Migrating 2008 R2 FSMO and FSR to 2009 DFSR with Master DC Recovered from Backup RRS feed

  • Question

  • Had equipment failure and had to restore my master DC (2008 R2) from backup. My master DC (DC1) also is my CA. I have another healthy 2008 R2 domain controller (DC2).

    I have been researching trying to understand my options but it remains unclear for me.

    I wanted to take this opportunity to upgrade my AD environment to 2019 and thought maybe upgrading domain controllers to server 2019 would be my ticket out of this hole. Figured I could migrate from FSR to DFSR and migrate my CA both to a new 2019 master DC. But one blog I'm following says this can only be done if everything is healthy.

    Under 'Quick Migration' he specifically mentions "Don’t attempt a DFSR migration unless all your domain controllers are replicating AD correctly. "

    So for those of you who are familiar with this what happens if I still have a failed master but a healthy secondary and I attempt this?

    I've already attempted to force the secondary (DC2) to become the master but it says it can't see the master (DC1). From what I've read I need to remove DC1 from the domain and after adding it back I will need to run dc promo again to re-establish it. But then I need to account for my CA, too.

    Again, in my research it appears I will need do backup my CA database and private key and then restore it. Can I back this up and migrate it to a new 2019 DC while working to stabilize DC1?

    Is there any safe way to skip jumping through the hoops of having to stabilize DC1 by removing it from AD and adding it back and stepping through dc promo when I will only be migrating this to a new server 2019 DC when done?


    Tuesday, September 8, 2020 4:02 PM

All replies

  • Looks like I'll plan to migrate all services, DNS/DHCP/CA/FSMO to DC2 and remove DC1 from the domain. Then add it back and dcpromo. And THEN start the migration to 2019.


    Wednesday, September 9, 2020 5:08 PM