Active Directory Migration from 2003 to 2012

Active Directory Migration from 2003 to 2012

You may aware that Microsoft has stopped supporting to the any version of  Windows 2003 from 14th of July 2015. Mainstream support ended in July 2014 and they have announced that no more Windows updates from 14th of July 2015.

If you are running with Windows 2003 servers in your datacenter you may running at a risk as there will not be any security updates for your server. So, it’s time to Migrate your old windows 2003 server to a 2012 server.

Microsoft has published several best practices to follow prior to your migration. You can follow the best practices mentioned in Migration Planing Assistant for your Migration.

Here I’m gong to show you how to Migrate two old Windows 2003 Active Directory Servers to a Windows 2012 server.


Please find the below steps for this Migration and if you are not familiar with the FSMO roles you can get the basic idea from one of my previous posts which I published regarding Flexible Single Master Operations Roles.


  • Two old Windows 2003 Active Directory Servers
    • ARW2k3AD1 – Schema , Domain Naming master
    • ARW2k3AD2 – RID,PDC Emulator, Infrastructure Master
  • Build a new 2012 server
  • Add this 2012 server to the domain (ARADMIGRATION.local)
  • Raise the domain functional level of the old 2003 AD environment – Current domain functional level is Windows 2000.
  • Raise the forest functional level of the old 2003 AD environment – Current Forest functional level is Windows 2000.
  • Add New 2012 server to the existing AD environment
  • Replicate the AD Schema and verify
  • Migrate the Forest Level FSMO Roles (Schema Master and Domain Naming master) to the new Server. – Test and verify.
  • Migrate the Domain Level FSMO Roles (RID,PDC Emulator and Infrastructure Master) to the New Server – Test and Verify
  • Remove GCs from old servers
  • Demote the old 2003 servers.

Let’s get it started:


  • Here I would like to share a command which you can use to find the FSMO servers in your AD environment. “netdom query fsmo”. Windows server 2003 does not support to this command and you need install Windows Server 2003 Service Pack 2 32-bit Support Tools , reboot the server to get this command to work. Without this support tools you can see this below error message
  • I have installed the Support Tools on the 2003 server and here is the output after the installation
  • Installed the new 2012 OS on a Server and added to the ARADMIGRATION.local domain
  • After adding to the domain and rebooting the server check the logon server by issuing “set l” command from the command prompt. The logon server is ARW2k3AD2 which is holding the Domain wide fsmo roles.


  • In this case my current Forest and Domain function level is “Windows 2000 native”. You won’t be able to add a 2012 server to a AD environment which is holding the Windows 2000 native as the forest function level.
  • We need to Raise the forest and Domain functional levels to Windows 2003 as we are about to add a 2012 server to our 2003 AD environment.
  • First Raise the Domain Functional level prior to Raise the Forest functional level
  • Open the “Active Directory Users and Computers” window and “right click” on the domain (ARADMIGRATION.local)
  • Select the “Raise Domain function level”
  • Change the Domain Functional level to “Windows Server 2003”


  • You can see the below message and click on “OK” to accept the changes, Once you made the changes you won’t be able to revert it back.
  • You can see the below message and DCs will start to replicate the changes to all DCs. in the network.



  • Now It’s time to raise the forest functional level. Open the “Active Directory Domains and Trusts” window and “right click” on the “Active Directory Domains and Trusts”, select the “Raise forest Functional Level”
  • You can see the current forest functional level as Windows 2000 and change it to Windows 2003.
  • You can see the below message and click “OK” to accept the changes, this change affects to the entire forest and cannot be revised.


  • You can see the change successful message and DCs will start the replication to all the DCs in the entire forest.


  • Now, let’s jump in to the W2k12AD server and proceed to add this server to the existing 2003 AD environment
  • First of all , install ADDS (Active Directory Domain Services) role to this server.
  • Launch the “Add Roles and Features” wizard and click on “Next” to continue
  • Select the “Role-based or feature-based installation” and click next
  • Under “Server Selection” section Select the server and click on “Next” to continue.
  • Under “Server Roles” Section Select the “Active Directory Domain Services” and click “Next”
  • You can see the “Add features window” automatically and click on “Add Features” to continue the installation.
  • Click “Next” to continue the installation
  • At the next screen you can see the description about the “ADDS” role and click “Next” to continue.
  • You can see the summery of the confirmation and click on “Install” to continue the installation.
  • Wait for the installation and click “Close” after completion of the installation.
  • On your top right corner you can see a small “Yellow Exclamation mark” and once you click on that you can see an option to promote this server as a Domain Controller. (Note: No dcpromo.exe with windows 2012)
  • Once you click on the “Promote this server to a domain controller” option it will start the “Active Directory Configuration Wizard” and select the first option which you need to add a Domain Controller to an existing domain”, click next to continue.
  • In the next section you have to provide the DSRM (Directory Service Restore Mode) password. This server should be a DNS server and a GC.


  • There is a small Message on the top once you click on the “Show more” you can see the below message. It says there is no 2008, 2008 R2 or 2012 DC in this domain. Click on “OK” to accept the Message and Click “Next” to continue to the installation
  • Here we can’t see any error and there is a warning message to say there is no old 2008, 2008 R2 or 2012 DC server in this domain network, click “Next” to continue.
  • In the next section you can see the “DNS Option” and Warning message on top of the window to say “A delegation for this DNS cannot be created….” You can safely ignore this warning message unless people in the other domains and the internet is not resolving DNS from this DNS server. Click “Next” to continue.
  • Under Additional Options You can select a specific domain controller or You can leave it as :Any Domain Controller”
  • In this “Paths” section you can define “Database folder, Log files folder and SYSVOL folder”
  • Under “Preparation Options” Forest and Schema preparation , Domain preparation tasks to be performed. This wizard automatically perform these tasks and all you need to do is Click on “Next”.


