cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
How to Migrate Active Directory from Windows Server 2012 R2 to 2019
By
Dishan_Francis
Published Jul 30 2019 06:20 AM 162K Views
Dishan_Francis
Iron Contributor
‎Jul 30 2019 06:20 AM

How to Migrate Active Directory from Windows Server 2012 R2 to 2019

‎Jul 30 2019 06:20 AM

Windows Server 2019 was available for public (GA) from early October 2018. In past I have written many articles about domain migrations by covering different Active Directory versions. So, it is time me to write about AD 2019 migrations. In this demo I am going to demonstrate how to migrate from Active Directory 2012 R2 to Active Directory 2019. The same procedure is going to apply for any AD version from Windows Server 2008.  

 

Migration itself is very straight forward task, however, there are other things you need to consider before you do an AD migration. I have listed a checklist below you can use in many occasions.

 

  • Evaluate business requirement for active directory migration
  • Perform Audit on Existing Active Directory Infrastructure
  • Provide Plan for implementation Process
  • Prepare Physical / Virtual resources for Domain Controller
  • Install Windows server 2019 Standard / Datacenter
  • Patch Servers with latest Windows Updates
  • Assign Dedicate IP address to Domain Controller
  • Install AD DS Role
  • Migrate Application and Server Roles from the Existing Domain Controllers.
  • Migrate FSMO roles to new Domain Controllers
  • Add New Domain controllers to the Existing Monitoring system
  • Add New Domain controllers to the Existing DR Solution
  • Decommission old domain controllers
  • Raise the Domain and Forest Functional level
  • On Going Maintenance

AD.png

As per the above figure therebeladmin.com domain has two domain controllers.  In here, the FSMO role holder is running windows server 2012 R2. Domain and forest functional level currently operating at Windows server 2012 R2. A new domain controller with Windows server 2019 will be introduce and it will be the new FSMO role holder for the domain. once FSMO role migration completed, Domain controller running windows server 2012 R2 will be decommissioned. After that forest and domain function level will raised to the windows server 2019.

 

In the demonstration, REBEL-DC2012 is the domain controller with windows server 2012 R2 and REBEL-DC2016 is the domain controller with windows server 2019.

 

Note – When you introduce new domain controllers to the existing infrastructure it is recommended to introduce to the forest root level first and then go to the domain tree levels.

 

2019d1.png

  • Log in to the Server 2019 as a member of local administrators group.
  • Add server to the existing domain as member

2019d2.png

 

  • After restart, log in to the server as Enterprise Administrator
  • Assign static IP address to the server
  • Launch the PowerShell Console as an Administrator
  • Before the configuration process, we need to install the AD DS Role in the given server. In order to do that we can use Following command.

Install-WindowsFeature –Name AD-Domain-Services -IncludeManagementTools

 

2019d3.png

  • Configure the new server as additional domain controller.

 Install-ADDSDomainController

-CreateDnsDelegation:$false

-NoGlobalCatalog:$true

-InstallDns:$true

-DomainName "therebeladmin.com"

-SiteName "Default-First-Site-Name"

-ReplicationSourceDC "REBEL-DC2012.therebeladmin.com"

-DatabasePath "C:\Windows\NTDS"

-LogPath "C:\Windows\NTDS"

-NoRebootOnCompletion:$true

-SysvolPath "C:\Windows\SYSVOL"

-Force:$true

 

2019d4.png 

There are no line breaks for the command and I have listed it as above to allow readers to identify on the parameters clearly.

 

Argument

Description

Install-ADDSDomainController

This cmdlet will install the domain controller in active directory infrastructure.

-NoGlobalCatalog

If you do not need to create the domain controller as global catalog server, this parameter can use. By default, system will enable global catalog feature.

-SiteName

This Parameter can use to define the active directory site name.  the default value is Default-First-Site-Name

-DomainName

This parameter defines the FQDN for the active directory domain.

