June 27, 2019

Upgrading 2008 R2 Domain Controllers – WST

With Microsoft ending support for Windows Server 2008 R2 on January 14, 2020, related anxiety-induced reluctance and procrastination are completely understandable reactions to the required upgrade – especially for anyone never having performed a domain uplift or migration.  Here are a few nuggets of wisdom to help you on the journey:

  • Use Windows Server 2012 R2 (end of support Oct. 2023) or Windows Server 2016 (end of support Jan. 2027). Windows Server 2019 is also available; however, it is a newer release (November 2018) and has not had the benefit of time to shake out any issues that may be lurking.  Additionally, Server 2019 offers virtually no new functionality or features over Server 2016.
  • Ideally, avoid in-place upgrades. Create new servers, either physical or virtual, add them to your Active Directory (AD) domain and promote them to domain controllers (DCs), and then remove the 2008 systems.  If budgets and resources are tight, in-place upgrades are supported.
  • Check your Forest Functional Level (FFL) to make sure it matches your Domain Functional Level (DFL) before migrating to newer DC versions.  FFL is dependent on DFL and only supports the lowest version installed.
  • Windows Server 2016 and 2019 DCs change the way AD replicates information between domain controllers, and you will need to upgrade File Replication Service (FSR) replication to Distributed File System Replication (DFSR): https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Streamlined-Migration-of-FRS-to-DFSR-SYSVOL/ba-p/425405
  • Understand and document impact of any changes to AD, especially where Active Directory authentication integrations are concerned. Is your VPN access tied to AD?  Any single-sign-on set up anywhere else?  What else will you have to point to the new DC to keep it working?
  • Active Directory is remarkably resilient, and these types of projects tend to be straight forward; however, Murphy’s Law does exist. If you use a managed services provider for tier 2 projects, there is no shame in engaging them to help with this project.

Plan ahead and don’t let the procrastination monster sneak up on you.  January 14, 2020 will be here before you know it!

Past Weekly Security Tips – WST

2019-06-27T16:03:30+00:00