Share via

Windows Server 2016 Domain Controller Promotion

raj a 316 Reputation points
2021-09-13T17:10:24.923+00:00

Hello,

Greetings.

We have an Active Directory environment with couple of Windows Server 2008 R2 Domain Controllers.

We want to introduce\add Windows Server 2016 in the environment & promote it as a Domain Controller\DNS.

Can anyone please guide us with steps required to perform before promoting windows Server 2016 server as a Domain Controller\DNS?

Also will there be any impact with existing applications in the environment once we promote windows Server 2016 as a DC\DNS & remove windows server 2008 DCs from environment? (We will point all apps\servers to New DNS servers)

Thanks Much.

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
0 comments
Accepted answer
  1. Anonymous
    2021-09-13T17:15:56.04+00:00

    The prerequisite before introducing the first 2016 domain controller: domain functional level needs to be 2003 or higher

    I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2016, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Philippe Levesque 5,836 Reputation points
    2021-09-13T17:27:33.79+00:00

    Hi, adding to DSPatrick, if your domain is older, created pre 2008R2, you might need to migrate FRS to DFS for the SYSVOL.

    Except that it's pretty straightforward with the Add Role feature. If you want to be sure start the wizard, and the prereq will be listed if you have some to do.

    For the impact, usually it's transparent, but just be sure your AD is healthy, like DSPatrick state.

    Thanks

  2. Limitless Technology 39,931 Reputation points
    2021-09-14T07:30:21.98+00:00

    Hello Raja,

    The operation is very straight forward and if the health of the domain controllers is ok, the process should be seamless for the experience of your environment.

    1. Health check of existing domain server:Use dcdiag and repadmin to check on the health status and AD replication status on your DCs.
    2. install new server 2016 on new machine
    3. join with existing domain
    4. install active directory services on 2016 server (after this, you may decide to run manually adprep /schemaprep and adprep /domainprep on the WS 2016 to have more visibility and control over the FFL and DFL upgrade)
    5. run dcpromo to configure as additional domain controller (this would also elevate the FFL and DFL in case you haven't done it manually)
    6. make it GC
    7. transfer FSMO roles and PDC
    8. run health check
    9. decommission old if all the checks and replication is correct.

    You can find some useful guides here: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/upgrade-domain-controllers

    Hope this helps you,
    Best regards,

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.