How to run an InPlace Upgrade DC Windows 2019 Server up to Windows 2025 Server

Question

Hello,

I would like to ask here, whether I can do an InPlace Upgrade from Domain Controller with Windows 2019 up to Windows 2025? I have to mention all the FSMOs are running on one Domain Controller and that DC has Windows Server 2019.

Is there any way to do that without a clean Installation?

It is very important because all the FSMOs are running on the Windows 2019 Server with all the Certificate.

Thank you for help

Nick

Answer 1

Objective:
To perform a secure and supported in-place upgrade of a single Domain Controller (DC) running Windows Server 2019 (holding all FSMO roles) to Windows Server 2025.

1. Prerequisites and Planning

Ensure the DC is running Windows Server 2019 Standard or Datacenter (Desktop Experience).

Domain and Forest Functional Level should be at least Windows Server 2012.

Ensure AD DS, DNS, and SYSVOL are healthy.

Minimum of 30–40 GB free disk space.

Backup strategy in place (System State + Full Image).

Temporarily disable or uninstall third-party antivirus software.

2. Pre-Upgrade Tasks

1. System State Backup: wbadmin start systemstatebackup -backuptarget:D:\
2. Verify AD Health: dcdiag /v /c /d /e /s:YourDCName > DCHealthCheck.txt repadmin /replsummary
3. Check FSMO Roles: netdom query fsmo
4. Validate SYSVOL and NETLOGON shares: net share
5. Check DNS Resolution: nslookup domain.local

3. Upgrade Procedure

Mount Windows Server 2025 ISO

Run setup.exe

Select:

"Keep personal files and apps"

Correct edition matching existing license (Standard/Datacenter with GUI)

Accept license terms and begin upgrade

Wait for installation to complete and server to reboot

4. Post-Upgrade Validation

Log into the upgraded server.

• Re-run health checks: dcdiag repadmin /replsummary netdom query fsmo net share nslookup domain.local Check Event Viewer for AD DS, DNS, and system logs. Ensure SYSVOL and NETLOGON are shared correctly.

5. Optional: Raise Domain and Forest Functional Levels

Only do this if all DCs are now on Windows Server 2025:

Set-ADForestMode -Identity "domain.local" -ForestMode Windows2025Forest Set-ADDomainMode -Identity "domain.local" -DomainMode Windows2025Domain

6. Recovery Plan

IssueActionBoot failureRestore from full image backupAD corruptionPerform authoritative restore using ntdsutilDNS/SYSVOL errorsReview Event Viewer, reset shares or services

Answer 2

Hi,

Actually i have tried with the 2016 to 2019 migration in production with all the above condition it's working fine.

As you know always the recommendation is to deploy new server and extend the DC and transfer the FSMO and decommission the old one

Regards,

Pasupathi M

Answer 3

Hi,

If all FSMO roles are hosted on a single Domain Controller running Windows Server 2019, the safest approach to minimize any risk to your environment is as follows:

First, transfer the FSMO roles to another Domain Controller to act as a backup. If you don’t already have a secondary DC, it’s strongly recommended to deploy one temporarily to ensure redundancy.

Once the roles have been safely transferred, demote the original Windows Server 2019 DC, then proceed with the in-place upgrade to Windows Server 2025. After the upgrade completes successfully, you can promote it back to a Domain Controller and, if desired, move the FSMO roles back.

This approach provides a safety net in case the upgrade encounters issues and helps maintain domain availability during the process.

Reference link:

Demoting domain controllers and domains

Overview of Windows Server upgrades