Hi TeachMeIT and everyone, In my opinion, your approach is not too bad. For me, the best, safest and simplest path to do what you're planning to do is: - Start by adding a W2k8 Domain controller to your existing domain. (if you do not have a spare physical server you can use for this step, I suggest you to create one in a virtual machine like VMWare Server). This will provide to your existing domain, the schema for the w2k8 domain/forest. - Run this commands to prepare the actual W2k3 Domain so it will accept the new W2k8 DC: <pre> 1) adprep /forestprep; 2) adprep /domainprep 3) adprep /gpprep</pre> (The existing domain will not allow you to add a W2K8 machine to the domain if you jump this step) These commands are are done with the W2K8 DVD in one of your Windows 2003 DC - ADPREP is in the SOURCES folder on the DVD. After this, go ahead and install W2K8 in a new box/VM. Don't forget to assign an IP address and subnet mask to this new server and make sure that the DNS (in W2K8) is pointing to the existing DNS Server. After this, join the new 2008 machine to the existing domain as a member server. From the command line promote the new machine to a domain controller with the DCPROMO command. From the command line Select “Additional Domain Controller in an existing Domain” Once Active Directory is installed then to make the new machine a global catalog server (GC). Go to Administrative Tools->Active Directory Sites and Services->Expand, Sites->Default First Site and Servers. Right click on the new server and select Properties and tick the ”Global Catalog” checkbox. (Global Catalog is essential for all logon processes as it needs to be queried to establish Universal Group Membership) If necessary install DNS on the new server. Assuming that you were using Active Directory Integrated DNS on the first Domain Controller, DNS will automatically replicate to the new domain controller along with Active Directory. To transfer the FSMO roles to the 2008 machine (needed if you're retiring all W2K3 DC's) then follow the process outlined at http://www.petri.co.il/transferring_fsmo_roles.htm Netometer has a nice video – http://www.netometer.com/video/tutorials/windows-dc-2008-add-upgrade/index.php HTH.

Hi TeachMeIT and everyone, In my opinion, your approach is not too bad. For me, the best, safest and simplest path to do what you're planning to do is: - Start by adding a W2k8 Domain controller to your existing domain. (if you do not have a spare physical server you can use for this step, I suggest you to create one in a virtual machine like VMWare Server). This will provide to your existing domain, the schema for the w2k8 domain/forest. - Run this commands to prepare the actual W2k3 Domain so it will accept the new W2k8 DC: <pre> 1) adprep /forestprep; 2) adprep /domainprep 3) adprep /gpprep</pre> (The existing domain will not allow you to add a W2K8 machine to the domain if you jump this step) These commands are are done with the W2K8 DVD in one of your Windows 2003 DC - ADPREP is in the SOURCES folder on the DVD. After this, go ahead and install W2K8 in a new box/VM. Don't forget to assign an IP address and subnet mask to this new server and make sure that the DNS (in W2K8) is pointing to the existing DNS Server. After this, join the new 2008 machine to the existing domain as a member server. From the command line promote the new machine to a domain controller with the DCPROMO command. From the command line Select “Additional Domain Controller in an existing Domain” Once Active Directory is installed then to make the new machine a global catalog server (GC). Go to Administrative Tools->Active Directory Sites and Services->Expand, Sites->Default First Site and Servers. Right click on the new server and select Properties and tick the ”Global Catalog” checkbox. (Global Catalog is essential for all logon processes as it needs to be queried to establish Universal Group Membership) If necessary install DNS on the new server. Assuming that you were using Active Directory Integrated DNS on the first Domain Controller, DNS will automatically replicate to the new domain controller along with Active Directory. To transfer the FSMO roles to the 2008 machine (needed if you're retiring all W2K3 DC's) then follow the process outlined at http://www.petri.co.il/transferring_fsmo_roles.htm Netometer has a nice video – http://www.netometer.com/video/tutorials/windows-dc-2008-add-upgrade/index.php HTH.