Moving from Server 2003 to Server 2025

cbfaircloth · 2025-07-01T19:15:41.660Z

My company is a nonprofit and have had a Windows environment for at least 15 years or so. We currently have a Windows Server 2003 (yikes) and day 1 of me taking over the current main IT role, I immediately mentioned to my boss that we need to get something new in place. With that being said, our Server 2003 is a VM that is the main DC and I have 3 other VM’s: Print Server, File Server, and Quickbooks that are all hosted on a physical server running ESXi. We ordered a new physical server and Windows Server 2025 Standard. My questions are, since this will be the first time doing this:

The VM’s are currently in old version of VMware. How can I move these 3 VM’s to Hyper-V when I get my new server setup?
How do I go about moving Active Directory and roles from the old DC to the new DC?
At what point do I demote the old server?
Is there a checklist, guide, etc for this because I’m nervous??!!

I appreciate any feedback, just looking to do this the right way with the least amount of issues.

Rod-IT · 2025-07-01T19:36:33.798Z

I would migrate them.

I’d also avoid 2025 as a DC for now, use 2022, your license (depending on where it come from) should allow downgrade rights.

If you can build a new domain and move everything over this would be simpler as you have multiple hops 2003 - 2012 - 2019 and 2022/20225 before this would work, you also need to look at DRS and DFSR.

I would make all machines virtual, with the exception of the host.

Trying to uplift and migrate systems this old is likely to take you a long time, if the business can cope with a new setup, migrating users, devices and systems to a new domain, this makes most sense.

Josh-J-Spiceworks · 2025-07-01T19:37:01.945Z

cbfaircloth:

We ordered a new physical server and Windows Server 2025 Standard.

Have you already ordered this, and do you know what licenses are you entitled to?

I would highly suggest that you don’t install the full Server OS on the hardware itself, but run your Hypervisor (be that Hyper-V or otherwise) on the bare metal, and virtualize everything else. Ideally you’ll have 2 DC VMs, not just one, and, if possible, I’d also suggest having at least 2 physical boxes so you have some sort of redundancy if something fails.

I assume budget is tight, so I’ll mention that the second box doesn’t need to be a powerhouse, but just enough that you could move your core workloads to it in an emergency, and (if you’re following the advice of having 2 DCs) run one of your DC VM on it as well.

I’ll leave advising you on the migration from 2003 to 2025 to smarter folks, as 2003 is before my time, and 2025 was still too new for my last company when I left. That said, general idea is that you add your new DC(s) to the domain, claim all of the roles, make sure replication is working properly, etc. before spinning down the old one.

I believe you’ll also need to deal with migrating from FRS to DFS, but I’m not 100% on the specifics, so I’ll leave that one to the smarter folks

komashok · 2025-07-01T19:40:05.755Z

I’m sorry I don’t have much in the way of answers but I’m curious why you want to move the VM’s instead of just creating all VM’s from scratch? With such a huge jump in OS editions, I see too many bugs popping up from programs once they move to the new VM.
I’d personally do an inventory of every single program the users are accessing (and not accessing, so you can skip those from using resources). I’d then check with the vendors of those used programs and check on any compatibility issues with 2025.
I’m wondering also how lengthy the process may be when upgrading the programs that use any kind of DB (Sybase or SQL).

Rod-IT · 2025-07-01T19:43:05.559Z

KomaShok:

I’m curious why you want to move the VM’s instead of just creating all VM’s from scratch?

Surmising, people like quick and dirty, over long but clean.

@cbfaircloth
You also have to deal with domain and forest uplifts.

While not show stoppers, all of this will take time, and I’m talking months if not heading towards the year.

With a low number of users, while there will be disruption, a clean, new domain might be easier, then migrate the users, data and other VMs over.

komashok · 2025-07-01T19:45:54.347Z

I believe in having redundancy as well, but I’m curious about having the 2 separate DC VMs since they will be both running off the same hardware. This project is something I’m going to be doing in the future and appreciate all the knowledge shared by the group as well.

cbfaircloth · 2025-07-01T20:00:11.942Z

There won’t be 2 DC VM’s as I will be retiring Server 2003 completely. The only 3 VM’s that will be used are the print server, file server, and Quickbooks. I was going to go with Server 2025 as the primary DC but after reading the feedback regarding it, I will go with Server 2022 instead. I’m purchasing it from Trusted Tech Team and I do believe the account manager told me there would be upgrade/downgrade rights included.

