Kris Corporation's parent domain (kris.local) and child domain (corp.kris.local) for the organization's AD infrastructure are running on Server 2008. The following are concerns related to AD: (1) Kris Corporation is concerned about running multiple domains, and (2) automobile manufacturers are asking Kris Corporation to use a single identity to procure orders in real time. The company has five locations in Atlanta (GA), Baltimore (MD), Chicago (IL), Seattle (WA) and San Diego (CA). The manufacturing plants are in Atlanta and Seattle. Disaster recovery is a big concern. Physical space for servers is an issue at the Atlanta location. Most of the IT staff is in Atlanta, which is the company's headquarters, but other locations have significant IT personnel as well. Business personnel are similarly distributed across the company's locations. Since all locations are independently connected to the internet, file sharing is difficult among sites. Introduction

Kris Corporation needs to migrate from the Windows Server 2008 to Windows Server 2012 Active Directory (OS) to help solve most of the issues and concerns it currently faces. Active Directory is a database that will ensure that Kris Corporation is able to track all its user accounts and passwords. The database enables passwords and user accounts to be stored and protected in a single location; this enhances the company's security. An Active Directory can comprise of at least 1 domain. Every domain in an Active Directory acts as a security boundary.

A domain controller (DC) is a server used to host each domain. The DC is responsible for managing all the passwords and user accounts for a domain stored in one location. AD has a feature that allows the network administrator to set baseline password parameters, for instance, minimum length, password complexity, password change interval, maximum number of wrong attempts and the lock out feature. These passwords have the ability to enhance security and reduce chances of successful attacks like the brute force attack.

Since Kris Corporation is a large company, Active Directories enable the company's network administrators to simplify processes involved in maintaining its complex network. Updating a single AD object in one process performs an automatic update instead of the network administrator performing manual updates. Network administrators can also give or deny access to particular applications by end-users via the network trees based on Active Directories. Large networks like that of Kris Corporation can be maintained and organized through Active Directories, eliminating the need to conduct every task through a single process.

Active Directories can be highly complex as they support distributed networks (like that of Kris Corporation); therefore, there's need for a network administrator who is knowledgeable in this kind of technology. Without AD, Kris Corporation would find it very hard to effectively store data and information on its vast network. Each of the five company locations is connected on a domain, which stores all information in a central location (the DC), not on the hard drive of each computer. A global catalog (kris.local) controls each domain, keeping track of all the registered network devices. It stores computer names, IP addresses and users to enable the global administrator to monitor and manage everything that occurs on the domain. Since everything is linked on the backend, all a user needs to find any computer on the network is its name.

The domain controller permits everything when using AD, meaning the DC has already assigned permissions to every user in the domain. As a result, users in the Kris Corporation network can experience efficient digital communication as information is available and everything in the network accessible.

Atlanta (DC, Global Catalog Servers, Root Domain -- Kris.local)

Cloud

BaltimoreSeattle Chicago San Diego

Figure 1: A Typical Image of a Single Domain for Kris Corporation Showing How the Four Locations Link to the Headquarter (Atlanta -- acting as the DC & Global Catalog Server) through the Cloud

1. Active Directory

Why and How Should the Company Migrate to 2012 AD?

Why Should the Company Migrate to 2012 AD?

Kris Corporation should migrate from Windows Server 2008 to 2012 AD because it comes with a more advanced AD infrastructure. Windows Server 2012 comes with features optimized for the cloud. It comes with a range of features to enable Kris Corporation deploy highly available applications stored in the cloud; this helps solve the issue of the Atlanta location lacking enough physical space for servers. Hyper-V, Powershell 3.0, SMB 3.0 and the improved virtualization hypervisor are just some of the feature the company needs to exploit to overcome the challenges it has been facing throughout its five locations (Desmond, 2013).

PowerShell 3.0 comes with extra 2,300 cmdlets to give additional granular control over the OS. The company can enjoy a wider data center control through commands executed...

