This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 11%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPD%3C/text%3E%3C/svg%3E)
Was trying to upgrade our infra to windows 2022. We have 2012 forest settings and 2 DCs in one site and 1 DC in another. 2 2012 and 1 2019. I built amd added 2 2022 domain controllers to the infra and let them sit until I created a plan to move all roles and migrate dhcp and cert server to them. End state I wanted just 2022 servers. During this, I was receiving all kinds of replication errors, especially with dfsr(every though it was migrated previously) mind you I took over this infra from someone else who left and documentation was very light. Our terminal services was not working for users and it was noticed that there were more domain controllers than previous thought. The other two I found, hyper v instances could not be reached. Had no documentation on them but they were in dns and active directory. After an exhausted effort to access them(no ping, not up and could not access them from any hyper v management console) I removed them from AD and DNS manually. I went and removed every svr record from dns and removed them from sites and services(not a trace left)
The two 2022 I built I demoted them and removed them. Now I have 2 2012 in one site and 1 2019 in another. This is where things get bad. After checking replication, it passed everything but dfsr. But I am noticing some things are breaking. Dns complains about broken delegation and my Vcenter which I assume is AD integrated, will not log me in. I was in it yesterday and was kicked out and tried to logon with incorrect credentials error. I am thinking these 2 DCs had played a bigger role and due to no documentation, which it said, they are not being used and you can deleted them, is an issue. My question is I need to get AD and DNS (it is intergrated) back to working state. Can anyone suggest something. I can upload any log files needed for a second look to confirm that it's either just a plain replication issue or something else is going on
I'd start by checking the system and DFS Replication event logs on all three since last boot for errors.
--please don't forget to upvote and Accept as answer if the reply is helpful--
Just checking if there's any progress or updates?
--please don't forget to upvote and Accept as answer if the reply is helpful--
Found really old DNS entries in the DNS tab of some DCs.(Duh, for not looking there). Got rid of them. Cleaned up AD and DNS and removed all old metadata(were surprisingly alot of crap)
forced replication and let it simmer. DFSR replicated with no issues, and DNS is now working. So end state I have 3 DCs, 2 in one site and 1 in another. Now I will plan out my upgrade to Win2022. The only issue is I lost Windows Auth on my Vcenter as the guy before me had really old name servers in the resolv.conf file on the appliance.
Quick question, is it better to introduce new 2022 DCs into the infra with new IP address and names, or is it best to take down one DC and rebuild it with the same IP address from 2012 to 2022.
Glad to hear its sorted.
is it better to introduce new 2022 DCs into the infra with new IP address and names, or is it best to take down one DC and rebuild it with the same IP address from 2012 to 2022.
Either way is fine really. More an administrative preference.