Microsoft
MicrosoftGreat guide. There is more to add:
- use Server Core Installation Option for your new Server. You don't need a GUI. Thank me later.
- don't run other roles but ADDS and DNS on this VM.
- you no longer need hardware ADDS. Not even for modern Cluster Services.
- update your DFS level, configure and use FQDN only
- consider to avoid SMB1 use (basically only needed if have pre 2008 / Vista connections to sysvol.
- don't forget to upgrade your DNS forward and reverse zones to support lastest version. Many will be still in 2000 Mode.
- check your site and services and mirror all networks in DNS reverse lookup zones
- consider DNS secure updates only
- consider DHCP proxy updates for Linux, MFPs and other OSes
- consider ADBA and VAMT (ADK) over KMS host
- make yourself familiar to use Active Directory Administrative Center (DSAC), Server Manager and Windows Admin Center
- avoid RDP and local login to ADDS Servers
- get rid of login scripts where possible, replace by GPOs
- migrate off old ADM based GPOs
- backup and update ADMX templates regularly
- consider to use the lastest AD functional level and forest level if possible
- activate AD recycle bin
- cleanup old dfs and ADCS remains
- change passwords of all critical Accounts (could be same password) after upgrading the AD level to 2008R2 or later use a more secure hash for the password.
And many more...