As far as creating new VM’s and all that, I’ve came in on a super tight budget and pretty much just using the resources that were in place when I arrived. Migrating the 3 VM’s I mentioned from VMware to Hyper-V would be my best bet I believe.

As far as creating a new domain, thats the 2nd or 3rd time I’ve heard that lol for good reason I suppose. I’m down to do that, my question is, if I go that route will I have to touch every machine that was on the old domain and add it to the new?

Rod-IT · 2025-07-01T20:26:44.420Z

cbfaircloth:

As far as creating new VM’s and all that, I’ve came in on a super tight budget and pretty much just using the resources that were in place when I arrived. Migrating the 3 VM’s I mentioned from VMware to Hyper-V would be my best bet I believe.

But you’ll be migrating regardless, the licenses will be 1 OS license = 2 VM licenses, so you should consider 2 DCs.

Since you are moving from VMware to Hyper-V a new host is likely, one assumes.

Therefore you have the time to build, test and configure before you migrate.

If this domain wasn’t so far behind, migrating wouldn’t be so painful, but for 15 users, the time spent making 2003 becomes anything modern will be a long time vs a couple of days downtime one long-weekend where you move users from olddomain to newdomain, recreate their profiles and data etc.

cbfaircloth:

if I go that route will I have to touch every machine that was on the old domain and add it to the new?

Of course, it wont be able to join the new domain by itself, so you’ll need to re-add the devices and migrate the user profiles.

Still much quicker and cleaner than dragging an old dinosaur through it’s paces.

Jay-Updegrove · 2025-07-01T20:34:25.199Z

Also, almost all of what you’re wanting to do can be stood up and left unlicensed for up to 90(?) days before you run into issues. Evaluation mode is a blessing! Use it to mirror your current systems, then turn off the old once it’s all stable, license the new and go on with life…

CharlesHTN · 2025-07-01T21:22:53.212Z

When I started this job, there were three different domains representing three major divisions on the network. It made sense at one time, but it was all dated and really didn’t make sense moving forward, so I built a new domain, and migrated the other domains into it over time. In the process, I moved each domain from Windows Server 2003 to what was then current (2012 R2 as this was in early 2016). It was a lot of manual effort, but in the end, it eliminated a LOT of legacy stuff that needed to go away, and yes, I had to touch every machine to move them onto the new domain. To make matters even more fun, I was also transitioning them from an old email provider on their old domains to new accounts on the new domain using Office 365. Because of the old vendor, and this being somewhat of a hostile IT takeover (aka, me coming on board meant they were loosing business), the email transition ended up being me exporting their old mail to PST and them importing it into the new mail.

Tons of work, but when I was done, the old was gone and we had a clean slate.

Jay-Updegrove · 2025-07-01T21:29:20.845Z

Migrated everyone to a new domain AND put them all on O365 during the same transition…there were a lot of scripts written and external consultants behind the scenes. They still sent me all over the country for about 18 months (until CoVID stopped us in our tracks…) as part of the traveling team to support the migration. It went pretty good, and I am REALLY glad we didn’t have to do it all by hand!

Nerf_Herder · 2025-07-02T13:10:17.333Z

Get as much as you can into your virtual environment. For your DC’s use Windows Server 2022, 2025 has too many issues.

Josh-J-Spiceworks · 2025-07-02T13:23:21.691Z

KomaShok:

I’m curious about having the 2 separate DC VMs since they will be both running off the same hardware.

There’s a bunch of benefits, but the main reason I keep 2 DCs in my lab are that you can actually do Windows updates without causing downtime, and (at least, in my opinion) it’s easier to spin up and replicate to a new DC if one fails than to deal with issues that crop up when you rollback your only DC from a backup.

