How to upgrade or migrate Active Directory server

A quick walkthrough on how to upgrade or migrate an Active Directory Server.

In this guide, the old server is Windows Server 2008 R2 Standard, and the new server is Windows Server 2016 Essentials.

This guide should work on other Windows Server version as the concept would be pretty much the same.

Firstly, we would install Active Directory (AD) role on the new server.

If AD role can’t be installed, we can safely remove the Active Directory Certificate Services first.

The we would join the new server to the domain.

Then type this on the new domain controller:

C:\Windows\system32> netdom query fsmo
Schema master ws-2008-r2-std.saputra.local
Domain naming master ws-2008-r2-std.saputra.local
PDC ws-2008-r2-std.saputra.local
RID pool manager ws-2008-r2-std.saputra.local
Infrastructure master ws-2008-r2-std.saputra.local
The command completed successfully.

That means all of the domain role still being handled by the old server.

Let’s go to Active Directory Users and Computers
Right click on saputra.local and select Operations Masters
Change operation masters to new server for all RID, PDC, and Infrastructure

After we changed three roles above, the condition should be like this:

C:\Windows\system32> netdom query fsmo
Schema master ws-2008-r2-std.saputra.local
Domain naming master ws-2008-r2-std.saputra.local
PDC ws-2016-ess.saputra.local
RID pool manager ws-2016-ess.saputra.local
Infrastructure master ws-2016-ess.saputra.local
The command completed successfully.

Go to Active Directory Domains and Trusts
On the left pane, right click on Active Directory Domains and Trusts
Select Operations Masters (there’s Raise Forest Functional Level as well, completely optional)

And the role should now become like this:

C:\Windows\system32> netdom query fsmo
Schema master ws-2008-r2-std.saputra.local
Domain naming master ws-2016-ess.saputra.local
PDC ws-2016-ess.saputra.local
RID pool manager ws-2016-ess.saputra.local
Infrastructure master ws-2016-ess.saputra.local
The command completed successfully.

To transfer the last role, type:

C:\Windows\system32> regsvr32 schmmgmt.dll

Then:

C:\Windows\system32> mmc.exe

Load snap-in Active Directory Schema
It will then connect to the old AD server first
Right click ‘Connect to Schema Operations Master’ and select the new server
Then select Operations Master and change the role with the new server:

C:\Windows\system32> netdom query fsmo
Schema master ws-2016-ess.saputra.local
Domain naming master ws-2016-ess.saputra.local
PDC ws-2016-ess.saputra.local
RID pool manager ws-2016-ess.saputra.local
Infrastructure master ws-2016-ess.saputra.local
The command completed successfully.
Demoting old server

Obviously, go to the old server;
Use dcpromo.exe, it will say AD is a Global Catalog server;
Go to Active Directory Users and Computers (this can be done from either new server or old server);
Expand the domain and select Domain Controllers;
Select the old server and click on NTDS Settings;
Untick Global Catalog;

And now we should be able to demote the old server.

If you have any questions or comments, please write down below and I would happy to answer 🙂

 

Leave a Reply

Your email address will not be published. Required fields are marked *