Hello @mahmoud azletni ,
Thank you for posting here.
**Q1:**how i could do that the best way with no downtime?
**A1:**Based on my understanding, I understand you want to migrate 2012 R2 DC in your domain to 2019 DC, if anything I misunderstood, please correct me.
As DSPatrick mentioned, if we want to add 2019 DC in our existing domain, we need to check forest functional level and SYSVOL replication type.
Forest/domain functional level should be 2008 or higher and SYSVOL replication should be DFSR.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DFSR\Parameters\SysVols\Migrating Sysvols\LocalState registry subkey. If this registry subkey exists and its value is set to 3 (ELIMINATED), DFSR is being used. If the subkey does not exist, or if it has a different value, FRS is being used.
Meanwhile, before we do any change in existing AD domain environment, we had better do:
1.Check if AD environment is healthy. Check all DCs in this domain is working fine by running Dcdiag /v.
Check if AD replication works properly by running the commands below.
repadmin /showrepl >c:\repsum1.csv
repadmin /replsum >c:\repsum2.csv
repadmin /showrepl * /csv >c:\repsum3.csv
If there is no any error in the command result, it seems AD environemtn is healthy.
2.Had better back up all domain controllers.
3.Check both SYSVOL folder and Netlogon folder are shared by running net share on each DC.
4.SYSVOL replication works fine.
5.Check we can update gpupdate /force on each DC successfully.
After we ensure forest function level is 2008 and SYSVOL replication is DFSR replication type.
And all DCs and the entire AD environement are healthy.
For DC migration in the same domain, we suggest we promote a new DC in the existing domain.
The steps below for your reference.
1.Add the new Window server 2019 to this existing domain.
2.Add AD DS and DNS roles.
3.Promote this Windows server 2019 as a DC (also as a GC).
4.If the DC is promoted successfully, check if AD environment is healthy again.
5.If step 1-step 4 is OK without any error. We can transfer FSMO roles to new 2019 DC if needed.
6.Raise forest/domain functional level if needed.
7.Demote Windows server 2012 R2 after migrating AD DS and DNS role and FSMO roles if needed.
Before we demote 2012 R2 DC, we should check if needed:
If the 2012 R2 DC was also a DNS server, update the DNS client configuration on all member workstations, member servers, and other DCs that might have used this DNS server for name resolution. If it is required, modify the DHCP scope to reflect the removal of the DNS server.
If the 2012 R2 DC was also a DNS server, update the Forwarder settings and the Delegation settings on any other DNS servers that might have pointed to the removed DC for name resolution.
Other considerations:
1.Had better perform DC migration during downtime.
2.Migrate other roles and features on this 2012 R2 DC if needed before demoting it/removing it from the domain.
3.Ensure that all domain functional levels are equal to or higher than the forest functional level;
4.Ensure that the operating system level of all domain controllers is equal to or higher than the domain functional level;
**Q2:**could i added the new server to cluster ?
**A2:**From the following link, we can not add a DC (server with AD DS role) into cluster.
You cannot add a domain controller as a node in a failover cluster environment
https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/cannot-add-domain-controller-node-failover-cluster
Multiple DCs (more than one DC) in the same domain will achieve fault tolerance. We do not need add DCs in the cluster.
Hope the information above is helpful.
If anything is unclear or if anything I misunderstood, please let us know.
References
Forest and Domain Functional Levels
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels
Upgrade Domain Controllers to Windows Server 2016
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/upgrade-domain-controllers
Best Regards,
Daisy Zhou
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 42%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 62%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDZ%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)