Hi,
 
I recently helped a customer with this tricky little exercise.
The idea was to do the upgrade during office hours with as little downtime as possible and to run it remotely from one server.
 
It’s following the basic guide here: http://technet.microsoft.com/en-us/library/cc753875.aspx
 
But this formal guide wasn’t very “real world”. It forgets that there are clients out there with cached referrals who take a long time to realise that the namespace links have changed.
 
In my example, I use these names which you’ll need to change:

·        The existing 2003 DFS server is FILE1. All the commands below are run on this server in C:\temp.

·         The first new 2012 R2 DFS server is FILE2

·         The domain is child.corp.contoso.com

·         The DFS Namespace in the domain is called “Testing”, so the path is \\child.corp.contoso.com\Testing

·         There are 3 target servers where all DFS links point to: TARGET1 , TARGET2 , TARGET3

 
First, start by setting the existing 2003 DFS servers to issue FQDNs in their DFS referrals. This was a requirement of the customer as they wanted other forests to access this namespace, and wanted to be as efficient as possible.
Note this requires restarting DFS-N:
 

dfsutil server registry DfsDnsConfig set \\FILE1
sc \\FILE1 stop DFS
ping -n 5 127.0.0.1 > NUL
sc \\FILE1 start DFS
Run this for each of the 3 existing DFS servers.

 
Next we copy the DFS root folder and share (including all security) to the new DFS servers:
 

robocopy C:\DFSRoots\ \\FILE2\c$\DFSRoots\ Testing /COPYALL /E /XJ
reg copy \\FILE1\HKLM\System\CurrentControlSet\Services\LanManServer\Shares \\FILE2\HKLM\System\CurrentControlSet\Services\LanManServer\Shares /s /f

 
You will run this command for all new DFS-N servers
 
We then set the new DFS servers to use FQDNs in their referrals:
 

dfsutil server registry DfsDnsConfig set \\FILE2

 
We need to restart the Server service so it can start sharing the shares we copied just before. This will also restart the DFS-N service for us, so the FQDN change will work:
 

echo net stop LanManServer /yes > \\file2\c$\Temp\restartsvc.bat
echo net start LanManServer >> \\file2\c$\Temp\restartsvc.bat
echo net start DFS >> \\FILE2\c$\Temp\restartsvc.bat
psexec \\FILE2 -d -accepteula c:\temp\restartsvc.bat
Echo Waiting for 30 seconds for the Server service on FILE2 to restart
ping -n 30 127.0.0.1 > NUL

 
PSExec is needed to run the bat file because once the server service is stopped, it can’t be started remotely because it’s needed to accept the remote commands.
 
Next, we need to export the existing DFS-N configuration and change all the short-name paths to FQDNs:
 

dfsutil root export \\child.corp.contoso.com\Testing C:\temp\export.xml
REM Get FNR.exe from here: http://findandreplace.codeplex.com/
fnr.exe --cl --dir "C:\temp" --fileMask "export.xml" --find "\\\\TARGET1\\" --replace "\\\\TARGET1.child.corp.contoso.com\\" --silent
fnr.exe --cl --dir "C:\temp" --fileMask "export.xml" --find "\\\\TARGET2\\" --replace "\\\\TARGET2.child.corp.contoso.com\\" --silent
fnr.exe --cl --dir "C:\temp" --fileMask "export.xml" --find "\\\\TARGET3\\" --replace "\\\\TARGET3.child.corp.contoso.com\\" --silent

 
We add the new DFS-N servers to the existing namespace:
 

dfsutil target add \\FILE2.child.corp.contoso.com\Testing

 
Repeat this for each of the 3 new namespace servers.
 
