none
AD migration to Windows Server 2016 RRS feed

  • Question

  • I would like to migrate Windows 2008 R2 Active Directory to Windows 2016 AD. Please guide me how to take forwards the migration and how to test the existing Active directory environment is healthy or not.

    Sunday, February 26, 2017 6:25 AM

Answers

  • Hi,

    To my knowledge, the process should be mostly the same as migration to Windows 2012 R2. 

    To migrate the AD to Windows 2016, we can follow the main steps as below:

    1. Raise your forest & domain function level at least to Windows server 2003 because it is the lowest function level to join Windows 2016 DC in the domain. Since our DC is Windows 2008 R2, I suggest you raise the current function level to Windows serve 2008 R2. Meanwhile, please ensure the SYSVOL replication is using DFSR to avoid any compatibility issue. For more detailed information, please refer to :

    Windows Server 2016 Functional Levels

    https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-ds/windows-server-2016-functional-levels?f=255&MSPPError=-2147217396

    2. It is always a good habit to back up a system state prior to making any big changes to the Active Directory. So I strongly suggest you back up the system state of your existing 2008 R2 DCs (FSMO role holders) for disaster recovery consideration. 

    3. Clean install Windows server 2016, and verify new server's TCP/IP configuration has been pointed to the current DNS server (the old DC). 

    4. Make the new server become a member server in the current Windows Server 2008 R2 domain.

    5. Promote your new 2016 member server to a domain controller. Then verify the installation of Active Directory.

    STEP-BY-STEP GUIDE TO MIGRATE ACTIVE DIRECTORY FSMO ROLES FROM WINDOWS SERVER 2012 R2 TO WINDOWS SERVER 2016

    http://www.rebeladmin.com/2016/10/step-step-guide-migrate-active-directory-fsmo-roles-windows-server-2012-r2-windows-server-2016/

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    6. Then transfer all operations master roles from old Windows 2008 R2 DC to the new Windows 2016 DC. We may take the document below as a reference to transfer the FSMO roles :

    Step-By-Step: Migrating Windows Server 2003 FSMO Roles To Windows Server 2012 R2

    https://blogs.technet.microsoft.com/canitpro/2015/02/10/step-by-step-migrating-windows-server-2003-fsmo-roles-to-windows-server-2012-r2/

    7. Install the DNS component on the new server and configure it as a new DNS Server (Active Directory Integrated-Zone is preferred). All the DNS configuration should be replicated to the new DNS server with Active Directory Replication. 

    8. Use DHCP server to make all the clients change TCP/IP configuration to point to the new server as DNS.  

    9. Transfer the related services correctly. 

    10. Keep the two domain controllers running for a period of time.

    After that, I recommend you remain the old DC offline for several days and check whether everything works fine. Then we can plan the activity to demote the old Windows 2008 R2 DC.

    To check AD health status, we can use the following commands and tools:

    1.Dcdiag /v /c /d /e /s:DCName >c:\dcdiag.log [please replace DCName with your Domain Controller name]

    2.Repadmin /showrepl dc* /verbose /all /intersite >c:\repl.log [“dc* is a place holder for the starting name of the DCs if they all begin the same (if more than one DC exists)]

    3.Dnslint /ad /s “DCipaddress” [use http://support.microsoft.com/kb/321045 for download and instructions]

    4. Run BPA to check if there is any potential issue.

    Best Practices Analyzer for Active Directory Domain Services

    https://technet.microsoft.com/en-us/library/dd391875(v=ws.10).aspx

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Andrew_k17 Sunday, February 26, 2017 2:19 PM
    Sunday, February 26, 2017 9:33 AM
    Moderator

All replies

  • Hi,

    To my knowledge, the process should be mostly the same as migration to Windows 2012 R2. 

    To migrate the AD to Windows 2016, we can follow the main steps as below:

    1. Raise your forest & domain function level at least to Windows server 2003 because it is the lowest function level to join Windows 2016 DC in the domain. Since our DC is Windows 2008 R2, I suggest you raise the current function level to Windows serve 2008 R2. Meanwhile, please ensure the SYSVOL replication is using DFSR to avoid any compatibility issue. For more detailed information, please refer to :

    Windows Server 2016 Functional Levels

    https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-ds/windows-server-2016-functional-levels?f=255&MSPPError=-2147217396

    2. It is always a good habit to back up a system state prior to making any big changes to the Active Directory. So I strongly suggest you back up the system state of your existing 2008 R2 DCs (FSMO role holders) for disaster recovery consideration. 

    3. Clean install Windows server 2016, and verify new server's TCP/IP configuration has been pointed to the current DNS server (the old DC). 

    4. Make the new server become a member server in the current Windows Server 2008 R2 domain.

    5. Promote your new 2016 member server to a domain controller. Then verify the installation of Active Directory.

    STEP-BY-STEP GUIDE TO MIGRATE ACTIVE DIRECTORY FSMO ROLES FROM WINDOWS SERVER 2012 R2 TO WINDOWS SERVER 2016

    http://www.rebeladmin.com/2016/10/step-step-guide-migrate-active-directory-fsmo-roles-windows-server-2012-r2-windows-server-2016/

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    6. Then transfer all operations master roles from old Windows 2008 R2 DC to the new Windows 2016 DC. We may take the document below as a reference to transfer the FSMO roles :

    Step-By-Step: Migrating Windows Server 2003 FSMO Roles To Windows Server 2012 R2

    https://blogs.technet.microsoft.com/canitpro/2015/02/10/step-by-step-migrating-windows-server-2003-fsmo-roles-to-windows-server-2012-r2/

    7. Install the DNS component on the new server and configure it as a new DNS Server (Active Directory Integrated-Zone is preferred). All the DNS configuration should be replicated to the new DNS server with Active Directory Replication. 

    8. Use DHCP server to make all the clients change TCP/IP configuration to point to the new server as DNS.  

    9. Transfer the related services correctly. 

    10. Keep the two domain controllers running for a period of time.

    After that, I recommend you remain the old DC offline for several days and check whether everything works fine. Then we can plan the activity to demote the old Windows 2008 R2 DC.

    To check AD health status, we can use the following commands and tools:

    1.Dcdiag /v /c /d /e /s:DCName >c:\dcdiag.log [please replace DCName with your Domain Controller name]

    2.Repadmin /showrepl dc* /verbose /all /intersite >c:\repl.log [“dc* is a place holder for the starting name of the DCs if they all begin the same (if more than one DC exists)]

    3.Dnslint /ad /s “DCipaddress” [use http://support.microsoft.com/kb/321045 for download and instructions]

    4. Run BPA to check if there is any potential issue.

    Best Practices Analyzer for Active Directory Domain Services

    https://technet.microsoft.com/en-us/library/dd391875(v=ws.10).aspx

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Andrew_k17 Sunday, February 26, 2017 2:19 PM
    Sunday, February 26, 2017 9:33 AM
    Moderator
  • Hi Andrew, there is a guide on how to do this step by step here http://dailysysadmin.com/KB/Article/1075/migrating-active-directory-from-2008-r2-to-2016/ hope it’s if use to you
    Saturday, March 24, 2018 1:22 AM