Its been a busy month for me, as is always seems to be the case from about Mid-November all the way through to Christmas. My focus at the moment has been decommissioning legacy systems, of which one is particularly notable.
The last Windows Server 2003 Domain Controller in our environment gets decommissioned this week. This has been the culmination of works started in August 2009 in an effort to modernise Active Directory where I work. Upgrading AD where I have been working has not been that much of a priority, and there were both political and perception challenges to overcome as well. Some of the things that have happened as part of this work have been significant infrastructure changes including:
- Making Domain Controllers purely a single role machine.
- New DCs in sites where previously one machine acting as a DC and Fileserver
- Removal bof additional roles from domain controllers (e.g. RADIUS Auth, Certificate Authority, Scripts etc)
- New load balancing of LDAP & LDAPS connections for applications which only allowed a single authentication source
- Modification of firewall rules due to the changes in open ports in Server 2008 R2.
We got to the point of decommissioning in July 2012, but that attempt had to be aborted following some applications having unexpected issues.
But this week we are finally there. The server has been turned off for a few days to make sure there aren’t any more surprises, and this week we will shut down the server, wipe the drives and add it to the pile of decommissioned hardware.
With that done and dusted, we only need to raise the Functional level to 2008 R2 native before starting the process again with WS2012.