This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 57.99999999999999%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECS%3C/text%3E%3C/svg%3E)
Hi,
We need to add a 2019 DC to our domain and then remove the 2012 DC. What checks should be performed before doing it? We have already migrated FRS to DFSR. 2012 DC is also a DHCP Server.
Thanks.
That's possible. You could follow-up with this one.
https://support.microsoft.com/en-us/topic/kb5008380-authentication-updates-cve-2021-42287-9dafac11-e0d0-4cb8-959a-143bd0201041
as far as adding the new domain controller I don't see this as an issue.
--please don't forget to upvote and Accept as answer if the reply is helpful--
Just checking if there's any progress or updates?
--please don't forget to upvote and Accept as answer if the reply is helpful--
I'd check dcdiag reports no errors, and that replication is successful. This tool can be helpful
https://www.microsoft.com/en-us/download/details.aspx?id=30005
also check the event logs are clear of new errors since last boot.
--please don't forget to upvote and Accept as answer if the reply is helpful--
All tests passed with no errors except the below shown by dcdiag. I believe it is related to a security update?
The Key Distribution Center (KDC) encountered a ticket that did not
contain information about the account that requested the ticket while processing a request for another ticket. This prevented security checks from running and could open security vulnerabilities. See https://go.microsoft.com/fwlink/?linkid=
2173051 to learn more.
The event log should provide more details about the issue. Also some info here.
https://support.microsoft.com/en-us/topic/kb5008380-authentication-updates-cve-2021-42287-9dafac11-e0d0-4cb8-959a-143bd0201041
as to adding the new DC if this is all there was it should be fine to proceed.
--please don't forget to upvote and Accept as answer if the reply is helpful--
This is shown for many domain users in DC event log.
The Key Distribution Center (KDC) encountered a ticket that did not contain information about the account that requested the ticket while processing a request for another ticket. This prevented security checks from running and could open security vulnerabilities. See https://go.microsoft.com/fwlink/?linkid=2173051 to learn more.
Ticket PAC constructed by: DC1
Client: domain.com\domainuser
Ticket for: krbtgt
Please post the event source and event log IDs