AD Schema upgrade manually, before DCPromo Wizard, and plan

iconoclast88 61 Reputation points
2022-07-08T13:22:49.73+00:00

Hi,

My main question is about AD schema upgrade. I have to run it manually outside of the DCPromo wizard. in the past, we've run into show-stopper errors during the schema upgrade, so now it gets its own day (production maintenance window). Does this need to be run on the 2012r2 FSMO role holder (PDC Emulator)? Just confirming. (Yes, I already know this is done autmatically via the dcpromo wizard, but I am not allowed to do this per my superior.)

and aside from that, anything I'm missing on my plan?

I have a 2012r2 environment and have been tasked with splitting up the domain upgrade to 2019 into 3 different days, separated by a week each.

  1. Upgrade schema.
  2. Introduce new DCs. (DCPromo) , migrate FSMO Roles to new PDC emulator, Time adjustment on new PDC to external. Shut down legacy DCs to test signing into domain. Fire back up after testing.

One week period between steps 2. and 3: to have all our third party applications, platforms point to new DCs for LDAP/auth, config settings, etc.

  1. DCPromo down legacy DCs. Then, upgrade forest and domain functional levels.

done.

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,440 questions
Windows Server 2012
Windows Server 2012
A Microsoft server operating system that supports enterprise-level management, data storage, applications, and communications.
1,525 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,814 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Gary Reynolds 9,391 Reputation points
    2022-07-09T03:24:29.617+00:00

    Hi,

    If your AD doesn't have any 3rd party schema extensions, then there should be little issues with the schema update itself. However, there are a few pre-requisites steps I would take before completing the schema update:

    1. Confirm the health of your AD, run repadmin dcdiag and fix any issues before starting
    2. Test the schema update - if you have a virtual environment spin up a snapshot of a DC holding the Schema role in an isolated network, complete the schema update to confirm it will work without any errors
    3. Complete a full verified backup of your DCs
    4. Check AD replication
    5. Complete the schema update on the DC holding the Schema Master FSMO role
    6. Check AD replication

    Depending on the configuration of DNS and time services in your network, you might want to move the IP address of the PDC & primary DNS servers is the new DCs, this could help reduce the number of downstream systems that need to be reconfigured.

    Gary.

    0 comments
  2. rr-4098 1,086 Reputation points
    2022-07-09T16:13:40.997+00:00

    The following link should point you in the right direction for updating the schema manually before your upgrade.

    https://social.technet.microsoft.com/Forums/en-US/77f290d3-ae27-4e83-947c-f9a4cd7c355c/upgrade-active-directory-schema?forum=winserverDS

    0 comments
  3. Limitless Technology 39,336 Reputation points
    2022-07-11T09:05:01.53+00:00

    Hello

    Thank you for your question and reaching out. I can understand you are having query related to AD Schema upgrade.

    I would suggest you to First Introduce 2019 Domain Controller as Additional Writable DC then Migrate all FSMO to new 2019 DC then Upgrade the schema and Retired old 2012 DC.

    Reference :
    https://learn.microsoft.com/en-us/answers/questions/80827/how-to-upgrade-to-a-2019-domain-controller-with-a.html

    ----------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments