller (install local DNS service on Server C, during this step)
    * Question:  Will Windows automatically create a DNS zone for the Windows 2012 R2 subnet (192.168.1.0/24) AND also include the DNS zone from the previous Windows 2008 R2 domain (10.0.1.0 /24)?  Or will I need to add the 10.0.1.0 /24 zone to the DNS
    server on Server C, even though the DNS from the Windows 2008 R2 domain is AD integrated?

    Hi,
    Regarding the issue here, please take a look into below articles:
    System Requirements and Installation Information for Windows Server 2012 R2
    http://technet.microsoft.com/en-us/library/dn303418.aspx
    Release Notes: Important Issues in Windows Server 2012 R2
    http://technet.microsoft.com/en-us/library/dn387077.aspx
    Install a Replica Windows Server 2012 Domain Controller in an Existing Domain (Level 200)
    http://technet.microsoft.com/en-us/library/jj574134.aspx
    Here is an example for promoting Windows Server 2012 to a DC, see:
    Step-by-Step Guide for Setting Up A Windows Server 2012 Domain Controller
    http://social.technet.microsoft.com/wiki/contents/articles/12370.step-by-step-guide-for-setting-up-a-windows-server-2012-domain-controller.aspx
    As the server is promoted to a DC, DNS Zones will be replicated and synchronized to it automatically whenever the new one is added to an AD DS domain,  bascially there is no special need to add zones,  for more information, please see:
    Understanding Active Directory Domain Services Integration
    http://technet.microsoft.com/en-us/library/cc726034.aspx
    Hope this may help
    Best regards
    Michael
    If you have any feedback on our support, please click
    here.
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • Adding third domain controller - decommissioning one existing

    Hello,
    I would like to add a new 2012 domain controller to site A which already has a 2008 domain controller.  There is also another site B with has an existing 2012 domain controller.  I have a couple questions.
    When I add the new domain controller to site A do I point the DNS controller to the existing domain controller in site A before promoting(that is by far the fastest link)?
    When I am done adding domain controller at site A and go to decommission the existing 2008 domain controller what DNS do I point to on the new domain controller and how do I do this?  Do I just put site B domain controller's\DNS IP address as the preferred
    and reboot the new domain controller and do the same on site B domain controller to point it's primary DNS to the new one?
    Thanks

    When I add the new domain controller to site A do I point the DNS controller to the existing domain
    controller in site A before promoting(that is by far the fastest link)?
    Yes. After promoting it, you can refer to my recommendations about IP settings for DCs: http://www.ahmedmalek.com/web/fr/articles.asp?artid=23
    When I am done adding domain controller at site A and go to decommission the existing 2008 domain
    controller what DNS do I point to on the new domain controller and how do I do this?  Do I just put site B domain controller's\DNS IP address as the preferred and reboot the new domain controller and do the same on site B domain controller to
    point it's primary DNS to the new one?
    Refer to my recommendations for IP settings.
    This posting is provided AS IS with no warranties or guarantees , and confers no rights.
    Ahmed MALEK
    My Website Link
    My Linkedin Profile
    My MVP Profile

  • ¿Is it possible to upgrade from SCCM 2012 a domain controller in Windows Server 2008 R2 TO 2012 R2?

    Hi all.
    I want to know if is it possible to upgrade a domain controller from Windows Server 2008 r2 to 2012 r2 installing from SCCM 2012.
    Thanks.
    Regards.

    Hi all.
    I want to know if is it possible to upgrade a domain controller from Windows Server 2008 r2 to 2012 r2 installing from SCCM 2012.
    Thanks.
    Regards.
    Anything is possible if you can script it. You could create a task sequence to do the following (with scripts):
    1. Demote 2008R2 DC to member server
    2. Remove 2008R2 member server from domain
    3. Build new 2012R2 member server and join to domain
    4. Promote 2012R2 member server to DC
    You can do this. However, why would you? Just because you can doesn't mean you should. In my opinion it's more trouble and testing than it's worth. How many times would you need to do this?
    Gerry Hampson | Blog:
    www.gerryhampsoncm.blogspot.ie | LinkedIn:
    Gerry Hampson | Twitter:
    @gerryhampson