Virtualization has been taken a notch higher in the 2012 OS with the Hyper-V 3.0 supporting up to 64 processors and 1TB memory. The VHDX comes with a larger disk storage capacity atop increased resilience than Windows Server 2008. The Server Core is a feature that provides for command-line administration. In 2012 AD, this feature is enhanced for better performance. Unlike running a GUI (graphical user interface), Server Core comes with greater security and supports administration from remote locations. By deploying a role, users of the Kris Corporation network can easily switch between the GUI Server Manager and Server Core views (Desmond, 2013).
Other features of the Windows Server 2012 that Kris Corporation will gain from include: easier replication, dynamic access control, access to better management tools, DHCP failover, AD Recycle Bin improvements and a new DNS system. Replication and DHCP failover will come in handy whenever there are disasters and the organization needs to continue with its operations during and after the disaster. The databases of the different branches can be pointed to an alternative site (replication site) for backup purposes and data accessed. DHCP failover has the ability to continue with IP management operations when the primary DHCP server goes offline thus sustaining the network. This is equally a disaster recovery item (Desmond, 2013).

How Should the Company Migrate to 2012 AD?

By migrating to Windows Server 2012, Kris Corporation is taking a step forward towards adopting a cloud solution. Before the migration can begin, the company must first download Windows Server 2012 R2, perform a full backup of the prevailing Windows Server 2008 and verify AD DS's current Schema version by running regedit command. Navigate to ComputerHKEY_LOCAL_MACHINESYSTEMCurrentcontrolsetServices

TDSParameters and check the Schema's current version. To avoid failure of the new AD server, the organization needs to first carry out the relevant tests and ensure the new AD server works. This can be made possible if a test environment or simulation environment is created. Also, there's the possibility of running both the old AD server and new AD server in parallel for some time to mitigate any failure (parallel change over). A clear fall back plan should be put in place, for instance, the old server should be ready and on standby just in case the new server fails to meet the AD requirements (Desmond, 2013).

Once the newly installed Windows Server 2012 has been determined to work, the migration process can begin.

Step 1: Use the adprep Command to Prepare the Company's Existing Forest (Desmond, 2013)

1. Open Windows Server 2008 R2 AD DS's DVD drive and insert the DVD containing Windows Server 2012.

2. Open the command prompt, type adprep /forestprep and hit the enter key.

3. Using the procedure stated above, check the Schema's current AD DS version.

Step 2: Promote the Domain Controller of Windows Server 2012 Server

1. Open the 'Server Manager Console'and select the 'Add roles and features'.

2. Choose 'Role-based or Feature-based Installation'. Click 'Next'.

3. Under 'Roles', select 'Active Directory Domain Services' option.

4. Click on the 'Add Features' button to accept the required default features.

5. Click on the 'Next' button on the Features screen that pops up.

6. In the next window, check-off 'Restart the destination server automatically if required (this expedites the installation in case the server is automatically reset). Click on the 'Install' button on the same 'Confirm Installation selections' window.

7. Upon completion of installation, click on the 'Close' button to exit the installation window.

8. Notification appears on the dashboard, denoted by a yellow exclamation mark. Click on it and select 'Promote this server to a domain controller' on the drop down menu that comes up.

9. Under 'Select a deployment operation', select the first option 'Add a domain controller into existing domain'.

10. Select or type a proper target domain, which in this case is Kris.local.

11. Click on the 'Change' button to provide the required credentials of the company's network administrator. Click on the 'Next' button.

12. Specify the domain controller capabilities in the new screen: check-off 'Domain Name System (DNS) server' and 'Global Catalog' options. Select the DC site, which in this case should be Atlanta (GA), where the company has its headquarters.

13. Type the 'Directory Services Restore Mode (DSRM) password in the text box provided and confirm it in the appropriate text box.

14. Click on the 'Next' button to move to the next screen.

15. In the 'Additional Options' screen that comes up, choose…