In this article we’ll take a closer look on how to migrate Active Directory domain from Windows Server 2012 R2 to Windows Server 2016.
Suppose you have an Active Directory domain named contoso.com and one domain controller dc.contoso.com. You want to install a new DC dc01.contoso.com with Windows Server 2016, upgrade the Active Directory schema to Windows Server 2016, transfer the FSMO roles to it, and remove the old domain controller. Below you will find a short manual on how to do this.
Install Windows Server 2016 on a new server, assign it a static IP address and host name dc01. Join it to the AD domain.
Using Server Manager install on the new server role Active Directory Domain Services.
After the installation, you need to promote the role of the new server to the domain controller (add a domain controller to the existing domain). To do this, you will need an account in the existing domain with Enterprise Admins rights.
Next, specify that this server will act as a DNS server and a global catalog (GC) and set a FSRM restore password.
On the Additional Options screen, you need to specify from which domain controller replication will be performed.
Then you can’t change anything without special need. Press Next > Next > Next > Install.
Wait for the role to be installed and restart the server. As a result, you will have a new domain controller in the AD.
Start the KCC service to create new connections with the new domain controller:
On each DC check that the synchronization passes without errors:
Repadmin /syncall /AeS repadmin /replsum
Start the Active Directory Users and Computers snap-in, and verify that a new domain controller has been added to the root OU Domain Controllers.
After adding a new DC with Windows Server 2016, the AD Schema Version automatically switches to 87 (Upgrading Active Directory Schema).
Move-ADDirectoryServerOperationMasterRole -Identity “dc01” –OperationMasterRole DomainNamingMaster,PDCEmulator,RIDMaster,SchemaMaster,InfrastructureMaster
Using the following command, you can make yourself sure that all the FSMO roles successfully moved to the new DC:
netdom query fsmo
Once again, start replication on all DCs:
repadmin /syncall /AeS
Now you can start deleting the old domain controller. First you need to disable the role Global Catalog on it. To do this, open the Active Directory Sites and Services snap-in, expand the Sites folder, then Default-First-Site-Name, then Servers, and finally select your old DC.
Click NTDS Settings for the old server and select Properties. In the newly appeared window, you must remove the checkbox from the Global Catalog item and click OK.
This completes the migration of Active Directory. Now you can uninstall the ADDS role from the old domain controller. After that when you open the Active Directory Users and Computers snap-in, you will see that there is only one (new) domain controller left – running Windows Server 2016.
After decommission the old server, do not forget to run:
repadmin /kcc repadmin /syncall /AeS repadmin /replsum
That’s all. You’ve successfully moved your domain to the Windows Server 2016!
- RDP Error: Remote Desktop Can’t Find the Computer - September 17, 2020
- How to Seize FSMO Roles From Dead Domain Controller? - September 16, 2020
- Active Directory Schema Update - September 11, 2020