Migrate Domain controller from Windows 2008 R2 to Windows Server 2019 RRS feed

  • Pergunta

  • Hi,

    As you know the End of support for Windows Server 2008 R2 has been slated by Microsoft for January 14th 2020.

    We have a DC with Windows 2008 R2(physical machine) that holds all FSMOs and I have two DCs with Windows Server 2019 (vmware machines) live on the production.

    DC with Windows 2008 R2 that hold all FSMOs is called


    DCs with Windows server 2019 are called as following:

    1) srvdc

    2) srvdc1

    That means I dont need to run "adprep.exe /forestprep or adprep.exe /domainprep or adprep.exe /domainprep /gpprep"

    Am I here right?

    Here are my Steps to migrate.

    1) Transfer all FSMO with Power Shell from DC with Windows 2008 R (SRV) to the DC with Windows Server 2019 (srvdc)

    2) run netdom query fsmo on the DC with Windows Server 2019 (srvdc) and check the FSMO are transfered

    3) run netdom query fsmo on the DC with Windows Server 2008 R2 (SRV) and check the FSMO are not hold here

    4) Check DNS, DHCP, Site and Services and replication between all DCs

    5) Remove Ad services from Server 2008 R2 with "dcpromo"

    on that step I get the following message:

    That means I have to remove the "Active Directory Certificate Services" first from Windows 2008 R2 (SRV).

    I am sure our all certificate for exchange server 2013, scom, sccm server are running on that machine.

    Here are my questions:

    1) Can I backup the certificate of the windows 2008 R2(SRV) and Registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc and add the role "Active Directory Certificate Services" on the Windows server 2019 (srvdc) and import the certificate, before remove the certificate from DC with windows 2008 R2(SRV)?

    2) Could add the roles "Active Directory Certificate Services"  on DC the Windows 2019 (srvdc) now before backup the Certificate Services or remove the Certificate Services? If yes what happens?

    2) Could I have two Certificate Authority at the same time on the DCs Windows 2008 R2(SRV) and Windows 2019 (srvdc)

    3) Or I have to backup my Certificate Authority with Registry CertSvc and then remove the roles on the DC windows 2008 R2 (SRV) and then add the role "Active Directory Certificate Services" on the DC windows 2019 (srvdc)and import from backup I created before?

    What is the best method?

    We have a exchange server 2013 and it should not effected with migration the DC or certificate.

    Thanks for help


    terça-feira, 12 de novembro de 2019 21:24

Todas as Respostas