Migrating DC Server 2012 to 2016

Fernando Ferrari 1 Reputation point
2021-10-26T23:26:40.937+00:00

Hi, I'm having problems migrating a DC with server 2012 to Server 2016.
I followed the steps mentioned in https://social.msdn.microsoft.com/Forums/en-US/91e3213e-36ec-48c1-bbc9-8a6694df6e5b/need-help-understanding-the-proper-steps-when-migrating-from-a-server-2012-dc-to-a-server-2016-dc?forum=winservergen

Deploy a 2016 Domain controller (as Global Catalog) in your environment
Do a DCDIAG health check after deploying
Check if replication is working properly using repadmin /showrepl and repadmin /replsum
Change all DHCP scopes to use the new domain controller as a secondary DNS server
Change all static IP configuration for all your servers to use the new domain controller as a secondary DNS server
Inform all teams to make sure that all services use the new DC as a secondary DNS server
Transfer all FSMO roles to the new domain controller
Check DCDIAG and replication again and make sure everything is working as expected
Decommission the 2012R2 Domain controller
Before proceeding further, make sure that there are no traces left at all from the old DC in DNS (Check carefully)
After that you can go ahead and change the IP address of the Domain Controller (You can follow this link - It is quite simple)
Upgrade the domain functional level to 2016

My problem starts with dcdiag, in the new server, advertising, sysvol and netlogon test are not passed.
First, I do this fix : https://www.youtube.com/watch?v=iimNEeSp1is&t=264s
Now, I can see sysvol folder shared on the new DC, but no netlogon and no replication.
So after searching, I found and did this fix :
https://www.checkyourlogs.net/how-to-fix-missing-sysvol-and-netlogon-share-and-replication-issues-on-new-domain-controller-at-azure/
Now, I can see netlogon share also, but when I check the sysvol folder no replication is made.
repadmin /showrepl and repadmin /replsum shows everything is ok.
Dcdiag in the old 2012 shows everything is ok.
Primary dns in dc01 is dc02 and secondary is itself , same as the dc02.
Any clue? thanks!

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,348 questions
Windows Server 2012
Windows Server 2012
A Microsoft server operating system that supports enterprise-level management, data storage, applications, and communications.
1,519 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Dave Patrick 425.7K Reputation points MVP
    2021-10-26T23:43:06.967+00:00

    Some general info

    The prerequisite before introducing the first 2016 domain controller: domain functional level needs to be 2003 or higher

    I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2019, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one.

    As to missing sysvol / netlogon shares you can follow along here.
    FRS
    https://learn.microsoft.com/en-us/troubleshoot/windows-server/group-policy/missing-sysvol-and-netlogon-shares

    DFSR
    https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/troubleshoot-missing-sysvol-and-netlogon-shares

    --please don't forget to upvote and Accept as answer if the reply is helpful--


  2. Dave Patrick 425.7K Reputation points MVP
    2021-10-27T02:37:06.75+00:00

    Assuming health was 100% it all should have gone without a hitch. If it were me I decommission / demote the new one, do cleanup if needed to remove remnants.
    https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup
    https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-controller-server/ba-p/280564

    then check health again is 100% and that system event logs and event logs related to replication are free of errors. Then try again following the steps I outlined above.

    --please don't forget to upvote and Accept as answer if the reply is helpful--