Decommissioning Essentials 2012 server, replacing with 2022 - final steps before remove old AD role?

Question

Hi folks,&nbsp;Had another post on this where SYSVOL and NETLOGON weren't working.. figured it out..&nbsp;I confirmed DFS was definitely in use.I've migrated the FSMO roles to the new server.I've updated the PDC emulator to the new server.I removed the certificate service (as I understand it's not needed given I'm not using all the web fluff of old Essentials, and new one doesn't have it) - but I did back it up.&nbsp;Is there anything else I need to do?... or just remove the AD role on the old server?

adfhogan · Answer

Ok.. thus far, no responses from anyone else.. so right now, before I remove the old Essentials 2012 server, I'm examining the output of "dcdiag /v /c /f:..." on both servers, comparing them, looking for errors, and for traces of the old DC in the new DC's output (where it's therefore likely the old DC is still primarily responsible).

Eg. I found the domain master was still set to the old one

Hopefully once the new DC doesn't refer to the old DC for anything (besides it just being a member of the domain), it'll then be safe to remove, but some confirmation would be nice if there's something else I need to check.

Yes, I'm aware, in a perfect world, that a network would have at least two DCs, they'd be virtualised etc.. This is a small office, with a single server, using an Essentials license.

adfhogan · Answer

Ok.. I think I've cleared everything that appeared in dcdiag.. I noticed when I went to remove the roles, that it was complaining about Global Catalog. I manually disabled GC on the old DC after confirming new DC's had GC all along.. that removed complaint about GC, leaving DNS server. Have confirmed that new DC has DNS server as well.

adfhogan · Answer

Ok.. DC is demoted.. saw a few errors in logs.. went and removed references to old DC in DNS (switching to new DC where only a single value, removing old DC where two options listing both).. re-ran DCDIAG..

It seems only remaining potential issues:

DCOM errors in dcdiag output about trying to reach old DC (what would these be about?)
Potential issues around DFSR on SYSVOL and NETLOGON (do I need to do anything there?)

To be clear, I demoted the DC through removing the role in the Server Manager (rather than forcing it as if it were no longer available).

l_youtell_974 · Answer

hello ADFHogan, i saw your post and i think, i may be able to save your day. When you migrate your AD to a new version, sometime the migration doesn't work perfectly but you don't have any warning. Everything work except for the netlogon, sysvol, GPO ....You have to finish everything by hand.For the netlogon and sysvol follow the link belowhttps://thesysadminchannel.com/solved-sysvol-and-netlogon-shares-missing-2016-2019-domain-controller/For DFSR you have to follow the link belowhttps://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/forest-recovery-guide/ad-forest-recovery-authoritative-recovery-sysvolI hope the link help.

adfhogan · Answer

Thanks, L_Youtell_974..I think I'm going to need to look at the DFSR stuff as it's popped up. Hopefully if I fix it before it tombstones,, I won't have problems with netlogon and sysvol again.

Forum Discussion

Decommissioning Essentials 2012 server, replacing with 2022 - final steps before remove old AD role?

6 Replies

Resources