Here are the high- level steps which you can use to upgrade the Active Directory.
In current days there are different situations where you will face upgrade scenarios, e.g. Windows Server 2003 R2 to Windows Server 2016 or later.
Because FRS (File Replication Service) is deprecated since Windows Server 2012 R2, there is an additional step you need to do and to take care of.
Before you start, you have to make sure the AD replication is running fine without any errors.
After EVERY performed step you have to wait until the upgrade information is replicated through your entire forest!
With the help of the command "dfsrmig /getglobalstate" you´ll notice when the replication has finished.
dfsrmig /setglobalstate 0
All Domain-Controllers in the Domain will be put into the "Proceeded"-State.
SYSVOL Data will be replicated.
dfsrmig /setGlobalState 1
All Domain-Controllers in the Domain will be put in the "Prepared"-State.
An additional Folder %SystemRoot%\SYSVOL_DFRS is now available and will be replicated through DFS-R.
In this current state, FRS is still primary and the domain controllers do not reply to any service requests regarding the SYSVOL_DFSR Volume.
dfsrmig /setGlobalState 2
In this state DFS-R Replication (SYSVOL_DFSR) will be primary. This Share will now start to reply to service requests for SYSVOL.
FRS-Service is continuing replicating its SYSVOL-Folder.
dfsrmig /setGlobalState 3
In this state the DFS-Replication will become permanent. The FRS SYSVOL Share will be deleted and the FRS Service will be stopped.
Upgrade the schema using the correct version of OS – Adprep
http://technet.microsoft.com/en-us/library/dd464018(WS.10).aspx
Note - Windows Server 2008 R2 includes a 32-bit version and a 64-bit version of Adprep.exe. The 64-bit version runs by default. If you want to run one of the Adprep.exe commands on a 32-bit computer, use the 32-bit version of Adprep.exe. It is called Adprep32.exe. In Windows 2008 R2, it is located in the \Support\Adprep folder.
You can ignore the following message. However, if you are planning to install RODC later, you need to perform ADPREP/RODCPREP first. First Windows 2008 DC cannot be a Read Only Domain Controller (RODC).
Note - You can verify the schema version using dsquery * cn=schema,cn=configuration,dc=sivarajan,dc=com -scope base -attr objectVersion command. The following table lists the Active Directory Schema and the corresponding Object Version:
***ObjectVersion 39 - Please refer http://blogs.technet.com/b/askds/archive/2011/07/15/friday-mail-sack-peevish-nediquette-edition.aspx
Install new server with a correct version of OS and join this server to the existing domain..
Perform DCPRMO on this server and select Additional Domain Controller for an existing Domain option.
Beginning with Windows Server 2012, you can install AD DS using Windows PowerShell the Install-ADDSDomainController command.
Note - If you are using Active Directory Integrated (ADI) DNS, it will get replicated as part of the Active Directory replication.
If you are planning to decommission the old servers, you need to transfer FSMO roles, DHCP, etc to the new server.
Note - You can identify the FSMO role DC information using Netdom /Query FSMO command.
You can remove (demote) a domain controller using DCPROMO command and again, since WS2012 also possible with PowerShell.
This article is available in other languages:
Good and simple Artical
Good and simple Article
Thanks for the Feedback!
Awesome Santhosh
Thanks Biswajit :)
Patris_70, That is not true. Read the article carefully. blogs.technet.com/.../friday-mail-sack-i-live-again-edition.aspx
“Isolating the Schema Master for ADPREP /FORESTPREP is not tested by the Product Group and not recommended”
I am removing that comment from this Wiki Article.
Hi Santhosh,
First, thanks for your simle and good article.
Here is german Active Directory Team article (use Bing Translator):
So kann beim Schema Upgrade für Windows 2008 (fast) nichts schiefgehen(english: So (almost) nothing can go wrong during the schema upgrade for Windows 2008)
blogs.technet.com/.../so-kann-beim-schema-upgrade-fuer-windows-2008-fast-nichts-schiefgehen.aspx
Regards
Partis_70,
Isolating the Schema Master for ADPREP /FORESTPREP is NOT recommended by Microsoft.
Thanks Fabrizio for converting this document into Italian.
social.technet.microsoft.com/.../8720.panoramica-di-alto-livello-per-l-upgrade-di-active-directory-it-it.aspx
Thanks Fabrizio Volpe and Yagmoth555 and for translating this article into Italian and French
Italian Version -
French Version -
social.technet.microsoft.com/.../9181.active-directory-mise-a-jour-d-active-directory-etapes-sommaire-fr-fr.aspx