  • Question About Adding Ram from other laptop to T-series Thinkpad

    Hi,
    I have a question about adding additional RAM. Right now I have a 4gb ram stick in the t510. I have an acer laptop which I do not need and there is a 4GB ram stick onboard (maybe two 2gb ram sticks) there in that older laptop. Would it be possible to add one stick of 2gb ram (or 4gb i need to check if it is 2 or 1) from the acer to the lenovo thinkpad making the total ram in the thinkpad over 4gb????
    Thanks in advance

    Hi Richk,
    Yes, I am using a 64-bit operating system. I am running on windows 7. And as for reported incompatibilities....technically taking a RAM from another laptop and placing it in the laptop should be the same as purchasing a RAM card from ebay or something and putting into the laptop right?

  • New 2012 server in a mixed 2003 and 2008 domain (in process of upgrading)

    We are replacing a Windows Server 2003 machine which crashed and is gone, with a Windows Server 2012 Standard machine.  The old 2003 Server was a domain controller running along side one other 2003 server (which is getting replaced next) and
    3  Windows Server 2008 R2 Standard x64 domain controllers which up and running.  When trying to add the Windows Server 2012 Standard server as a domain controller to an existing domain, we are getting the following error:
    Verification of replica failed.  The forest functional level is Windows 2000.  To install a Windows Server 2012 domain or domain controller, the forest functional level must be at Windows Server 2003 or higher.
    However, the domain was already brought up to at least the 2003 level when we added the current live 2008 domain controller (Windows Server 2008) several years ago.  When I now try to run Adprep on the Windows Server 2008 (adprep from the 2008
    install CD) I get the following responses:
    Command:  adprep /forestprep
    Response:  Forest-wide information has already been updated.  [Status/Consequence] Adprep did not attempt to rerun this operation.
    Command:  adprep /domainprep /gpprep
    Response:  Domain-wide information has already been updated.  [Status/Consequence] Adprep did not attempt to rerun this operation.
    I have gone to Active Directory Domains and Trusts on all of the other servers and each one is at a Windows Server 2003 Functional level and states that I can not raise the level because I have AD Dc's that are not running the appropriate version of
    windows. And I get that due to the remaining 2003 server, but none are at Server 2000 level.
    So it seems we have a conflict where the 2012 server thinks the domain is at the Windows 2000 level. Is there any way around this, or a way to find out where the conflict is coming from?
    Thank you
    Kevin C

    Please proceed like the following:
    Run netdom query fsmo to identify the current FSMO holders. It seems that the old DC was holding FSMO roles. If this is the case then seize them to another DC: https://support.microsoft.com/en-us/kb/255504
    Do a metadata cleanup to remove the old DC reference: Use dsa.msc
    and then remove the old DC computer account. Also, use dssite.msc
    and remove the NTDS settings of the old DC then remove its references over there
    After doing this, check again and try to raise the DFL and FFL. Do not forget to check that your DCs and AD replication are in healthy state using
    dcdiag and repadmin commands.
    This posting is provided AS IS with no warranties or guarantees , and confers no rights.
    Ahmed MALEK
    My Website Link
    My Linkedin Profile
    My MVP Profile

  • What is the proper way to demote a Win 2003 Domain Controller running SQL Server 2008 WorkGroup Edition?

    Hi, 
    What is the proper way to demote a Windows 2003 Domain Controller running SQL Server 2008 WorkGroup Edition? 
    I will be migrating AD from Win 2003 to 2012....
    Thanks in advanced. 

    Running SQL on a domain controller is highly not recommended for performance reasons and for complexities it introduces in the management of both systems (You are already facing this situation now).
    I would recommend proceeding like the following before demoting your domain controller:
    Install a new SQL server on a member server
    Migrate your databases to the new SQL server
    Once done, you can safely demote your DC.
    More if you ask them here: http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?category=sqlserver
    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Get Active Directory User Last Logon
    Create an Active Directory test domain similar to the production one
    Management of test accounts in an Active Directory production domain - Part I
    Management of test accounts in an Active Directory production domain - Part II
    Management of test accounts in an Active Directory production domain - Part III
    Reset Active Directory user password

  • Install Active Directory Domain Controller on Windows server 2008 enterprise, dont login on Sql Server 2008 R2

    I install Active Directory Domain Controller on Windows server 2008 enterprise and dont login on Sql Server 2008 R2. Before install ADDC, I have logon SQL Server 2008r2 Success, After when i install ADDC is don't logon on SQL Server 2008r2 -->not success.
    I have uninstalled ADDC but i still can't login on SQL server 2008r2.
    please help me. it  is very very disaster!
    I think is loss account SQL server 2008r2!

