![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 16%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHX%3C/text%3E%3C/svg%3E)
Active Directory
A set of directory-based technologies included in Windows Server.
5,908 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 62%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDZ%3C/text%3E%3C/svg%3E)
Hello martinenko_Edward,
Thank you for posting here.
Here are the answers for our questions.
As I understand, we want to migrate an existing DC (windows server 2012) to a new server (windows server 2016), not reconfigure a new domain.
Q1: How do I create a new DC without the need to manually reconnect each and every client to "new domain". It seems to me that the new domain should have a new UUID even if it has the same name as the previous one? What is the industry standard way to do it? Do I need to migrate from the old server to a new one? Or isn't it enough just to migrate, and I have to add a new DC to an existing forest.
A1: For migrating an existing DC (windows server 2012) to a new server (windows server 2016), usually we add a new DC to an existing domain. Though we can perform in-place upgrade operating system from Windows server 2012 to Windows server 2016, but this method is not recommended.
Q2: What are the instruments to migrate - DNS, DHCP, GPO, and Active Directory itself? Is there a way to migrate it selectively? so wrong settings from the previous DC won't go to a new one?
A2: Before we do any change in existing AD domain environment, we had better do:
1.Check if AD environment is healthy. Check all DCs in this domain is working fine by running Dcdiag /v on every DC.
Check if AD replication works properly by running repadmin /showrepl and repadmin /replsum on every DC.
2.Back up all domain controllers.
For migrating an existing DC (windows server 2012) to a new server (windows server 2016), usually, the recommended way is as below:
1.Join a new Windows server 2016 to existing domain.
Set the IP address and preferred DNS of this Windows server 2016.
Join a new Windows server 2016 to existing domain
2.Install AD DS role and DNS role on this Windows server 2016 and promote this server as a DC (also as a GC).
3.Check if AD environment is healthy again.
4.Migrate DHCP or reconfigure DHCP on this new 2016 DC.
How to Migrate DHCP from Windows Server 2008 to 2012/2016
https://brycematheson.io/how-to-migrate-dhcp-from-windows-server-2008-to-2012-2016/
How to Migrate DHCP from Windows Server 2012 R2 to Server 2016
https://www.faqforge.com/windows-server-2016/migrate-dhcp-windows-server-2012-r2-server-2016/
5.If AD environment is running fine, we can transfer FSMO roles to new 2016 DC if needed.
Demote old DC if needed after transferring FSMO roles. Before we demote 2012 DC, we should also check:
If the removed DC was a DNS server, update the DNS client configuration on all member workstations, member servers, and other DCs that might have used this DNS server for name resolution. If it is required, modify the DHCP scope to reflect the removal of the DNS server.
If the removed DC was a DNS server, update the Forwarder settings and the Delegation settings on any other DNS servers that might have pointed to the removed DC for name resolution.
We can migrate them selectively:
1.Migrate AD DS role and GPO only (we must migrate AD DS role and GPO together). All DCs and GPO configurations are replicated between DCs in the same domain, so if we add another DC in the existing domain, after AD replication is complete, all DCs and GPOs are synchronous. If there is any issue about AD itself or GPO, we should fix it before migration.
2.Migrate DNS only. AD-integrated DNS is replicated between DC (DNS) servers in the same domain, so if we add another DNS (DC) in the existing domain, after AD replication is complete, all DNS (DC) are synchronous. If there is any issue about DNS, we should fix it before migration.
3.Migrate DHCP only. If there is any issue about DHCP, we can reconfigure it on new DC instead of exporting data from old DHCP and importing date to new DHCP.
4.If we have other roles on this 2012 DC, we should also migrate these roles if needed.
Q3: How do I properly install a new DC with a minimum downtime? Is there a proper way?
A3: We should install new DC during downtime (not working time), so that if there is any issue we will have time to fix it.
For more information about install DC, we can refer to the link below.
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/install-a-new-windows-server-2012-active-directory-forest--level-200-
Q4: Is there a way to forcefully reset DHCP and renew DNS on all of the clients?
A4:
Reset DHCP
If there is any issue about DHCP, we can reconfigure it on new DC instead of exporting data from old DHCP and importing date to new DHCP.
Renew DNS on all of the clients
Method 1
Usually, if we have more than two DCs in our domain, we can keep the same IP address and hostname for new DC as the old one. Then we do not need to renew DNS on all of the clients.
If we want to use same hostname and IP for new 2016 DC , as the old DC that we need migrate (such as DC1) during DC migration.
- Check AD health and transfer fsmo roles from one DC that we need migrate (such as DC1) to another DC.
- Demote DC1 and shutdown.
- Delete the computer object from AD.
- Change the hostname and IP address of 2016 , same as DC1 and join to domain.
- Promote the win2016 server as DC (DNS server and GC server) and monitor health status.
- Transfer fsmo roles to new win2016 DC if needed.
Method 2
If we only have one DC in existing domain, the hostname and P address for new DC is changed, we can update DNS with PS script via GPO.
https://www.jorgebernhardt.com/how-to-set-dns-server-addresses-with-set-dnsclientserveraddress/
https://devblogs.microsoft.com/scripting/powertip-use-powershell-to-set-primary-and-secondary-dns-server-addresses/
If anything is unclear, please feel free to let us know.
Best Regards,
Daisy Zhou
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 57.99999999999999%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAF%3C/text%3E%3C/svg%3E)