Decommissioning Essentials 2012 server, replacing with 2022 - final steps before remove old AD role?

Copper Contributor

Hi folks,

 

Had another post on this where SYSVOL and NETLOGON weren't working.. figured it out..

 

I confirmed DFS was definitely in use.

I've migrated the FSMO roles to the new server.

I've updated the PDC emulator to the new server.

I removed the certificate service (as I understand it's not needed given I'm not using all the web fluff of old Essentials, and new one doesn't have it) - but I did back it up.

 

Is there anything else I need to do?

... or just remove the AD role on the old server?

6 Replies

Ok.. thus far, no responses from anyone else.. so right now, before I remove the old Essentials 2012 server, I'm examining the output of "dcdiag /v /c /f:..." on both servers, comparing them, looking for errors, and for traces of the old DC in the new DC's output (where it's therefore likely the old DC is still primarily responsible).

 

Eg. I found the domain master was still set to the old one

 

Hopefully once the new DC doesn't refer to the old DC for anything (besides it just being a member of the domain), it'll then be safe to remove, but some confirmation would be nice if there's something else I need to check.

 

Yes, I'm aware, in a perfect world, that a network would have at least two DCs, they'd be virtualised etc.. This is a small office, with a single server, using an Essentials license.

Ok.. I think I've cleared everything that appeared in dcdiag.. I noticed when I went to remove the roles, that it was complaining about Global Catalog. I manually disabled GC on the old DC after confirming new DC's had GC all along.. that removed complaint about GC, leaving DNS server. Have confirmed that new DC has DNS server as well.

Ok.. DC is demoted.. saw a few errors in logs.. went and removed references to old DC in DNS (switching to new DC where only a single value, removing old DC where two options listing both).. re-ran DCDIAG..

It seems only remaining potential issues:

  • DCOM errors in dcdiag output about trying to reach old DC (what would these be about?)
  • Potential issues around DFSR on SYSVOL and NETLOGON (do I need to do anything there?)

 

To be clear, I demoted the DC through removing the role in the Server Manager (rather than forcing it as if it were no longer available).

hello ADFHogan, i saw your post and i think, i may be able to save your day. When you migrate your AD to a new version, sometime the migration doesn't work perfectly but you don't have any warning. Everything work except for the netlogon, sysvol, GPO ....
You have to finish everything by hand.

For the netlogon and sysvol follow the link below
https://thesysadminchannel.com/solved-sysvol-and-netlogon-shares-missing-2016-2019-domain-controller...

For DFSR you have to follow the link below
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/forest-recovery-guide/ad-fore...

I hope the link help.

Thanks, @L_Youtell_974..
I think I'm going to need to look at the DFSR stuff as it's popped up. Hopefully if I fix it before it tombstones,, I won't have problems with netlogon and sysvol again.
You should be ok. As the old DC remain, everything should work fine. You just go through the guide and the new DC should be OK without any lost. The OLD DC should be online because it will retrieve the data from the old DC.