question

FernandoFerrari-5770 avatar image
0 Votes"
FernandoFerrari-5770 asked DSPatrick commented

Migrating DC Server 2012 to 2016

Hi, I'm having problems migrating a DC with server 2012 to Server 2016.
I followed the steps mentioned in https://social.msdn.microsoft.com/Forums/en-US/91e3213e-36ec-48c1-bbc9-8a6694df6e5b/need-help-understanding-the-proper-steps-when-migrating-from-a-server-2012-dc-to-a-server-2016-dc?forum=winservergen

 Deploy a 2016 Domain controller (as Global Catalog) in your environment
 Do a DCDIAG health check after deploying
 Check if replication is working properly using repadmin /showrepl and repadmin /replsum
 Change all DHCP scopes to use the new domain controller as a secondary DNS server
 Change all static IP configuration for all your servers to use the new domain controller as a secondary DNS server
 Inform all teams to make sure that all services use the new DC as a secondary DNS server
 Transfer all FSMO roles to the new domain controller
 Check DCDIAG and replication again and make sure everything is working as expected
 Decommission the 2012R2 Domain controller
 Before proceeding further, make sure that there are no traces left at all from the old DC in DNS (Check carefully)
 After that you can go ahead and change the IP address of the Domain Controller (You can follow this link - It is quite simple)
 Upgrade the domain functional level to 2016

My problem starts with dcdiag, in the new server, advertising, sysvol and netlogon test are not passed.
First, I do this fix : https://www.youtube.com/watch?v=iimNEeSp1is&t=264s
Now, I can see sysvol folder shared on the new DC, but no netlogon and no replication.
So after searching, I found and did this fix :
https://www.checkyourlogs.net/how-to-fix-missing-sysvol-and-netlogon-share-and-replication-issues-on-new-domain-controller-at-azure/
Now, I can see netlogon share also, but when I check the sysvol folder no replication is made.
repadmin /showrepl and repadmin /replsum shows everything is ok.
Dcdiag in the old 2012 shows everything is ok.
Primary dns in dc01 is dc02 and secondary is itself , same as the dc02.
Any clue? thanks!

windows-server-2016windows-server-2012
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered FernandoFerrari-5770 commented

Some general info

The prerequisite before introducing the first 2016 domain controller: domain functional level needs to be 2003 or higher

I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2019, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one.

As to missing sysvol / netlogon shares you can follow along here.
FRS
https://docs.microsoft.com/en-us/troubleshoot/windows-server/group-policy/missing-sysvol-and-netlogon-shares

DFSR
https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/troubleshoot-missing-sysvol-and-netlogon-shares


--please don't forget to upvote and Accept as answer if the reply is helpful--








· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi DSPatrick , thanks for the response.
Before I promoted the 2016 DC, i checked dcdiag and all tests were passed. The domain functional level is 2012.
I checked the docs you quote and did the steps but the problem persists with the Sysvol Replication.
Right now Dcdiag results are all passed, the only problem i see is the replication of sysvol.
Can i transfer the FSMO roles if the replication is not working ? I need to demote 2012 server because its hardware is failing

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered DSPatrick commented

Assuming health was 100% it all should have gone without a hitch. If it were me I decommission / demote the new one, do cleanup if needed to remove remnants.
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup
https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-controller-server/ba-p/280564

then check health again is 100% and that system event logs and event logs related to replication are free of errors. Then try again following the steps I outlined above.

--please don't forget to upvote and Accept as answer if the reply is helpful--





· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--



0 Votes 0 ·