Or not. I attempted to join my existing domain with this server being a member server, and received a message:

An attempt to resolve the DNS name of a DC in the domain being joined has failed. Please verify that this client is configured to reach a DNS server that can resolve DNS names in the target domain.

OK…I actually know how to fix this, I think… when configuring IP addresses, I didn’t put the local address of my domain controller in as one of the DNS possibilities. Once this change was made…it worked.

So far so good. Now I’m trying to promote the Win 2008 server to a domain controller; it will be interesting to see if this works with Small Business Server as the master domain controller; I recall that one of the restrictions of SBS was that it could be the only DC.

So I can run this remote desktop. I change the permissions to allow logging in under Remote Desktop. Now I can watch this run from my main workstation, with full video support, and avoid the maddening mess on the native monitor screen.

Before actually running the upgrade wizard, there is a utility called adprep which is provided win Win2008. This version is run on the master DC (ie the SBS 2003) to upgrade the AD database to match the level of the Win2008 database. A message suggests that this upgrade takes the existing AD level 30 to AD level 40.
So, I copy the entire adprep folder from the Win2008 machine to the SBS2003 machine, then on SBS2003, I run the following commands:

adprep /forestprep

adprep /domainprep

Then in response to a message from the result of the domain prep, I run the following to update permissions on the group objects:
adprep /domainprep /gpprep

There is a nice help screen which explains this process.

Now, in on the new machine, running the AD Domain Services Installation Wizard, I will “Add a domain controller to an existing domain.”

Now I get an error: “You will not be able to install a read-only DC in this domain because adprep /rodcprep was not yet run. Do you want to continue?” Since I don’t want a RO DC here, that is fine, and I just continue.

It asks to select a site:
Defualt-First-Site-Name

It now asks if I want to install additional services; a DNS server, and a Global catalog. This dialog includes some additional stuff about a Read-Only domain controller, that is irrelevant because I don’t want to install a Read Only domain controller.

So, while I would prefer not to install the DNS server and Global catalog, since eventually I want to promote the Win2008 machine to the master domain controller, I’ll allow these two items to be installed. I hit the “next” button.

Now an error message comes up:

A delegation for this DNS Server will not be created because the authoritative parent zone cannot be found or it does not support dynamic updates. To ensure this DNS Server can be resolved as authoritative for the domain mxdesign.local, you can create a delegation to this DNS Server manually in the parent zone. Do you want to continue?

Well, OK…let’s continue.

Now it asks for locations for the database, log files and SYSVOL, suggesting that these should be on separate volumes. Ain’t gonna happen. Next.

The Directory Services Restore Mode Administrator account is different from the domain Administrator account. Assign a password for the Administrator account that will be used when this domain controller is started in Directory Services Restore Mode.

I give it my normal admin password. There is this talk about the password being the correct complexity and length, and conforming to the correct history.

So far so good, the DNS install goes ahead and completes in about two minutes. This requires a reboot, so I’m psyched to see how this will work when it comes back up.