    Hello,
    I stronly recommend you post the detail error message to us while you try to connect to SQL Server instance, it's useful for us to do further investigation.
    Microsoft recommends that you do not install SQL Server 2008 R2 on a domain controller, there are some limitations:
    You cannot run SQL Server services on a domain controller under a local service account or a network service account.
    After SQL Server is installed on a computer, you cannot change the computer from a domain member to a domain controller. You must uninstall SQL Server before you change the host computer to a domain controller.
    After SQL Server is installed on a computer, you cannot change the computer from a domain controller to a domain member. You must uninstall SQL Server before you change the host computer to a domain member.
    SQL Server failover cluster instances are not supported where cluster nodes are domain controllers.
    SQL Server Setup cannot create security groups or provision SQL Server service accounts on a read-only domain controller. In this scenario, Setup will fail.
    On Windows Server 2003, SQL Server services can run under a domain account or a local system account.
    So, I would suggest you try to open up Windows Services list and changed the account for SQL Server service.
    Regards,
    Elvis Long
    TechNet Community Support

  • Adding a domain controller to an existing Domain inside server 2012

     I have created a domain contoso.com with an administrator account.Then i moved to 2nd server which i want to add in this existing domain.Being logged in at the 2nd server with administrator account, i added the role of ADDS and then i tried to promote
    this to DC.While do so, i selected the option "Add a domain controller to existing domain".When i finally recah this the Installation wizard , it shows like "creating NDTS settings objects fo this ADDS on remote ADDC(domain name)..........This
    page remains in progress for ages and process never finishes.
        When i check at the first(main domain) , there is no NDTS object for the added DC although i can see  the server but nothing inside it.NDTS object should be there.Y
    1) NDTS object is not created ?
    2) The process is taking hours?
    Both can ping each other
    Regards,
    Fawad

    1. IP of DNS setting on second server points to first DC.
    2. Add second computer to domain. Make sure that second server is part of AD (member).
    3. Add role ADDS on second server that is member of AD.
    In summary: You should add second server to domain first before promoting it to DC role.
    Regards
    Milos

  • Installing a Windows 2012 Domain Controller into a 2000/2003 domain with Exchange 2003

    Hello,
        I have a client that we are planning to migrate to 2012 over time.  They currently have a Windows 200 DC and 2 member servers running Windows 2003, one of which is running Exchange 2003.
        We first are going to introduce a 2012 server into the domain and my plan was to DCPromo the 2003 server that isn't running Exchange and raise domain level to 2003 and then demote the 2000 server.  I was then going to install the
    2012 server into the domain and make it a backup Domain Controller for the time being and leave the newly promoted Windows 2003 server as the primary Domain Controller with all the roles and global catalog.  My question is will Exchange 2003 still function
    normally in this scenario?
       I've been doing research and read some things about Exchange 2003 not working with 2012 Domain Controllers, but I was thinking if the 2003 is still the primary, it might work.  We will eventually migrate to 2003, they just don't want to
    do it all at once, due to costs and other issues.
    Thanks.

    I didn't ask if it was supported, I just wanted to know if Exchange 2003 would continue
    to function if the Windows 2003 DC still held all the FSMO roles and Global Catalog.
    A not supported situation means that it is a situation where Microsoft made no testing or do not guarantee that you can operate with no problems. Following a not supported scenario could be done but is on your own risk.
    If it won't, can the 2012 server be a member server in the 2003 AD?  The 2000
    DC it is replacing, just shares files on the network in addition to being the lone AD server
    Yes, it can be a member server.
    This posting is provided AS IS with no warranties or guarantees , and confers no rights.
    Ahmed MALEK
    My Website Link
    My Linkedin Profile
    My MVP Profile

