I really need some detailed help upgrading domain controllers so we can look at moving to Azure

Joe Cimadamore 1 Reputation point
2020-11-07T17:48:24.36+00:00

So we have 3 Domain controllers in our AD structure. 2 are running on servers that have Server 2008 32 bit installed. One of these is our Global catalog. I also have a server running 2012 64 bit. Now I inherited the responsibility of these machines. All are virtual so creating new servers to be pulled in is no problem. I am no AD expert and nobody at my work is. I want to get this count down to 2 servers running 2019 64 bit and as we add more to the cloud we are considering moving our AD functionality to the cloud eventually as well. I could really use some detailed steps on what my process should be. I appreciate anything anyone can do to help me.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,697 questions
{count} votes

7 answers

Sort by: Most helpful
  1. Anonymous
    2020-11-07T18:54:26.613+00:00

    The two prerequisites to introducing the first 2019 domain controller are that domain functional level needs to be 2008 or higher and older sysvol FRS replication needs to have been migrated to DFSR
    https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Streamlined-Migration-of-FRS-to-DFSR-SYSVOL/ba-p/425405

    I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2019, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one.

    --please don't forget to Accept as answer if the reply is helpful--

    0 comments No comments

  2. Joe Cimadamore 1 Reputation point
    2020-11-07T20:49:28.237+00:00

    So I wanted to verify the domain function level. I get message that one of the servers is not running the appropriate version of windows. I did save the file it offers and it lists the two 2008 servers and they are running Windows Server 2008 Standard 6.0 (6003). It does not even list the 2012 server so I question whether it is in the domain truly. Do I have any issues to address with this or do I start on the information to migrate to DSFR?

    0 comments No comments

  3. Anonymous
    2020-11-07T21:16:10.023+00:00

    You'll want to fix it before doing anything. Please run;

    Dcdiag /v /c /d /e /s:%computername% >c:\dcdiag.log
    repadmin /showrepl >C:\repl.txt
    ipconfig /all > C:\dc1.txt
    ipconfig /all > C:\dc2.txt
    ipconfig /all > C:\dc3.txt

    then put unzipped text files up on OneDrive and share a link.

    0 comments No comments

  4. Joe Cimadamore 1 Reputation point
    2020-11-13T14:07:14.04+00:00
    0 comments No comments

  5. Anonymous
    2020-11-13T14:40:35.63+00:00

    --please don't forget to Accept as answer if the reply is helpful--

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.