Migration plan of AD services from SBS 2011 to WinSrv 2022

Question

Hello there,

I've got following AD migration use case.
btw. This thread refers to other question ( https://learn.microsoft.com/en-us/answers/questions/797870/migrating-win-2011-sbs-to-win-2022-std.html ) for interested users.

There are two Domain Controller:

• Windows SBS 2011 Standard (PDC; FSMO roles and File Server role(in this case is negligible))
• Windows Server 2012 Standard

DomainMode : Windows2003Domain
ForestMode : Windows2003Forest

Overall Goal:

1. tranfer FSMO roles to new machne (Windows Server 2022 Standard)
2. complete deletation of deprecated the SBS machine

There is one more requirement/restriction - new PDC probably will need to have the same name (hostname) as current PDC (SBS machine).

I'm wondering, how best to perform all actions?

How do you perform described above AD migration?

Thank you in advance for your constructive suggestions.
Obviously, I am counting on @Dave Patrick :)

Best Regards,
AErot

Answer 1

one more requirement/restriction - new PDC probably will need to have the same name (hostname)

This just means you want to move roles off and demote, remove from network one at a time. So transfer the fsmo roles from SBS to 2012, decommission and remove from network the SBS following below guidance.

The two prerequisites to introducing the first 2019 or 2022 domain controller are that domain functional level needs to be 2008 or higher and older sysvol FRS replication needs to have been migrated to DFSR
https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Streamlined-Migration-of-FRS-to-DFSR-SYSVOL/ba-p/425405

I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2019 or 2022, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one.

--please don't forget to upvote and Accept as answer if the reply is helpful--

Answer 2

1. Yes the two prerequisites to introducing the first 2019 or 2022 domain controller are that domain functional level needs to be 2008 or higher and older sysvol FRS replication needs to have been migrated to DFSR
   https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Streamlined-Migration-of-FRS-to-DFSR-SYSVOL/ba-p/425405
2. I'd start a new thread here about the exchange concerns. https://learn.microsoft.com/en-us/answers/topics/46490/office-exchange-server-administration.html
3. I'd start a new thread here about the certificate concerns. https://learn.microsoft.com/en-us/answers/topics/46447/windows-server-security.html

--please don't forget to upvote and Accept as answer if the reply is helpful--

Answer 3

Hello @Dave Patrick

Thank you for your response.

I must ask you about several things regard to AD migration:

1) Do I need to do any pre/post-migration actions related with GPO policies? One of pre-action is migrating of FRS to DFSR sysvol.
2) Should I be worried about Exchange Server? Do I need to do any pre/post-migration actions?
3) Active Directory Certificate Services - this service is installed on SBS machine. I assume it needs to be migrated too. Do this article looks good? ( https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-migrating-the-active-directory-certificate-service/ba-p/697674 )

Best Regards,
AErot