With Windows server 2016 was released for public (GA), many businesses
are working on migrating their services to the new offering. This post will
walk you through the steps needed to migrate Active Directory FSMO roles
running on Windows Server 2012 R2 to Windows Server 2016 Active Directory. The
same steps are valid for migrating from Windows Server 2012, Windows Server
2008 R2 and Windows Server 2008.
In this setup, the Windows Server 2012 R2 domain controller is setup as
a PDC. The Windows Server 2016 machine has already been added to the existing
domain.
Current domain and forest functional level of the domain is windows
server 2012 R2.
So, let's start with the migrate process.
Install Active Directory on windows server 2016
1. Log in to windows server 2016 as domain administrator or
enterprise administrator
2. Check the IP address details and put the local host IP address
as the primary DNS and another AD server as secondary DNS. This is because
after AD install, server itself will act as DNS server
3. Run servermanager.exe form PowerShell to open
server manager (there is many ways to open it)
4. Then click on Add Roles and Features
5. It will open up the wizard, click next to
continue
6. In next window keep the default and click next
7. Roles will be installed on same server, so leave the default
selection and click next to continue
8. Under the server roles tick on Active Directory Domain
Services, then it will prompt with the features needs for the role. Click
on add features. Then click next to proceed
9. On the features windows keep the default and click next
10. In next window, it will give brief description about AD DS,
click next to proceed
11. Then in next window it will give brief description about
configuration and click on install to start the role
installation process.
12. Once installation completed, click on promote this
server to a domain controller option
13. It will open up the Active Directory Domain Service
configuration wizard, leave the option Add a domain controller to
existing domain selected and click next.
14. In next window define a DSRM password and
click next
15. In next window click on next to proceed
16. In next windows, it asks from where to replicate domain
information. You can select the specific server or leave it default. Once done
click next to proceed.Â
17. Then it shows the paths for AD DS database, log files and
SYSVOL folder. You can change the paths or leave default. In demo, I will keep
default and click next to continue
18. In next windows, it will explain about preparation options.
Since this is first windows server 2016 AD on the domain it will run forest and
domain preparation task as part of the configuration process. Click next to
proceed.
19. In next window, it will list down the options we selected.
Click next to proceed.
20. Then it will run prerequisite check, if all good
click on install to start the configuration process.
21. Once the installation completes it will restart the server.
Migrate FSMO Roles to windows server 2016 AD
I assume by now you have idea what is FSMO roles. If not search my blog
and you will find article explaining those roles.
There are 2 ways to move the FSMO roles from one AD server to another.
One is using GUI and other one is using command line. I had already written
articles about GUI method before so I am going to use PowerShell this time to
move FSMO roles. If you like to use GUI mode search my blog and you will find
articles on it.
1) Log in to windows server 2016 AD as enterprise administrator
2) Open up the Powershell as administrator. Then type netdom query
fsmo. This will list down the FSMO roles and its current owner.
3) In my demo, the windows server 2012 R2 DC server holds all 5
fsmo roles. Now to move fsmo roles over, type Move-ADDirectoryServerOperationMasterRole
-Identity REBELTEST-PDC01 -OperationMasterRole SchemaMaster,
DomainNamingMaster, PDCEmulator, RIDMaster, InfrastructureMaster and
press enter
In here REBELTEST-PDC01 is the windows server 2016 DC. If FSMO roles are
placed on different servers, you can migrate each and every FSMO roles to
different servers.
4) Once its completed, type netdom query fsmo again
and you can see now its windows server 2016 DC is the new FSMO roles owner.
Uninstall AD role from windows server 2012 R2
Now we moved FSMO roles but we still running system on windows 2012 R2
domain and forest functional levels. In order to upgrade it, first we need to
decommission AD roles from existing windows server 2012 R2 servers.
1) Log in to windows 2012 R2 domain server as enterprise
administrator
2) Open the PowerShell as administrator
3) Then type Uninstall-ADDSDomainController
-DemoteOperationMasterRole -RemoveApplicationPartition and press
enter. It will ask for local administrator password. provide
new password for local administrator and press enter.
4) Once its completed it will restart the server.
Upgrade the forest and domain functional levels to windows server 2016
Now we have the windows server 2012 R2 domain controllers demoted, next
step is to upgrade domain and forest functional levels.
1) Log in to windows server 2016 DC as enterprise administrator
2) Open PowerShell as administrator
3) Then type Set-ADDomainMode -identity rebeladmin.net
-DomainMode Windows2016Domain to upgrade domain functional level to
windows server 2016. In here rebeladmin.net is the
domain name.Â
4) Then type Set-ADForestMode -Identity rebeladmin.net
-ForestMode Windows2016Forest to upgrade forest functional level.
5) Once done you can run Get-ADDomain | fl Name,DomainMode and Get-ADForest
| fl Name,ForestMode to confirm new domain and functional level
No comments:
Post a Comment