Then we find the PDCe for the domain. We need to restart the DFS-N service on the PDCe as it doesn’t seem to accept that we add a new namespace servers so easily:
 

nltest /dnsgetdc:child.corp.contoso.com /PDC | find ".">PDC.txt
FOR /F "delims=. " %i IN (PDC.txt) DO sc \\%i stop DFS
ping -n 5 127.0.0.1>NUL
FOR /F "delims=. " %i IN (PDC.txt) DO sc \\%i start DFS
ping -n 5 127.0.0.1>NUL

 
You now need to wait for a DAY for the new namespace servers to actually take effect on the SMB clients out there on the network.
If a session has an open write connection to any file on the DFS namespace path, then it will NOT update its target list.
You verify this by logging on to the client computer and running:
 

dfsutil.exe cache referral
If it shows something like this…:
Entry: \child.corp.contoso.com\Testing
ShortEntry: \child\Testing
Expires in 276 seconds
UseCount: 0 Type:0x81 ( REFERRAL_SVC DFS )
  0:[\OLD-SERVER-1\Testing] AccessStatus: 0 ( ACTIVE TARGETSET )
   1:[\OLD-SERVER-3\Testing]
   2:[\OLD-Server-2\Testing]

 
…and doesn’t list the new server names, then do NOT proceed to the next step. You can try flushing the DFSN cache, but if there are open files, this won’t have any effect. You will need to reboot this server before it learns of the new DFSN servers.
 

dfsutil.exe cache referral flush
You are looking for an output which looks like this:
Entry: \child.corp.contoso.com\Testing
ShortEntry: \child.corp.contoso.com\Testing
Expires in 276 seconds
UseCount: 0 Type:0x81 ( REFERRAL_SVC DFS )
  0:[\OLD-SERVER-1\Testing] AccessStatus: 0 ( ACTIVE TARGETSET )
   1:[\OLD-SERVER-3\Testing]
   2:[\NEW-SERVER-3.child.corp.contoso.com\Testing]
   3:[\NEW-SERVER-2.child.corp.contoso.com\Testing]
   4:[\OLD-SERVER-3\Testing]
   5:[\NEW-Server-1.child.corp.contoso.com\Testing]

 
If you are sure that all the important SMB clients have updated their lists of possible namespace servers to include the 3 old servers and the 3 new servers (so 6 in all), then you can do the next step.
The next step can only be run in the GUI because dfsutil cannot disable links. Open the DFS console, select the 3 old namespace servers and choose “Disable Namespace Server” for each of them:
 
This will make sure that anyone who is still using the old Namespace servers can continue to do so, but that anyone who asks for a new referral will NOT receive the old servers.
 
WAIT ANOTHER DAY.
We need to make sure that all SMB clients end their sessions (by closing all their open write handles) and create new referral caches with only the new DFS-N servers in them.
Logon to one of the big SMB clients on the network and verify that the OLD name space servers do NOT appear in referral cache:
 

dfsutil.exe cache referral
This should now look like this:
Entry: \child.corp.contoso.com\Testing
ShortEntry: \child.corp.contoso.com\Testing
Expires in 276 seconds
UseCount: 0 Type:0x81 ( REFERRAL_SVC DFS )
   0:[\NEW-SERVER-1.child.corp.contoso.com\Testing] AccessStatus: 0 ( ACTIVE TARGETSET )
   1:[\NEW-SERVER-3.child.corp.contoso.com\Testing]
   2:[\NEW-SERVER-3.child.corp.contoso.com\Testing]

 
If old server names appear in the list, do NOT continue to the next step. Again, you can try to flush the DFS referral cache, but this is unlikely to work. The SMB client will likely need to be restarted (again).
 
Remove the old namespace servers. Don’t use the GUI as this will attempt to also remove the share, which may cause extra difficulties if you need to rollback this step:
 

dfsutil target remove \\FILE1\Testing

 
Repeat this command for each of the 3 old namespace servers.
 
We will now delete the existing DFS-N namespace and create a new one which is in Windows Server 2008 mode (aka v2). Existing sessions will be unaffected as they work from their referral cache. New sessions may fail if they are created in the next few seconds. Retrying will succeed without any intervention.
Run these commands on one of the new DFS-N servers. Copy the export.xml file from the old DFS-N server where you have been running the previous commands from.
This needs to be run locally due to the time it takes to re-create the links. It will be around 15 seconds when run locally and about 1-2 minutes if run remotely:
 

dfsutil root import set C:\temp\export.xml \\child.corp.contoso.com\Testing NoBackup

 
Where FILE3 and FILE4 in the example above are the additional new DFS-N servers.
 
That will do it. You are now running the same exact namespace setup with the same permissions, but on new computers, using FQDN referrals and a v2 namespace.