-ReplicationSourceDC

Using this parameter can define the active directory replication source. By default, it will use any available domain controller. But if need we can be specific.

 

Once execute the command it will ask for SafeModeAdministrator Password. Please use complex password to proceed. This will be used for DSRM.

 

  • After configuration completed, restart the system and log back in as administrator to check the AD DS status.

Get-Service adws,kdc,netlogon,dns

 

2019d5.png

 

Will confirm the status of the AD DS service.

 

Get-ADDomainController -Filter * |  Format-Table Name, IPv4Address, Site

 

2019d6.png

 

Will list down the domain controllers along with the IP address and Sites it belongs to.

 

  • Migrate all five FSMO roles to the New domain controller using following command,

Move-ADDirectoryServerOperationMasterRole -Identity REBEL-DC2019 -OperationMasterRole SchemaMaster, DomainNamingMaster, PDCEmulator, RIDMaster, InfrastructureMaster

 

In above the REBEL-DC2019 is domain controller running with Windows Server 2019.

 

2019d7.png

 

Once its completed, we can verify the new FSMO role holder using

 

Netdom query fsmo

 

2019d8.png

 

  • The new step of the process is to decommission the old windows domain controller which running with Windows Server 2012 R2. To do that execute the following command as enterprise administrator from the relevant DC.

 

Uninstall-ADDSDomainController -DemoteOperationMasterRole -RemoveApplicationPartition

 

After execute the command it will ask to define password for the local administrator account.

 

2019d9.png

Once its completed it will be a member server of the rebeladmin.com domain.

 

  • Next step is to raise the domain and forest functional level to windows server 2019. To do that can use the following commands.

 

To upgrade domain functional levels

 

Set-ADDomainMode –identity therebeladmin.com -DomainMode Windows2016Domain

 

                To upgrade forest function levels

 

Set-ADForestMode -Identity therebeladmin.com -ForestMode Windows2016Forest

 

2019d10.png

Note – With Windows Server 2019, there is no domain or forest functional level called windows2019. It is still 2016.

Now we have completed the migration from AD DS 2012R2 to AD DS 2019. Same steps apply when migrate from windows server 2008, Windows server 2008 R2, Windows server 2012 & Windows server 2016.

  • After the migration completes, we still need to verify if its completes successfully.

 Get-ADDomain | fl Name,DomainMode

 

This command will show the current Domain functional level of the domain after the migration.

 

Get-ADForest | fl Name,ForestMode

 

Above command will show the current forest functional level of the domain.

 

2019d11.png

 

12 Comments
decio_ferreira
Copper Contributor
‎Jul 30 2019 12:41 PM
‎Jul 30 2019 12:41 PM

Interesting exercise too. Here at the company we are adopting the poweshell cmdlets to perform daily activities and it is very nice to see them doing advanced activities like this :)

0 Likes
Like
CNG-DRP
Copper Contributor
‎Jul 30 2019 05:35 PM
‎Jul 30 2019 05:35 PM

Need to ensure you have migrated your FRS replication to DFS-R replication as well otherwise you will get an error when promoting the 2019 Server to a DC....

John Doe
Brass Contributor
‎Aug 04 2019 07:54 AM
‎Aug 04 2019 07:54 AM

Interesting how you did all of this in PowerShell but didn't use PowerShell cmdlets for finding the Operations Master roles. It obviously works, but for consistency/modern scripting purposes, you may want to use the following 2 cmdlets to replace "netdom query fsmo":

 

Get-ADForest | select SchemaMaster,DomainNamingMaster | fl; Get-ADDomain | select PDCEmulator,RIDMaster,InfrastructureMaster | fl

Great post, Dishan. Thanks for sharing!

Ugonzalez7
Copper Contributor
‎Dec 12 2019 12:06 PM
‎Dec 12 2019 12:06 PM

CNG-DRP that is the problem that I ran into.  I currently have my Domain controllers in 2012 r2. I have demoted one of the servers but I'm afraid by migrating the FRS to DFS-R will cause a problem between my old domain controllers replicating.  Do you know if DFS-R replication works on server 2012 r2?

