Share via

AD server 2016 to 2022 migration

Anonymous
2023-10-09T09:28:07+00:00

Dear Team,

I have a Windows server 2016 and AD-DS server configuration, I want to migrate AD-DS from 2016 to 2022.

Kindly guide & share with us the steps.

Regards,

Ritesh Shah

Windows for business | Windows Server | Directory services | Active Directory

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

7 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-10-10T00:30:09+00:00

    Hello RSHAH_1501,

    Thank you for posting in Microsoft Community forum.

    The recommended way to upgrade Windows Server 2016 domain controllers to 2022 domain controllers is adding new 2022 server to domain and promoting this 2022 server as Domain Controller, we do not recommend performing in-place upgrade the OS of 2016 Domain Controller from 2016 to 2022.

    Is your Windows Server 2016 Domain Controller also a DNS server? If so, steps below are for your reference.Step 1You should check SYSVOL replication type. If it is FRS or DFSR.

    Here is checking method via registry:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DFSR\Parameters\SysVols\Migrating Sysvols\LocalState registry subkey. If this registry subkey exists and its value is set to 3 (ELIMINATED), DFSR is being used. If the subkey does not exist, or if it has a different value, FRS is being used.

    If it is DFSR, that is OK.

    If it is FRS, you should migrate from FRS to DFSR first.

    For how to migrate SYSVOL from FRS to DFSR, we can refer to the following article.

    qUICKLY Explained: Migrate Your SYSVOL Replication from FRS to DFSR
    https://blogs.technet.microsoft.com/qzaidi/2012/01/16/quickly-explained-migrate-your-sysvol-replication-from-frs-to-dfsr/

    Step 2

    Before we do any changes to our AD environment, we had better to check our AD environment health. So we can try the following steps:

    1.We need to check if all the DCs works fine, we can run Dcdiag /v on each DC to check.
    2.Run Repadmin /showrepl and repadmin /replsum on all DCs to check AD replication status if you have multiple DCs in your domain.

    Step 3
    1.Add new 2022 server to the existing domain.

    2.Promote this new 2022 server to Domain Controller (add AD DS role and DNS role).

    3.Also make this new 2022 DC as GC.

    4.Check the health status of new DC and old DC and AD replication status (if you have more than one DC) followed Steps 2.

    5.If you have more than one Domain Controllers to migrate from lower OS level (2016) to higher OS level (2022), please repeat 1-4 within Step 3.

    6.After all DCs have migrate from lower OS (2016) to higher OS (2022), transfer FSMO roles to the new 2022 DC if needed.
    We can check whether you have successfully transferred the FSMO roles by running the command as administrator on any DC: netdom query fsmo
    7.Raise forest functional level and domain functional level if needed.

    How to raise Active Directory domain and forest functional levels:

    https://support.microsoft.com/en-us/help/322692/how-to-raise-active-directory-domain-and-forest-functional-levels

    8.Because old 2016 DC was a DNS server, update the DNS client configuration on all member workstations, member servers, and other DCs that might have used this DNS server for name resolution. If it is required, modify the DHCP scope to reflect the removal of the DNS server.

    9.Because old 2016 DC was a DNS server, update the Forwarder settings and the Delegation settings on any other DNS servers that might have pointed to the old 2016 DC for name resolution.

    10.Migrate all other roles on old 2016 DC to new 2022 DC (or other member servers) if you have or if you need.

    11.After you transfer FSMO roles and update all DNS settings and migrate other roles if you have. And after a period of time, if everything is OK, we can consider demoting the old 2016 DC if needed.

    I hope the information above is helpful.

    If you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    4 people found this answer helpful.
    0 comments
  2. Anonymous
    2024-01-23T16:17:40+00:00

    Hello,

    This is Ulrich,

    I followed the steps here and everything worked just fine. I added an extra step which was to give my new 2022 DC the IP address of my old 2016 server, and the reason why is that that IP is being used everywhere to reference our DNS and DHCP.

    The first issue I ran into was that, after switching the IPs, my end users were not able to access the network. they are getting the correct IP but for some reason are not able to access the network.

    The second issue is that the replication check (Dcdiag /v) is failing with the below error:

    Starting test: DFSREvent 

         The DFS Replication Event Log. 

     There are warning or error events within the last 24 hours after the SYSVOL has been shared.  Failing SYSVOL 

     replication problems may cause Group Policy problems. 

     A warning event occurred.  EventID: 0x80001780 

        Time Generated: 01/22/2024   09:33:04 

        Event String: 

        The DFS Replication service failed to update configuration in Active Directory Domain Services. The service will retry this operation periodically. 

        Additional Information: 

        Object Category: msDFSR-LocalSettings 

        Object DN: CN=DFSR-LocalSettings,CN=OM-DC-01,OU=Domain Controllers,DC=XXX,DC=XXXXX,DC=com 

        Error: 2 (The system cannot find the file specified.) 

        Domain Controller: omdc01.local.lra-inc.com 

        Polling Cycle: 60 

     A warning event occurred.  EventID: 0x80001A94 

        Time Generated: 01/22/2024   09:33:05 

        Event String: 

        The DFS Replication service has detected that no connections are configured for replication group Domain System Volume. No data is being replicated for this replication group. 

        Additional Information: 

        Replication Group ID: C17F6A36-180B-4B68-BCA2-672484961C40 

        Member ID: AA3E8344-471A-4E64-94DE-1633D2932E70 

     A warning event occurred.  EventID: 0x80001206 

        Time Generated: 01/22/2024   09:33:05 

        Event String: 

        The DFS Replication service initialized SYSVOL at local path C:\Windows\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner OMDC02.XXX\*\*\*\*. If the server was in the process of being promoted to a domain controller, the domain controller will not advertize and function as a domain controller until this issue is resolved. This can occur if the specified partner is also in the initial synchronization state, or if sharing violations are encountered on this server or the synchronization partner. If this event occurred during the migration of SYSVOL from File Replication service (FRS) to DFS Replication, changes will not replicate out until this issue is resolved. This can cause the SYSVOL folder on this server to become out of sync with other domain controllers. 

        Additional Information: 

        Replicated Folder Name: SYSVOL Share 

        Replicated Folder ID: 1E352A2E-53B8-43F4-BE19-694ED8A59DB8 

        Replication Group Name: Domain System Volume 

        Replication Group ID: C17F6A36-180B-4B68-BCA2-672484961C40 

        Member ID: AA3E8344-471A-4E64-94DE-1633D2932E70 

        Read-Only: 0 

     An error event occurred.  EventID: 0xC0001394 

        Time Generated: 01/22/2024   09:43:12 

        Event String: 

        The DFS Replication service failed to communicate with partner LWDC02 for replication group Domain System Volume. The partner did not recognize the connection or the replication group configuration. 

        Partner DNS Address: LWDC02.XXX\*\*\*\* 

        Optional data if available: 

        Partner WINS Address: LWDC02 

        Partner IP Address: 10.0.1.36 

        The service will retry the connection periodically. 

        Additional Information: 

        Error: 9026 (The connection is invalid) 

        Connection ID: EB613AA2-8CDA-446F-BAA0-AD21649A48BF 

        Replication Group ID: C17F6A36-180B-4B68-BCA2-672484961C40 

     A warning event occurred.  EventID: 0x80001396 

        Time Generated: 01/22/2024   11:54:17 

        Event String: 

        The DFS Replication service is stopping communication with partner OMDC01 for replication group Domain System Volume due to an error. The service will retry the connection periodically.

    Also, I have couple questions.

    1- I now have my old DC (2016) still running with AD DS, DNS and DHCP roles with my new DC (2022) with also AD DS, DNS, and DHCP roles. Will that be a problem on my network?

    2- I switch over my primary domain to be the new 2022 server and I want to decom the old one, but I don't know what the best practice is. should I wait a bit longer before I decom that?

    Thanks,

    Ulrich

    0 comments
  3. Anonymous
    2024-01-24T04:25:04+00:00

    Hello RSHAH_1501,

    Thank you for your reply.

    1- I now have my old DC (2016) still running with AD DS, DNS and DHCP roles with my new DC (2022) with also AD DS, DNS, and DHCP roles. Will that be a problem on my network?

    A1: If the migration process is OK, there should be no problem.

    2- I switch over my primary domain to be the new 2022 server and I want to decom the old one, but I don't know what the best practice is. should I wait a bit longer before I decom that?
    A2: If everything works fine, you can wait for 1-3 month and demote the old one.

    For the preferred DNS server on 2022 DC, if 2022 DC is also a DNS server, you can set the preferred DNS server using IP address of 2022 DC and 127.0.0.1 on 2022 DC.

    Did you have only one 2016 Domain Controller before you add 2022 DC.
    Did the (Dcdiag /v) failing with the below error on 2022 DC?

    If you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    0 comments
  4. Anonymous
    2024-01-25T02:12:00+00:00

    Hello Daisy,

    thank you for your helpful response.

    I have 4 different sites with two 2016 DC on each. Right now I am only working on one site where I migrated the primary DC from 2016 to 2022 and I still have the other one running on 2016. I am planning to migrate the second one this weekend. So I actually have 3 DCs on the site I am working on right now. my old primary 2016 DC, my new 2022 DC where I migrated everything to, and my second 2016 DC.

    yes, the (Dcdiag /v) is failing on 2022 DC.

    I have another concern: after the migration which went just fine with no error, I noticed that they are some folders that were on the old DC that did not move to the new DC. The below picture is my old DC tree. the highlighted folder are those that did not moved over to the new DC. Some of them are empty, but the once that I have concern with are System and Microsoft Exchange System Objects (there are some public folders in the second one). there are many information in the System folder. Do I need to migrate them over to my new DC? if yes, How?

    thank you very much for your help.

    0 comments
  5. Anonymous
    2024-01-25T03:31:54+00:00

    Hello RSHAH_1501,

    You can try to check the option "Advanced Features", then you will see the highlighted folder you mentioned.

    If you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    0 comments