  • UDP when adding Server 2012 R2 to a Small Business Server 2003 Domain

    So we have a Small Business Server environment. Migrating to Windows Server 2012 R2 VMs. Currently the entire old SBS environment is still in existence. I've added 2nd 2012 DC, 2012 RDS VM, and a Server 2012 File Server as well that will host the UDPs.
    (Everything is working so far) BUT On the RDS Server I point the UDP Wizard to the share created on the File Server. The UDP does not appear to be created when logging into a desktop collection. The template VHDX is there but nothing else is created in the
    shared folder on the file server.
    I've stumbled upon people having issues with network shares and SMB versions. Do you think this could be an issue with the SMB client, etc since I'm adding them to an older domain? IF so how do I check or upgrade the client version? Will this cause the existing
    SBS 2003 users from seeing this network share or cause any other issues? I really didn't think it would be an issue because the File Server and the RDS Server are both 2012 R2.
    Thanks for any help!

    Hi,
    Thank you for posting in Windows Server Forum.
    Here letting you know to just recheck the configuration. If possible, try to remove the old UPD and collection; create new user under ADUC, Add that user to the same domain as of file server & RDS Server 2012 R2, then create a new share on your file server,
    create new collection, and provide the actual path of the share and after that it will create a template. Once user will login to the client system for 1st time there will be available UPD (vhdx file) for the users.
    For more detailed you can refer following article.
    Easier User Data Management with User Profile Disks in Windows Server 2012
    http://blogs.msdn.com/b/rds/archive/2012/11/13/easier-user-data-management-with-user-profile-disks-in-windows-server-2012.aspx
    Working with User Profile Disks on Session-Based Desktop Deployments
    http://www.virtualizationadmin.com/articles-tutorials/vdi-articles/general/working-with-user-profile-disks-on-session-based-desktop-deployments.html
    Hope it helps!
    Thanks.
    Dharmesh Solanki
    TechNet Community Support

  • Question about adding an index to a column and finding it back

    Hi, How do I see in phpMyAdmin that an index is added to a column.(I'm talking about adding an index by clicking on the lightning bolt!) I know how to add an index and see a warning that it's added (only after I add it).
    But where do I find it or a sign that it is added later on?!
    Thanks!

    You also may find better exposure for this question on the Dreamweaver Applications Development forum -
    http://forums.adobe.com/community/dreamweaver/dreamweaver_development

  • Questions about adding files in LR3

    I've been a happy LR user for years. I used the LR3 beta and liked it (especially the 2nd version) and generally I'm very happy with the release version of LR3. But I have some questions about the import process.
    In LR2 I could edit off my Compact Flash cards (I know that's not smart, but sometimes on deadline fast is better than not smart) by adding the photos my library without moving them. That option is grayed out in LR3. Is there a way to turn it on or is this is a "new feature." If it's a permanent thing, maybe for 3.1 or the next incremental upgrade Adobe could make this possible with a popup (like we get when adding captions to multiple files) warning that editing photos on a CF (or SD) card is a bad idea. But let us make the decision.
    jack

    It's a deliberate change - time to adjust the workflow!
    John

  • Another question about adding music to iPhone

    Apologies for yet another question regarding adding music to an iPhone but I am completely stuck.
    I bought a new laptop in January (it runs windows 8). I've authorised it and synced my phone to it before. I've used it to add music before.
    Lately I've just been buying music directly from itunes on my phone but I wanted to add some music from my older collection that is on an external harddrive.
    I've gone through the process of syncing the phone again, which has wiped whatever was on there. I made sure I'd ticked on the "manually manage music" box. 
    It's put all my purchased music back but it still will not let me drag and drop music from my external harddrive. When I hover over with the file it has "link" but it won't actually send the music to the phone.
    Is there a way for me to do this without putting music on to my itunes library? I don't like itunes and I definitely don't want to add the music to my laptop as it defeats the purpose of having an external harddrive! Sorry for such a long-winded explanation.

    Just to add... I've now tried adding music to the library (getting desperate here) and it's not letting me do that either. Just says 'link'.
    This is the most frustrating thing ever. Why are the simplest of tasks made so difficult? It seems like it only works if you buy the music from the iTunes store.

