active directory migration

matteu31 467 Reputation points
2020-12-01T20:08:08.947+00:00

Hello,

I would like to find some documentation / checkilst about what I need to check before I migrate environment ?

I need to migrate 2012 DC / forest level to 2019 but there is exchange, sccm, forest trust with NT4 ... and I would like to know all what I need to check before the migration.
Technically, migration is not the issue but what point I need to check is :)

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,843 questions
0 comments
Accepted answer
  1. Vicky Wang 2,646 Reputation points
    2020-12-02T09:15:04.383+00:00

    Make sure all AD servers have current good replication (command line tools for this), and fix any AD replication issues first
    Make note of what IP’s your current AD servers have
    Make sure that the primary DNS entry for the primary NIC on the old AD servers is pointed not at itself, but another AD DNS server, second DNS entry can be itself.
    Make sure that the domain is at the highest available Domain Functional Level for the current (old) AD servers that is supported by your org (if you’re on Windows Server 2000, you’ll have to upgrade to 2003/2008 first)
    Make sure that the forest is at the highest Forest Functional Level for the current (old) AD servers that is supported by your org
    Make note of where your DHCP servers are, you’ll need to update these later
    Make sure you have good backups of your AD infrastructure!
    If you’re using Windows DHCP, and you haven’t already done so, create an AD service account for DHCP, and delegate control to that account for DHCP AD duties, only needed if you’re going to migrate DHCP to Server 2016 as well

    reference:https://medium.com/@silasthomas/check-list-active-directory-migration-to-server-2016-fc393842bd3b

    Tip: This answer contains the content of a third-party website. Microsoft makes no representations about the content of these websites. We provide this content only for your convenience.

    Hope this information can help you
    Best wishes
    Vicky

    1 person found this answer helpful.
    0 comments

8 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dave Patrick 426.1K Reputation points MVP
    2020-12-01T21:19:02.14+00:00

    If the trust is currently working I don't see a problem. For the CA / ADFS questions I'd suggest starting a new question here.
    https://learn.microsoft.com/en-us/answers/topics/windows-server-security.html
    https://learn.microsoft.com/en-us/answers/topics/adfs.html

    -please don't forget to Accept as answer if the reply is helpful--

    0 comments
  2. matteu31 467 Reputation points
    2020-12-04T07:57:05.077+00:00

    Thank you all for your answer.

    What I would like is here :
    FRS need to be migrated to DFS-R
    DFL need to be 2008+
    Verify AD is healthy
    Check matric for exchange / sccm / adfs / PKI

    Trust with NT4 is security issue because I need to decrease security algorithm (rc4 enable) right ?
    Probably better to isolate it without any trust if possible should be better.

    0 comments
  3. Vicky Wang 2,646 Reputation points
    2020-12-07T07:11:35.41+00:00

    Hi,

    Just checking in to see if the information provided was helpful.

    Please let us know if you would like further assistance.

    Best Regards,

    0 comments
  4. matteu31 467 Reputation points
    2020-12-07T15:59:33.397+00:00

    Hello,

    Sorry for the delay :)

    It's for next week but I think I have what I need to :)

    0 comments