Monday, 18 Jul, 2022  |    Leave a comment

 

 

Let’s raise the bar.

Someday I decided that my “Windows Server 2012 Standard”-Domain had to be raised to a “Windows Server 2012 R2”-Domain.

That is because of a badly-designed GPO (designed by me, who else?), that wreaked havoc to "Windows Update" for my whole domain (I also grew too lazy to find out which GPO that was).

My rationale was (Please DO NOT TAKE THIS AS ADVICE) that:"just by upgrading my Forest/Domain to 2012 R2, the error would’ve disappeared on its own" (of course that didn’t happen – did you expect things to fix by themselves?!).

 

 

The floorplan - a high level overview.

My original scenario was as follows:

  • 1xWin 2012 DC with all the 5xFSMO Roles (dc01).
  • 1xAdditional Win 2012 DC (also a GC - dc02).

(I left all the Forest & Domain Roles on pwrdc01 b/c “it was only a rat's-lab”!).

My upgrade path was to:

  1. Upgrade dc01 to Win2012 R2 first.
  2. Raise the forest/domain to Win2012 R2 second.
  3. Finally upgrade dc02 to Win2012 R2.

If you have a similar dual-dc scenario, and before you proceed any further, ensure both (all) your DCs are fully synchronised and there’s ABSOLUTELY NO ERRORS/WARNINGS - please refer to the commands described on the next section to find out whether that is the case.

 

 

Men at work - Preparatory steps.

To make sure your (two or more) DCs at fully synchronised, you may run a few commands that will diagnose and inform you of any potential errors or issues.

Run an Admin CMD Prompt (on BOTH your DCs – also, adjust accordingly) & type:

Dcdiag /v /c /d /e /s:your-dc-name01 /f:C:\dcdiag-your-dc-name01.log

Make sure all your dcdiag tests are reported as “passed” (pay special attention to this step).

Repadmin /showrepl dc* /verbose /all /intersite

Make sure Replication happens both ways (pay special attention to this step).

w32tm /resync /rediscover

Make sure (as in 100% sure), that the domain time (the clock) is the same for all DCs (pay special attention to this step).

dfsrdiag syncnow /rgname:"domain system volume" /partner:pwrdc02 /time:1 /verbose

You might also wish to run a cool GUI tool to analyse your AD Replication Status:

Did I tell you NO ERRORS AND NO WARINGS Whatsoever? Please go back and (re)-do your homework.

OTHERWISE:

Once everything is perfectly synchronised (including time) -> make a backup - everything is working fine ?

 

 

Enlarge your trees - Bullet points 1-2-3.

Next head to your FSMO-DC, insert the Windows 2012 R2 DVD or USB Key and proceed as follows:

  • Run a CMD prompt as Admin.
  • cd to the Win2012 R2 DVD Drive letter.
  • cd to Windows\sources\adprep folder.

Run:

adprep /forestprep /wssg

adprep (From https://technet.microsoft.com/en-us/library/cc731728.aspx):"Extends the Active Directory® schema and updates permissions as necessary to prepare a forest and domain for a domain controller that runs the [INSERT NEXT WINDOWS Server VERSION HERE]" (not so clear, isn't it?! Hence the reason why I linked their article, so read it if you need to!).

 

You may now start the Win2012 R2 OS Upgrade process (ie. by following the Autorun prompts), so:

  • Run Setup.exe off the Win 2012 R2 DVD or USB.
  • Follow the installer prompts as usual.

Once the installer has finished and you're on Windows Server 2012 R2, initiate a replication From your FSMO DC (ie. pwrdc01) To your secondary DC (& viceversa):

w32tm /resync
repadmin /syncall /APed
dfsrdiag syncnow /rgname:"domain system volume" /partner:your-additional-dc-name02 /time:1 /verbose
dfsrdiag pollad
gpupdate

Once you’re on it, check your schema:

repadmin /showattr * "cn=schema,cn=configuration,dc=domain-name,dc=local" /atts:objectVersion

IF your forest is “Windows Server 2012 R2”-ready then the output o/t above command MUST be1> ObjectVersion: 69” (as follows):

DN: CN=Schema,CN=Configuration,DC=domain-name,DC=local
1> objectVersion: 69
Repadmin: running command /showattr against full DC PWRDC02.fqdn

Example Output of the above repadmin command.

Once your ObjectVersion is 69, you may perform an in-place upgrade of your additional DC(s).

That is as easy as:

  • Load the Win 2012 R2 DVD onto your additional DC.
  • Run Setup.exe, follow the prompts then Restart as requested.

 

 

One final step.

Now that also your additional DC has been upgraded, you can raise the forest functional level to 2012 R2 (that incidentally will also end-up raising your domain-functional level if all your DCs are on Windows Server 2012 R2).

(On your FSMO-DC):

2013-12-21 20_08_07-Active Directory Domains and Trusts

  • Fire up “domain.msc”.

 

2013-12-21 20_36_10-2013-12-21 20_10_18-Remote Desktop Manager [Admin@pwrdc01].png - Picasa Photo Vi

  • Right Click on “Active Directory Domains and Trusts”.
  • Select “Raise Forest Functional Level…”.

 

2013-12-21 20_11_20-Remote Desktop Manager [Admin@pwrdc01]

  • Select Windows Server 2012 R2.
  • Click on the “Raise”-Button.

 

2013-12-21 20_12_33-Remote Desktop Manager [Admin@pwrdc01]

  • Click OK to Confirm.

 

After you replicate the changes, your whole forest and DCs will be raised!

 

In case you’re wondering “what’s new” on your 2012 R2 plate, here: http://technet.microsoft.com/en-us/library/dn250019.aspx

To me, the most “interesting” (new) old feature was the Remote Desktop Session “shadow” feature.

 

SRC:

http://blogs.msmvps.com/acefekay/2012/11/28/ad-upgrade-checklist-and-procedure/

http://msmvps.com/blogs/mweber/archive/2012/07/27/upgrading-an-active-directory-domain-from-windows-server-2008-or-windows-server-2008-r2-to-windows-server-2012.aspx

Rate this post

Ask me anything