Upgrading Small Business Server 2003 to Windows Server 2012

Many IT departments are still running Small Business Server 2003. Eventually you will need to make the switch to Windows Server 2012 as the end of life for SBS 2003 is almost here. Fortunately I have recently done this exact type of upgrade to a new domain controller. View my blog Building a Windows Server 2012 Domain Controller from Scratch to see a build log of a new domain controller server. After getting a new server built you can then start the process of upgrading your old domain onto the new server

The first step in migrating is removing Exchange 2003 from your SBS 2003 domain. If you aren't already using Exchange Online by now you are in trouble! Go get your exchange online service from Microsoft, I like Plan 1. Follow these steps to remove your old Exchange Server. 

Remove Exchange

1.  Go to Active Directory Users and Computers
2.  MyBusiness->Users->SBSUsers, Select All, Right click Exchange Tasks. Delete Mailbox.
3.  Users-> Select All, Right click Exchange Tasks. Delete Mailbox.
4. Insert SBS 2003 Disc 2, Add or Remove Programs->Windows Small Business Server 2003->Remove Exchange.

Now you can join your new Windows Server 2012 to the SBS 2003 domain. The next step is to raise your forest level to the minimum required level for a Windows Server 2012 domain.

Raise Forest Level

1. Go to Active Directory Domain and Trusts ->Raise Forest Functional Level to 2003. 
2. This will also raise the domain level to 2003.  

 Now we can promote our new Windows Server 2012 to become another domain controller in our domain. 

Promote Domain Controller

1. Add roles and features->Active Directory Domain Services
2. Promote it to domain controller

Usually you would let this server synchronize with the current domain controller but I have found there to be a bug with replication from SBS 2003 to Windows Server 2012 and it requires that you manually reset replication. To check if you are replicating look on the new server shared folders for the following shares called SYSVOL and NETLOGON. You should have files containing your logon scripts on both servers if replication is working. If not, follow these steps to reset replication on both domain controllers.

Reset Replication

1. Click Start, and then click Run.
2. In the Open box, type cmd and then press ENTER.
3. In the Command box, type net stop ntfrs.
4. Click Start, and then click Run.
5. In the Open box, type regedit and then press ENTER.
6. Locate the following subkey in the registry:
   HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
7. In the right pane, double click BurFlags.
8. In the Edit DWORD Value dialog box, type D4 and then click OK.
9. Quit Registry Editor, and then switch to the Command box.
10. In the Command box, type net start ntfrs.
11. Quit the Command box.

If you did everthing right on the registry wait for event ID 13516 to show up in you new server event log under Custom Views->Server Roles->Active Directory Domain Services.

Migrate DHCP
Next is to migrate over your DHCP server settings.Now this step may be easy for some but it can bite you in the pants in the future. It can be as simple as just Export and Import DHCP settings to the new server. This will work fine if you only intend to have one DHCP server on your new domain. However, if you ever want to have DHCP failover servers, which is a great new feature in Windows Server 2012 that uses two domain controllers, you can not export and import from SBS 2003. You will have to manually add all your DHCP settings into your new DHCP server by hand.

Transfer FSMO roles
Now, we are almost done. The next part is the most important. We will need to transfer all five FSMO roles from the SBS 2003 server to the new Windows Server 2012 server. You should then confirm the transfer with the following command: netdom /query fsmo

Removing Old Server
We now can started the removal process of the old server off the network. Remove Certificate Services from the old server. Next run DCPromo. If the netlogon service times out then just stop it, then restart dcpromo again.

Enable Time Service
On the new server you need to enable the time service with a command like the following: 
w32tm /config /manualpeerlist:newservername /syncfromflags:manual /reliable:yes /update

And that's it, not so painful now was it?