  • Upgrading windows server 2003 domain controller to windows server 2008

    Hello friedns :
    We have a company with about 2000 users , and two windows server 2003 domain controllers , one of them acts as a primary domain controller , and the other acts as secondary domain controller , all the FSMO s are on the primary DC ,we have decided to upgrade all of our servers from windows server 2003 to windows server 2008 , the first step is to upgrade the domain controllers to windows server 2008 , our domain controllers are so sensitive and has to be active 24 hours a day , i have stress upgrading it to windows server 2008 , what is the best solution to upgrade it with no risk ?
    ( i have an opinion but i am not sure and i dont have any guide about it , i want to install a windows server 2008 and promote it as an additional domain controller to the windows server 2003 DC and the transfer all the FSMOs to it , and then promote the first domain controller !!! is that possible ? if yes , is there any guide about it? )
    If there is a guide available for it please let me know . (Specially if there is a tip & trick)
    thank you guys.
    Network is my LOVE

    Hi,
    This TechNet online article might be helpful for you.
    How to Upgrade Domain Controllers to Windows Server 2008 or Windows Server 2008 R2
    http://technet.microsoft.com/en-us/library/ee522994(WS.10).aspx
    For your convenience, I have list some general steps for your reference.
    Since the following operation have potential damage to Active Directory database, it is highly suggested that you'd better perform a full backup of Active Directory (System State) firstly. Also it is better to test the following procedure in a similar lab environment first.
    General Steps:
    =============
    1. Verify the new server's TCP/IP configuration has been pointed to the current DNS server.
    2. Make the new server become a member server of the current Windows Server 2003 domain first.
    3. Upgrade the Windows Server 2003 forest schema to Windows Server 2008 schema with the "adprep /forestprep" command on old server.
    Please run the "adprep.exe /forestprep" command from the Windows Server 2008 installation disk on the schema master. To do this, insert the Windows Server 2008 installation disk, and then type the following command:
    Drive:\sources\ADPREP\adprep.exe /forestprep
    4. Upgrade the Windows 2003 domain schema with the "adprep /domainprep" command on old server.
    Please run the "adprep.exe /domainprep" command from the Windows Server 2008 installation disk on the infrastructure master. To do this, insert the Windows Server 2008 installation disk, and then type the following command:
    Drive:\sources\ADPREP \adprep.exe /domainprep
    5. Insert Windows Server 2008 Installation Disc in the new server.
    6. Run "dcpromo" on new server to promote it as an additional domain controller in existing Windows 2003 domain, afterwards you may verify the installation of Active Directory.
    Please refer to:
    How to Verify an Active Directory Installation in Windows Server 2003
    http://support.microsoft.com/kb/816106
    7. Verify the new server's TCP/IP configuration has been pointed to current DNS server.
    8. Enable Global Catalog on new server and manually Check Replication Topology and afterwards manually trigger replication (Replicate Now) to synchronize Active Directory database between 2 replicas.
    Please note: It will some time to replicate GC between DC, please wait some time with patience.
    9. Disable Global Catalog on the old DC.
    10. Transfer all the FSMO roles from the old DC to the new DC.
    Please refer to:
    How to view and transfer FSMO roles in Windows Server 2003
    http://support.microsoft.com/kb/324801
    11. Verify that the old DNS Server Zone type is Active Directory-Integrated. If not, please refer to:
    How To: Convert DNS Primary Server to Active Directory Integrated
    http://support.microsoft.com/kb/816101
    Note: Active Directory Integrated-Zone is available only if DNS server is a domain controller.
    12. Install DNS component on new server and configure it as a new DNS Server (Active Directory Integrated-Zone is preferred). All the DNS configuration should be replicated to the new DNS server with Active Directory Replication.
    13. Make all the clients change TCP/IP configuration to point to new server as DNS.
    14. You may configure TCP/IP on all the clients, or adjust DHCP scope settings to make them use the new DNS server.
    Please note: It is a good practice to make the old DC offline for several days and check whether everything works normally with the new server online. If so, you may let the old DC online and run DCPROMO to demote it.
    Hope it helps.
    Regards,
    Wilson Jia
    This posting is provided "AS IS" with no warranties, and confers no rights.

Maybe you are looking for