Domain Controller Migration from Windows Server 2012r2 -> Windows Server 2019

Windows Server 2012R2 is the seventh version of the Windows Server operating system by Microsoft, as part of the Windows NT family of operating systems. It is released in October 18 2013. There are many great features in Windows Server 2012R2 but as a time passed technology has been changed day to day. So, In order to protect and update the technology we need to upgrade the system.

As per windows, Windows Server 2012R2 will be expiring on Oct 10, 2023 and windows will not provide the security update on this server. The solution of these is to Migrate the Server on 2019 which is the latest Server from Microsoft.

A domain controller is a type of computer server that responds to security authentication requests and verifies users on the domain of a computer network. The controller is a gatekeeper for allowing host access to domain resources.

Today we are going to migrate Domain Controller from 2012R2 to 2019.

In order to migrate the Domain Controller from 2012R2 to 2019 we need to follow some steps.

Steps:

1. Prepare Existing AD forest for Server 2019 DC using Adprep command.

First we need to prepare 2012R2 forest to support server 2019 as domain controller.

To check — We need to go to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

Schema Version : 69.

In order to migrate to 2019 we need to upgrade schema version of 2012R2. The schema version should be 88.

Now, To upgrade schema version. Attach a iso image of windows server 2019.

1. Go to \support\adprep

2. Open command prompt as admin and go to that folder.

3. adprep.exe /? — for help

4. adprep.exe /forestprep — to upgrade schema version from 69 to 88. (Success info : Adreprep successfully updated the forest-wide information.)

5. adprep.exe /domainprep — to update domain-wide information. (Success info: Adreprep successfully updated the domain-wide information.)

6. adprep.exe /domainprep /gpprep (Success info: Domain-wide information already been updated or No GPO updates needed.)

Now check register we can see Schema Version will be 88 and System Schema Version will be 69.

2. Promote Server 2019 as an ADC

1. Add server to Domain Controller
2. Install Active Directory Domain Services.
3. Click on Promote this server to a domain controller.
4. Select Add a domain controller to an existing domain. Provide credentials of Domain Controller and Select domain.
5. DNS and GC should be selected. Site name :Default-First-Site-Name and provide DSRM password.
6. Now select Replication from existing domain controller
7. Now install ADC services.

Now check some settings on 2019

• Go to Active Directory User and Computers, click on Domain Controller we can see two domain controller on Active Directory User and Computers
• Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

Schema Version : 88

System Schema Version : 88

• Go to DNS server and check Forward Lookup Zones. We can see two Active Directory- Integrated Primary Running.
• Go to Active Directory Site and Services. In Site->Default-First-Site-Name-> Servers. We can see two server running.
• Click on Windows server 2019 and right click on NTDS Setting- > All Task -> Check Replication. We can see automatically generated link, right clink on it and replicate now.

We can see From server is from 2012R2.

• Same process on above point repeat on Windows Server 2012R2.

Now Check the DNS record is replicating or not.

• Go to DNS Manager on 2012R2 and 2019 and Check Forward Lookup Zones and Check First Zone and Second Zone, and check SOA number on, it should be same on both server. It shows that the all DNS record is replicated.
• Transfer FMSO roles to Server 2019.

To check the fmso roles

-> netdom query fsmo

We can see the result like..

where DC1 is our 2012R2 domain controller.

Now to migrate the FSMO role. We need to do the following things.

Go to server 2019, open Active Directory Users and Computer, tight click on domain and click Operation Master.

We can see operation master is 2012R2. Now we need to transfer to 2019 click change. Same things need to do on PDC and Infrastructure.

Now, to transfer remaining roles,

• Go to Server 2019 and open PS as admin. Type ntdsutil
• We want to manage roles so type roles

Now to go on fsmo maintenance, type help for any command help

To transfer roles we need to connect to the server. Type connections and then on server connections: type connect to server server name (it should be windows server 2019). It is because to want to transfer roles to 2019 so we connect to 2019 Server.

Now type quite.

Now on fsmo maintence type Tranasfer naming master, click yes.

Transfer schema master, click yes

To check the fmso roles

-> netdom query fsmo

We can see the result like..

We have successfully migrate domain controller to 2019 server. Now demote the old domain controller.

To change the computer name of Domain Controller.

Our old Domain controller is called DC1.domain.com and you wish to rename it to HODC1.domain.com, to do this run the below commands in order in an elevated cmd prompt.

Step 1 — Take a Standard checkpoint of the Domain Controller if this is a Virtual Machine or take a Full Windows backup if this is a physical machine. This will ensure that any errors you get along the process you can revert back. If there are multiple DCs in the domain I suggest a Full Backup or Standard checkpoint of each prior to starting this task.

Step 2 — Adding an alternate computer name

netdom computername DC1.domain.com /add:HODC1.domain.com

Step 3 — Make the new name the primary

netdom computername DC1.domain.com /makeprimary:HODC1.domain.com

Step 4 — Reboot the server

shutdown /r /t 0

Step 5 — Remove old hostname

netdom computername HODC1.domain.com /remove:DC1.domain.com

Step 6 — Once you are happy the Domain controller has been renamed, check Event Logs and run DCDIAG to check for any errors then remove/merge the snapshots if this is a virtual machine