They didn’t mention having any sort of backup infrastructure, so I’m assuming that’s not in place yet, and I’d be leaving if I stepped into a sysadmin position that had a single DC for production with no backups and no plan to change that.

Rod-IT · 2025-07-02T13:29:26.752Z

KomaShok:

I’m curious about having the 2 separate DC VMs since they will be both running off the same hardware.

I must have missed this, but here’s my take.

2 DCs is best practise, it’s not about load, it’s about redundancy - your domain is your lifeblood, while you can technically restore from backups, this should be a last resort and may bring it’s own issues along with it, depending on when you restore from.

You protect AD against a DC failure, should the DC not be recoverable for any reason and there are no backups, you’ve another that keeps the infrastructure up.

You can do side-by-side uplifts/migrations without having to keep moving roles.

Taking one out of action wont stop anyone doing their work.

Ultimately it’s about domain protection, snapshots and restores are not recommended.

WayneKramer · 2025-07-02T14:48:46.895Z

Can you not migrate a DC running Server 2012R2 directly to Server 2022? Do you need to install AD/DNS roles on 2019 first and then migrate again to a 2022 server?

Jay-Updegrove · 2025-07-02T14:53:09.978Z

The change from DRS to DFSR is required first.

Rod-IT · 2025-07-02T15:44:59.167Z

WayneKramer:

Can you not migrate a DC running Server 2012R2 directly to Server 2022?

Can you - yes, is it supported, no.

You can do in-place upgrades of N+2

So where you are, plus 2 newer OSes, from 2012 R2 this would be 2016 or 2019.

ajbrown2 · 2025-07-02T23:31:55.508Z

If an inplace upgrade ( i know not recommend) on the 2012r2 dc, to 2019, does it migrate from drs to dfsr during the upgrade?

adrian_ych · 2025-07-03T03:44:52.211Z

But why would you want to in-place upgrade a DC OS when even if you have 2 DCs, any issues during the in-place upgrade of 1 DC could mean a possibility of 100% Domain data loss with no chance of recovery unless you have Authoritative restores available, but may mean hours or days of down time for your users, email servers, DB servers and ERP solutions etc that may require Domain Authentication ?

Upgrade of DCs are as simple as adding another 1 or 2 servers with a newer OS then let them replicate for 72 hours. Then test by powering off the older DCs before demoting them ?

adrian_ych · 2025-07-03T03:54:40.982Z

cbfaircloth:

As far as creating a new domain, thats the 2nd or 3rd time I’ve heard that lol for good reason I suppose. I’m down to do that, my question is, if I go that route will I have to touch every machine that was on the old domain and add it to the new?

Creating new Domain Controllers or New Domain ?
What other servers are there and how many user & machines as I have almost never heard that creating a “new Windows Domain” as ever having a good reason ??

“Touching” every machine and every user is easy…what about other email systems and the QB solution (eg the DB if it is using a Domain User Account) ?

cbfaircloth:

I’m purchasing it from Trusted Tech Team and I do believe the account manager told me there would be upgrade/downgrade rights included.

Please have it in writing… coz I believe that mainly downgrade rights for Server CALs but Downgrade rights for OEM and commercial licensing including MSVL may not always be available (or free).

cbfaircloth:

As far as creating new VM’s and all that, I’ve came in on a super tight budget and pretty much just using the resources that were in place when I arrived. Migrating the 3 VM’s I mentioned from VMware to Hyper-V would be my best bet I believe.

Then the real question is if you really need “Windows Domain Controller” (or at least a pair of DCs) vs maybe using Dcs on NAS like Synilogy NAS ?

synology.com

Synology Inc.

Centralize data storage and backup, streamline file collaboration, optimize video management, and secure network deployment to facilitate data management.

Then focus on the “QB server” and maybe even move to QB cloud ?

quickbooks.intuit.com

QuickBooks® | LIMITED TIME SALE 90% off!

☆ LIMITED TIME SALE 90% off for 3 months* ☆ Sign up for a free trial to join 7 million businesses already using QuickBooks.