  • In the next section You can review the options that you have configured. Click on “Next”


  • Let this installation wizard to perform the Prerequisite check for this installation. If all the requirements selected during the installation you can see the successful message after the Prerequisite validation



  • So far so good, Click on “Install to start the installation”


  • Once the installation completed server will be rebooted and login to the server using Domain admin Credentials
  • Once you logged in to the server check the FSMO roles Servers again. You don’t need any support tools to be installed on this server to perform “netdom” command. (Note: Still we did not move the server roles from old servers)
  • Replicate the AD database and check is there any replication issues. (type “Repadmin /syncall” command to replicated the database)
  • Now we are going to Migrate the FSMO roles, open the “Active Directory Users and Computers” window and right click on the domain. Select the “Operations Masters”. I believe you are familiar with this step.



  • You can see the below Screen and check the current Operations Master Server. Here the current Operation Master Server is “ARW2k3AD2.ARADMIGRATION.local server”. We are going to Migrate the Domain wide Operations master roles to “W2k12AD.ARADMIGRATION.local” Server. Click on “Change” to move the Role.
  • Once you click on the “Change…” you can see the below confirmation message and click on “Yes” to commit the change.
  • You can see the Confirmation message if you are successfully change the FSMO role to this server
  • Follow the same steps to Move the other Domain wide roles to new (W2k12AD) server commit the changes.
  • Issue “netdom query fsmo” and check the FSMO roles servers. If you have successfully moved the roles you can see the changes here
  • Open the ADDT (Active Directory Domains and Trusts) window, right click on the “Active Directory Domains and Trusts and select the “Operations Master…” option.


  • You can see the below similar window and try to identify the current Domain Naming Master


  • Click on the “Change…” to move to the new server (W2k12AD.ARADMIGRATION.local), Click on the confirmation message and see the completed message.
  • Next we are going to move the schema master, to do this you need to perform an additional task. Here we are going to register the dynamic-link library to add the Schema master snap-in to the mmc console. To achieve this Open the “run” prompt and type “regsvr32 schmmgmt.dll” and ckick “OK”
  • You can see the Below succeeded message
  • Now open the mmc and add the “Active Directory Schema” snap-in to the console – Follow the below steps


  • click on “OK” to continue , then you can see the added snap-in in the console
  • Now here, the connected server is “ARW2k3AD1”, we need to change it to the “W2k12AD” server. To do this right click on the “Active Directory Schema” and select “Change Active Directory Domain Controller”.


  • You can see the the below window and select the “W2k12AD.ARADMIGRATION.local” and click “OK”
  • You can see the below message after connecting to the Server, this server is not the Schema master and that’s the reason to get a message like this.


  • Now right click on the “Active Directory Schema” and select the “Operations Master…”, Here you can see that I’m connected to the “W2K12AD” server.
  • Then You can see the below Window on your screen, this a similar window as you see in the previous steps. You can see the current Schema Master and the the server which you are going to move the role.


  • Once you click on the “Change” You can see the below confirmation message


  • Once you click on the “Yes” , you can see the completed message and click “OK” to complete the task.
  • Open a command prompt and see the current Operations Masters by issuing “netdom query fsmo” command. In my case I can see all the Operations masters moved in to the “W2k12AD” server


  • Now it’s time to change your DNS settings on other DCs and your entire domain environment, do not forget to change this in “W2k12AD” server as well.
  • After successfully changing the DNS Server IP address in your environment check the “logon server” by issuing “set l” command from one of the logged client. You may notice the changes of the logon server now.

Remove GC (Global Catalog) and demote the old AD servers

  • As a part of the migration Process now it’s time to remove the GC and demote the old AD servers.
  • Login to the ARW2K3AD1 server and open the “Active Directory Sites and Services” console and direct to the “NTDS settings” , right click and select “Properties”.
  • Under “NTDS Settings Properties” you can see there is a check box as a “Global Catalog”


  • Now let’s demote the old server , open “run” and type “dcpromo” to run the “Active Directory Installation Wizard”



  • Once you open the wizard click “Next” to continue
  • At the next screen Make sure to “deselect” the “This server is the last domain controller in the domain” and click “Next”
  • Enter “Administrative Password” at the next screen and click “Next”
  • Click “Next” at the next screen
  • This will start to remove the ADDS from this server and click on “Finish” after completion of the wizard


  • Follow the same process for the other old server as well
  • Under “Active Directory Users and Computers” verify the Domain Controllers
Now everything has been completed successfully and we have successfully Migrated old 2003 AD server to new Windows 2012 server.
I know this is a bit long post but I wanted to show every single step which I have followed.
Thank you for viewing my post….



Click to rate this post!
[Total: 1 Average: 5]
  1. Menendra Avatar

    Helpful information, thanks for publishing!!!

  2. Darshana Dissanayake Avatar

    Hi mate This is more useful,

    Thank you for sharing this. Keep it up!!!

  3. Aruna Randunu Avatar

    Thank You for your Comment Menendra

  4. Aruna Randunu Avatar

    Sure, Yet more to come. Keep reading.. 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *