none
Domain Controllers: how to upgrade from Windows Server 2008 R2 to Windows Server 2016/2019? RRS feed

  • Question

  • Dear All,
    Windows Server 2008 R2 is reaching its EOL period.
    I have a scenario with many 2008 R2 Servers as DC/RDOC and I want to plan an upgrade without issues.

    Scenario:
    1) 2 DC in local office with NPS and DNS
    2) 3 RDOC in branch offices with DNS

    What would you do to upgrade these servers to Windows Server 2016/2019 preserving their roles and IP addreses?

    Thanks in advance for your suggestions.
    Tuesday, September 17, 2019 9:29 AM

Answers

  • Hello,

    Thank you for posting in our forum.

    In general, we recommend we add a new domain controllers with higher version operating system in the domain, install the appropriate roles and move FSMO roles, and then demote the old the domain controllers. It is not recommended to perform in-place upgrade on old DCs from a lower version to a higher version.

    Q1: It's possible to configure a Windows Server 2019 with a Windows Server 2008 R2 domain functional level, just for the migration process?

    A1: From the article Forest and Domain Functional Levels, we can see:
    The minimum requirement to add a Windows Server 2019 Domain Controller is a Windows Server 2008 functional level. The domain also has to use DFS-R as the engine to replicate SYSVOL.


    Q2: After the migration of services, can I set old IP addresses to new domain controllers so all clients can resolve host names?

    A2: Yes, we can change the IP address of DC. We can try the following steps on one DC:

    1. Check the health of the domain environment(run “repadmin /showrepl” and” repadmin/repsummary” in the cmd ) and the replication of the DC(run “DCdiag /v” in the cmd). If there are no problems, proceed to step 2.

    2. Add a server with 2016/2019 to the existing domain, and add roles and promote it as DC.

    3. Repeat step 1 to check AD health.

    4. Replace the IP address of the old DC with another idle IP address (usually, we set static IP address on DC). Set IP address for new DC with the IP address of the old DC. For detailed steps we can refer to the article

    How to change the IP address on a domain controller and Change the Static IP Address of a Domain Controller.

    5. Repeat step 1 to check AD health.

    6. Repeat the above steps on other DCs (for PDC, we need to transfer FSMO roles and check whether we have transferred it successfully with command netdom query FSMO).

    7. Demote old DCs if we need.

    For more information, please refer to the following article:
    1.Active Directory: How to Promote Windows Server 2012 as a Domain Controller
    2.Step-By-Step: Migrating Active Directory FSMO Roles From Windows Server 2012 R2 to 2016



    Tips: the above every step includes a lot of operation, we had better test in our test environment. If there is no any problem in test environment, we can perform the steps in our production environment. This answer contains the content of a third-party website. Microsoft makes no representations about the content of these websites. We provide this content only for your convenience.



    Best Regards,

    Cynthia


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, September 18, 2019 10:32 AM

All replies

  • Deploy new Domain Controllers and move the NPS role and FSMO roles. Once all roles are moved demote your old Domain Controllers. Same with your branch office. I would not recommend doing an in place upgrade. 

    Microsoft Certified Professional

    [If a post helps to resolve your issue, please click the "Mark as Answer" of that post or click Answered "Vote as helpful" button of that post. By marking a post as Answered or Helpful, you help others find the answer faster. ]

    Tuesday, September 17, 2019 10:11 AM
  • Thanks for your reply.

    It's possible to configure a Windows Server 2019 with a Windows Server 2008 R2 domain functional level, just for the migration process?

    After the migration of services, can I set old IP addresses to new domain controllers so all clients can resolve host names?

    Thanks

    Tuesday, September 17, 2019 10:50 AM
  • Hello,

    You can change the IP address of DC, but you must flush the local DNS cache and register the new IP address of the domain controller in DNS.

    - In the PowerShell box, run ipconfig /flushdns to remove any cached DNS entries created by the local DNS resolver.
    - Run ipconfig /registerdns to ensure the new IP address is registered by the DNS server.
    - Run dcdiag /fix to update Service Principal Name (SPN) records and check that all the tests are passed successfully.


    to allow the installation of a domain or domain controller windows 2019, the functional level of the forest must be windows server 2008 or later version

    Best Regards

    Yassine BOUNIf


    Tuesday, September 17, 2019 10:57 AM
  • Also sysvol replication must be DFS-R! If not, you will not be able to promote Windows Server 2019 as a domain controller. 

    Microsoft Certified Professional

    [If a post helps to resolve your issue, please click the "Mark as Answer" of that post or click Answered "Vote as helpful" button of that post. By marking a post as Answered or Helpful, you help others find the answer faster. ]

    Tuesday, September 17, 2019 11:19 AM
  • Hello,

    Thank you for posting in our forum.

    In general, we recommend we add a new domain controllers with higher version operating system in the domain, install the appropriate roles and move FSMO roles, and then demote the old the domain controllers. It is not recommended to perform in-place upgrade on old DCs from a lower version to a higher version.

    Q1: It's possible to configure a Windows Server 2019 with a Windows Server 2008 R2 domain functional level, just for the migration process?

    A1: From the article Forest and Domain Functional Levels, we can see:
    The minimum requirement to add a Windows Server 2019 Domain Controller is a Windows Server 2008 functional level. The domain also has to use DFS-R as the engine to replicate SYSVOL.


    Q2: After the migration of services, can I set old IP addresses to new domain controllers so all clients can resolve host names?

    A2: Yes, we can change the IP address of DC. We can try the following steps on one DC:

    1. Check the health of the domain environment(run “repadmin /showrepl” and” repadmin/repsummary” in the cmd ) and the replication of the DC(run “DCdiag /v” in the cmd). If there are no problems, proceed to step 2.

    2. Add a server with 2016/2019 to the existing domain, and add roles and promote it as DC.

    3. Repeat step 1 to check AD health.

    4. Replace the IP address of the old DC with another idle IP address (usually, we set static IP address on DC). Set IP address for new DC with the IP address of the old DC. For detailed steps we can refer to the article

    How to change the IP address on a domain controller and Change the Static IP Address of a Domain Controller.

    5. Repeat step 1 to check AD health.

    6. Repeat the above steps on other DCs (for PDC, we need to transfer FSMO roles and check whether we have transferred it successfully with command netdom query FSMO).

    7. Demote old DCs if we need.

    For more information, please refer to the following article:
    1.Active Directory: How to Promote Windows Server 2012 as a Domain Controller
    2.Step-By-Step: Migrating Active Directory FSMO Roles From Windows Server 2012 R2 to 2016



    Tips: the above every step includes a lot of operation, we had better test in our test environment. If there is no any problem in test environment, we can perform the steps in our production environment. This answer contains the content of a third-party website. Microsoft makes no representations about the content of these websites. We provide this content only for your convenience.



    Best Regards,

    Cynthia


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, September 18, 2019 10:32 AM
  • Hi,

     

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

     

    Best Regards,

    Cynthia


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, September 20, 2019 10:09 AM
  • Hi,

     

    Just want to confirm the current situations.

     

    Please feel free to let us know if you need further assistance.

     

    Best Regards,

    Cynthia


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, September 25, 2019 1:51 AM
  • Thank you all guys.

    I will check as soon as possible if upgrade works following your tips and I will update this post.

    Wednesday, September 25, 2019 10:11 AM
  • Hi,

     

    Just want to confirm the current situations.

     

    Please feel free to let us know if you need further assistance.

     

    Best Regards,

    Cynthia


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thanks for you support.

    I will check as soon as possible if it works.

    Regards.

    Wednesday, September 25, 2019 10:11 AM
  • Just 1 question about the new Windows Server installation language.

    Actually, DCs language is Italian (RDOC are in English); can I use new Windows Server 2019 installation in English?

    Wednesday, September 25, 2019 10:44 AM
  • Also sysvol replication must be DFS-R! If not, you will not be able to promote Windows Server 2019 as a domain controller. 

    Microsoft Certified Professional

    [If a post helps to resolve your issue, please click the "Mark as Answer" of that post or click Answered"Vote as helpful" button of that post. By marking a post as Answered or Helpful, you help others find the answer faster. ]

    Actually my SYSVOL is running under FRS.

    Can you suggest me the best way to migrate to DFSR in my scenario? (DC + RDOC).

    Thanks

    Wednesday, September 25, 2019 10:46 AM
  • Hello,

    We need to migrate in the test environment to ensure that there are no problems before working in a production environment.

    The following is an article about SYSVOL migration from FRS to DFSR: SYSVOL Replication Migration Guide: FRS to DFS Replication

    Hope above information can help you. If there is anything else we can do for you, please feel free to post in the forum.


    Best regards,
    Cynthia 

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, September 27, 2019 9:06 AM
  • Hi,

     

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

     

    Best Regards,

    Cynthia


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, September 30, 2019 1:55 AM
  • Hi,

     

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

     

    Best Regards,

    Cynthia


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thanks for your support.

    No more info needed at this time; I will make some tests as soon as possible following your tips.

    Kind Regards.

    Monday, September 30, 2019 8:25 AM
  • Hi,

    Thank you for your update.

    Have a nice day!

    Best regards,
    Cynthia

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, September 30, 2019 8:29 AM