This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 16%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
I'm trying to make sure i have the proper understanding of how to proceed with this migration.
Currently our old DC also (incorrectly) has DHCP, CA, and Print Services /management.
So not only do most static machines already have a dns entry that points to the old DC server, but i have this mess of services that need to go elsewhere.
Its my understanding from going from 08 to 12 way back when, i just need to move the (5?) ad roles to the new member server? I thought i read something about FSR sysvol issues as well?
Beyond this, once they are on the new 2019 server, i guess i just run the domain and forest upgrades to 2019 level after the fact?
Is there some way to avoid changing the dns ip of the new dc? How messy is it to transfer roles from the old, shut down old, then change the new's ip address back to what the old one had? THis way no static hardware or vm's need their dns entry changed?
Final question is that another server also does ad sync with office 365, i assume thats tied directly to AD and not the name of the old dc specifically ? (I cant find the setting to show otherwise)
Is it also best to have a second DC server? If so which roles do i assign/split, in the past i had some issues with splitting this up.
Any thoughts on all of this? As of now i have a new DC called for this example.. VSDC21 and a new server called VSServices21 (for CA/DHCP, print)
Thanks in advance
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Yes, that should be enough as far as active directory is concerned. After cleanup dcdiag should return clean.
--please don't forget to upvote and Accept as answer if the reply is helpful--
The two prerequisites to introducing the first 2019 or 2022 domain controller are that domain functional level needs to be 2008 or higher and older sysvol FRS replication needs to have been migrated to DFSR
https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Streamlined-Migration-of-FRS-to-DFSR-SYSVOL/ba-p/425405
I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2019 or 2022, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one, then re-ip if needed.
Yes, at least two domain controllers are always recommended for high availability and disaster mitigation. You can split roles if desired but there's really no need for this.
The product group for Office 365 actively monitors questions over at
https://techcommunity.microsoft.com/t5/office-365/ct-p/Office365
--please don't forget to upvote and Accept as answer if the reply is helpful--
Just checking if there's any progress or updates?
--please don't forget to upvote and Accept as answer if the reply is helpful--
Thanks for these tips.
I ran dcdiag, im seeing gpo install errors, but i think they are non critical (from an old package that is remnant in gpo).
So im pretty sure at this point im at 2012 domain/forest level.
I guess i need to do that sysvol frs migration to DFSR, would that happen BEFORE moving any services to 2022 on the new DC?
Any concerns on down times
After that on the DC promo stuff for the new 2022 dc, how is that i dont need to transfer fsmo roles over or the pdc emulator role over? Wouldnt those have to go at first to the new DC?
And on a second DC, not splitting roles, which would the second one have, just another GC?
As far as the remaining things i had on the original old dc, CA/Printers/DHCP, i guess dhcp is easy to move, unsure on the CA part, that concerns me. Ill have the new server called vsservices21 for these and i'm assuming i can just move those over Before doing any of the above steps (basically step 1)?
I guess i need to do that sysvol frs migration to DFSR, would that happen BEFORE moving any services to 2022 on the new DC? Any concerns on down times
No downtime.
After that on the DC promo stuff for the new 2022 dc, how is that i dont need to transfer fsmo roles over or the pdc emulator role over? Wouldnt those have to go at first to the new DC?
The FSMO roles can be on any domain controller.
And on a second DC, not splitting roles, which would the second one have, just another GC?
Yes, I'd make it a GC
For the CA migration you can follow along here
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn486805(v%3Dws.11)
and also ask for more specifics here
https://learn.microsoft.com/en-us/answers/topics/46447/windows-server-security.html
--please don't forget to upvote and Accept as answer if the reply is helpful--
Just checking if there's any progress or updates?
--please don't forget to upvote and Accept as answer if the reply is helpful--
Ok thanks for all the above info, so this is my generic summary, just double checking again, i can do the frs to dfsr migration first and it can sit for a day or more post migration as is till i get to the other steps without harm?
Does my overall plan seem accurate? Do i have the CA migration in the right order, ie: dont migrate until AFTER i have the new DC fully in operation and roles transferred or can it occur before?
I'm also unsure on the timing of moving the old dns ip on the old dc to the new dc (if thats the right spot in the timeline) to minimize any dns downtime