0 Likes
Like
DaBoomer
Copper Contributor
‎Mar 06 2020 02:45 PM
‎Mar 06 2020 02:45 PM

In a small business environment, if I add a 2019 DC to a 2012 AD and promote the 2019 to PDC, but then leave the 2012 domain controller running as a secondary DC (better two DCs at 2012 function level than one DC at 2019 at least until another 2019 server is purchased), could I just demote the 2012 dc but leave it as a domain controller?

musospuso
Copper Contributor
‎Mar 24 2020 12:49 PM
‎Mar 24 2020 12:49 PM


@DaBoomer Your suggestion would also be my inclination. Wouldn't it even be possible to upgrade the 2012 R2 server to 2019?

0 Likes
Like
RajaeNajjar
Copper Contributor
‎Jun 09 2020 07:06 AM
‎Jun 09 2020 07:06 AM

Thank you Dear..!

 

The above setup we can do it for the Primary Domain, so what if I have other 2 additional AD Servers at other branches?

 

Pls advise?

 

0 Likes
Like
Chriss60
Copper Contributor
‎Sep 12 2020 03:19 AM
‎Sep 12 2020 03:19 AM

After Migrating my 2012 R2 Server to 2019 I have a couple of issues:

 

c:\users\administrator.PR> dcdiag /q
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL
replication problems may cause Group Policy problems.
......................... PRDC failed test DFSREvent
An error event occurred. EventID: 0xC0000466
Time Generated: 09/12/2020 10:54:40
Event String:
Active Directory Domain Services was unable to establish a connection with the global catalog.
......................... PRDC failed test KccEvent
An error event occurred. EventID: 0xC0040038
Time Generated: 09/12/2020 10:53:52
EvtFormatMessage failed, error 15027 The message resource is present but the message was not found in the message table..
(Event String (event log = System) could not be retrieved, error 0x3ab3)
......................... PRDC failed test SystemLog
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
......................... mydomain.co.uk failed test LocatorCheck

 

Appreciate any ideas on how to fix these ?

0 Likes
Like
MahdiEslami
Copper Contributor
‎Jan 18 2021 05:16 PM
‎Jan 18 2021 05:16 PM

Which Version of  Windows server is recommended to upgrade ADDS  from  Windows Server 2012 R2 to?

Windows Server 2019 LTSC

or

Windows Server   SAC   version?    Windows Server, version 20H2 (Semi-Annual Channel)

 

https://docs.microsoft.com/en-us/windows-server/get-started/windows-server-release-info

 

 

 

0 Likes
Like
Pri77y
Copper Contributor
‎Feb 23 2022 12:24 AM
‎Feb 23 2022 12:24 AM

Hello,

Thanks for this great article.

I'm going on this migration soon and I've seen something that is missing here and I'm not sure it is necessary to do.

I've seen that other people prepare the schema before promoting the first W2k19 in the domain.

They use adprep from the sources of the OS install media to do so.

On your guide you don't talk about it....

Is it mandatory to prepare the schema or the fact to promote a W2k19 server will do the job at the same time?

 

Thanks in advance for your kind reply.

0 Likes
Like
RajeshRRRR
Copper Contributor
‎Oct 11 2022 06:50 AM
‎Oct 11 2022 06:50 AM

Hi Dishan

 

Thanks, for the Step I am performing this activity very soon.

 

Rajesh

 

0 Likes
Like
vsp_cloud
Copper Contributor
‎Mar 05 2024 04:52 PM
‎Mar 05 2024 04:52 PM

Hi,

 

Can I upgrade the AD Server from 2012 R2 Datacenter to Server 2022 Standard without any conflict or incompatibility?

 

Thank you,

VSP

0 Likes
Like
Co-Authors
Version history
Last update:
‎Apr 27 2021 07:34 AM
Updated by: