Issues with FSR to DFSR migration

Dave Koll 20 Reputation points
2023-03-24T15:32:32.9133333+00:00

I'm in the process of migrating an AD environment from Windows 2012 R2 to 2022 (new servers). I have not promoted these new servers to DCs yet. However, there is already one 2022 DC in the environment. I should mention that I did not set up this AD environment, but was informed that it was originally set up with 2012 DCs.

If I run dfsrmig /getglobalstate, it says that the current DFSR global state is 'eliminated'. However, dfsrmig /getmigrationstate shows the 2022 DC has not yet reached 'eliminated' state. Migration has not yet reached a consistent state on all domain controllers. State information might be stale due to Active Directory Domain Services latency.

This 2022 DC is in our Azure environment with a VPN to our on-prem network where the 2012 servers reside. I can confirm that AD objects (users and groups) replicate between the two. I also noticed that the c:\windows\sysvol directory has not changed to c:\windows\sysvol_dfsr. The File Replication service is disabled on all three DCs.

Any suggestions on where to start? I'm attaching the dcdiag output from an on-prem DC and the Azure DC.

DCDiag.txt

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,912 questions
0 comments
Accepted answer
  1. Dave Patrick 426.1K Reputation points MVP
    2023-03-24T18:50:29.5666667+00:00

    So this one is a bit worrisome. Might check the event logs for more clues.

    That 2022 DC has probably been a DC for almost a year.

    It may be this one is long ago tombstoned. 

          Starting test: Services  
            Invalid service startup type: NtFrs on DMZAZUREDC01, current value  
            DISABLED, expected value AUTO_START  
            NtFrs Service is stopped on [DMZAZUREDC01]  
         ......................... DMZAZUREDC01 failed test Services

    If it were me I'd move roles off, if needed,
    https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/transfer-or-seize-operation-master-roles-in-ad-ds

    then remove it, do cleanup, if needed, to remove remnants from active directory
    Clean up Active Directory Domain Controller server metadata Step-By-Step: Manually Removing A Domain Controller Server

    then stand up a new one after confirming health is 100% I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2022, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health again.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. cthivierge 4,056 Reputation points
    2023-03-24T15:41:39.8766667+00:00

    My guess is if the Windows 2022 DC has been promoted before the migration of FRS to DFSR, you will need to remove this DC first, then run the FRS - DFSR migration, then promote the 2022 DC

    This may help

    https://learn.microsoft.com/en-us/answers/questions/66480/adding-a-2019-server-domain-controller?msclkid=e0bc06e9cfde11ec8c19d87bcf6bb193

  2. Dave Patrick 426.1K Reputation points MVP
    2023-03-24T15:55:27.2166667+00:00

    but was informed that it was originally set up with 2012 DCs

    If this is true then the replication would already be DFSR You can confirm by looking here, if you find 48 then using DFSR, if null or 0, 16, 32 then FRS or some state of migration from FRS

    enter image description here