Share via

I have a new server 2019. I will like to move my domain controller from 2012R2 to it. The existing domain controller is my dns server as. How can I achieve this without losing anything on the old DC?

Mohammed Alidu 20 Reputation points
2023-08-23T15:49:15.4166667+00:00

I have a new server 2019. I will like to move my domain controller from 2012R2 to it. The existing domain controller is my dns server as. How can I achieve this without losing anything on the old DC?

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,726 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,939 questions
0 comments
Accepted answer
  1. Daisy Zhou 32,421 Reputation points Microsoft External Staff
    2023-08-24T01:58:31.15+00:00

    Hello Mohammed Alidu,

    Thank you for posting in Q&A forum.

    As I understand, your Domain Controller (also DSN server) is Windows server 2012 R2, you want to migrate from Windows server 2012 to Windows server 2019.

    Step 1
    As Dave mentioned, you should check SYSVOL replication type. If it is FRS or DFSR.

    Here is checking method via registry:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DFSR\Parameters\SysVols\Migrating Sysvols\LocalState registry subkey. If this registry subkey exists and its value is set to 3 (ELIMINATED), DFSR is being used. If the subkey does not exist, or if it has a different value, FRS is being used.

    If it is DFSR, that is OK.

    If it is FRS, you should migrate from FRS to DFSR first.
    For how to migrate SYSVOL from FRS to DFSR, we can refer to the following article.

    qUICKLY Explained: Migrate Your SYSVOL Replication from FRS to DFSR
    https://blogs.technet.microsoft.com/qzaidi/2012/01/16/quickly-explained-migrate-your-sysvol-replication-from-frs-to-dfsr/

    Step 2

    Before we do any changes to our AD environment, we had better to check our AD environment health. So we can try the following steps:

    1.We need to check if all the DCs works fine, we can run Dcdiag /v on each DC to check.
    2.Run Repadmin /showrepl and repadmin /replsum on all DCs to check AD replication status if you have multiple DCs in your domain.

    Step 3
    1.Add new 2019 server to the existing domain.
    2.Promote this 2019 server to Domain Controller (add AD DS role and DNS role).
    3.Also make this new 2019 DC as GC.
    4.Check the health status of new DC and old DC and AD replication status (if you have more than one DC).
    5.Transfer FSMO roles to the new 2019 DC if needed.
    We can check whether you have successfully transferred the FSMO roles by running the command as administrator on any DC: netdom query fsmo
    6.Raise forest functional level and domain functional level if needed.

    How to raise Active Directory domain and forest functional levels:

    https://support.microsoft.com/en-us/help/322692/how-to-raise-active-directory-domain-and-forest-functional-levels

    7.Because old 2012 R2 DC was a DNS server, update the DNS client configuration on all member workstations, member servers, and other DCs that might have used this DNS server for name resolution. If it is required, modify the DHCP scope to reflect the removal of the DNS server.

    8.Because old 2012 R2 DC was a DNS server, update the Forwarder settings and the Delegation settings on any other DNS servers that might have pointed to the removed DC for name resolution.
    9.Migrate other roles on old DC to new server if you have.

    10.After you transfer FSMO roles and update all DNS settings, and migrate other roles if you have. And after a period of time, if everything is OK, we can consider to demote the old 2012 R2 DCs if needed.

    Hope the information above is helpful. If you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    ==========================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-08-23T16:56:58.8266667+00:00

    The two prerequisites to introducing the first 2019 or 2022 domain controller are that domain functional level needs to be 2008 or higher and older sysvol FRS replication needs to have been migrated to DFSR

    I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2019 or 2022, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.