Advice needed on migrating shares from a 2003 DC to a new 2012: how can I avoid breaking my software install GPOs?

migration windows-server-2012-r2 network-share windows-server-2003-r2

Solution 1:

The first important thing to note: it is highly recommended to not use any server roles on domain controllers except for "DNS Server" and "Active Directory Domain Services".

If you were migrating from a 2003 File Server to a 2019 File Server, I would recommend using the storage migration wizard that is included with Windows Server 2019. It helps with migrating the shares and can also redirect users to the new server after the cutover from the original file server. In this case, I don't think that approach can be recommended (migrating from a domain controller).

My first inclination was to put both of these as comments instead of an answer, but at this time, it would really be the "right" solution to build a file server, copy the installation files to a new share on it (you can even use the same share name), and then edit the GPOs to replace the DC name with the new file server name in the UNC of the installer.

Solution 2:

Since this upgrade involves an interim installation of Windows Server 2012R2 I've thought of a possible path. The caveat is that there are no margins of error whatsoever, since the entire procedure should be performed in one step. Therefore, planning should be taken to, for example, accomodate the change to DFS-R. And this entire procedure should be performed during off-hours.

Assume the current AD servers are srv1 and srv2 (Windows Server 2003R2) and that the former provides a share with the purpose of GPO-based software installation.

First backup the shares somewhere. Then introduce two (and not one, since if things go sideways we're doomed) Windows 2012R2 servers into the domain. Avoid using Server 2016 for this step, I believe it has stopped supporting FRS.

Move roles and do whatever is needed to promote one of the two new servers, transfer roles etc and then demote srv1 and srv2. Remove both 2k3 servers from the domain. Raise functional level to 2008 R2 (for example), replace FRS with DFS. Finally make two new 2019 server installations, taking care to:

  • name the first with the name of the first old 2k3 server, that is srv1, and the second server as srv2
  • configure the ip addresses of these two new servers to correspond to the old ones (optional step, but I'd do it just in case)

Redo the migrate path, this time from the temp servers to the new srv1 and srv2 and finally demote/remove the interim servers. Re-create shares on srv1 and populate them.

Not a super clean solution, but it will allow me to keep my install GPOs without any name-changing/re-installations.

EDIT: I've just finished this procedure. It worked flawlessly, with new client systems downloading GPO install packages. Everyone's happy!

Related

Install HAProxy 2 on Centos 7
How can I set up an SFTP server backed by S3 (or similar)
can't initialize iptables table 'nat' under qemu
mkfs.ext4 -m -T options
Scan for hardware changes in Windows using command line
How to find Free IP address in a sub range?
Endless redirect loop on nginx config
Let an unattended script connect from windows to an applaince with ssh password
How do I prevent my champion from attacking minions that are in range?
How does the Soul Siphon perk work?
What do these numbers represent in trading?
How do I get three stars on "The Pit" in Special Ops?