2

I currently have three offices which I am responsible for managing the IT setups.

The current configuration which was left for me includes three separate Windows Server setups (2003, 2008, 2008R2). Each of these servers has a different set of user accounts and domain names.

I would like to create a new Domain using Windows Server 2012, and have all three existing Windows Servers, regardless of their version, to have exact copies of the login and domain information. I would like to have a single domain for all three offices.

The replication of information would have to occur over a VPN connection.

Ƭᴇcʜιᴇ007
  • 111,883
  • 19
  • 201
  • 268
rgmrtn
  • 125
  • 4
  • It sounds like you know what you need to do. You need to connect each office over a VPN. The problem you will face of course is the bottlekneck of doing so. What do you need help with exactly? – Ramhound May 21 '15 at 15:00
  • I am wondering if the different versions of Windows Server will be compatible when creating replication domains, I want there to be domain controllers available when the link between the offices is down. – rgmrtn May 21 '15 at 15:01
  • [Based on my research](https://technet.microsoft.com/en-us/library/cc739941%28v=ws.10%29.aspx). You indeed should be able to replicate the domain controller to previous versions of Windows Server. Of course I suspect by doing this it will basically mean every client will also have to be connected to the VPN also which again will introduce a huge bottlekneck. – Ramhound May 21 '15 at 15:10
  • Can you please better define what you mean by "replication domains"? That term doesn't mean anything to me, so your goal and question is unclear. Do you mean can older Server OS's be used as additional domain controllers with Windows 2012? Are you saying you want to make a new Win2012 server with a new domain, and then migrate the users and such from the other domain controllers from the other existing domains? Is your goal to end up with a single domain? – Ƭᴇcʜιᴇ007 May 21 '15 at 16:02
  • @Ƭᴇcʜιᴇ007 I would like all three Windows Servers, regardless of their version, to have exact copies of the login and domain information. I would like to have a single domain for all three offices. – rgmrtn May 21 '15 at 16:17
  • So you want to know if you can mix 2003, 2008 and 2012 domain controllers in a single Domain, correct? – Ƭᴇcʜιᴇ007 May 21 '15 at 16:21
  • @Ƭᴇcʜιᴇ007 Yes, and have them work together across vpn connections. – rgmrtn May 21 '15 at 16:55

1 Answers1

4

Yes, you can mix 2003, 2008 and 2012 domain controllers in a single domain. Ensure your AD forest and domain functional levels are set to at least 2003 before attempting to add a 2012 server to an EXISTING domain (Server 2012 can't deal with a Server 2000 level AD).

When creating a new forest and domain, ensure the functional level is set to match to version of your oldest Domain Controller OS. So if your oldest DC OS is Windows 2003, set it to a functional level of 2003 and you should be good to promote Server 2003+ machines to be DCs.

Note this does not apply to member servers. You can have a 2003 member server(ie: not in a DC role) attached to a Windows 2012-level AD domain without problem.

Using Site-to-site VPNs to connect the various sites doesn't really come into play as long as the VPN connections work, and are fast enough to support replication in a timely manner. If the connection speeds over the VPN are slow, then replication will be slow causing unexpected problems, so you may be better off keeping separate domains, depending on your specific situation.

Perhaps check out this related ServerFault question: Can different versions of Windows Server Domain Controllers co-exist peacefully?

Lastly there was a known issue with mixing 2012 and 2003 DC's, luckily that's been hot-fixed. Check these out:

Community
  • 1
Ƭᴇcʜιᴇ007
  • 111,883
  • 19
  • 201
  • 268