Dear fellow forum members,

the IT team of one of our customers is planning a change in their Microsoft Active Domain forest in their LAN: as their SAP ERP systems are all domain installations, they have asked me, as their BASIS consultant, if this activity could harm in any way their SAP landscape.

The SAP ERP Systems are domain installations on two Windows Server 2008 R2 64 bit hosts.

This is the activity they plan to do is to replace an old Windows Server 2003 domain controller with a Windows Server 2012 domain controller. These are the steps they will do:

1) Add the new Windows Server 2012 domain controller to the forest;

2) Move the main roles from the old Windows Server 2003 domain controller to the new 2012 one, following the procedure recommended by Microsoft;

3) Remove the old Windows 2003 R2 domain controller from the forest.

During all the procedure, their current Windows Server 2008 domain controller will remain active and functional. At the end of the procedure, the domain will then be updated to a Windows Server 2008 structure, from the actual 2003.

I can't see any problem in this procedure: at least one domain controller will always remain active so the SAP users <sid>adm and SAPService<SID> will be able to authenticate on the domain with no interruptions. Also the SAP hosts won't change name, FQDN, IP address or configuration.

But I'm not a Microsoft AD expert and this procedure can't be tested beforehand, because all the SAP systems belong to the same domain obviously.

I've searched through the SAP knowledge base and I can't find any note or document that is relevant to this activity.

I've also opened a ticket to SAP, but they basically replied that the Active Directory is a matter for the Microsoft consultants, not SAP. They also recommended I post my question on the forum so here I am.

So I'd like to ask you if you foresee any problems with this procedure, and if you can recommend preparation activities or any other kind of precautions.

Thanks, kind regards.

--

M