Migrate Domain Controller from Windows Server 2012 & R2 to Windows Server Server 2016

In this article, you can find the step by step migration process for migrating Server 2012 & R2 DCs to Windows Server 2016 DC.

The recommendation is the functional level needs to be least at Server 2008.

We start with Domain Controller health checks.

We should run “dcdiag” for check health status of a DC. If you find any health issue on current DCs,you should fix the issues before migration process.

Again, we need to check the replication status of DC entire domain. Also the same if you find any replication issues between your DCs, you should fix the replication problems before migration process. We can run “repadmin /replsum” for check the replication status of DCs. (Also you can check the replication status with AD replication status tool.)

And we need a account for migration process which is member of administrative groups (like Enterprise, domain and schema admins group).

Also, we should be sure all FW already disabled on DCs, necessary ports accessible between DCs, the time settings are correct. Then you should configure correct IP on Server 2016, same time new server 2016 needs to be fully patched.

When all these things done join Server 2016 to existing domain.

When join to domain, you can logon with your administrative account on Server 2016. Then select “Add Roles and Features” from Server Manager.

You can see the information screen, click Next.

You should select Role-Based installation.

We should select the server to add role to it. (So we should select new server 2016 cause we add the role on it.)

Next screen you should select “Active Directory Domain Services”.

Incoming screen said that the necessary features will be add the role.

You can see information about ADDS, click Next.

We are on the Confirm installation screen. To start the installation, click “Install” button.

There is a screen that shows up about the add role and features installed successfully. As you see ADDS,GPM,RSAT already added to our new server.

Then you can see an attention on Server Manager menu and you should select “Promote this server to a domain controller”.

We need to add new Server 2016 as Additional Domain Controller to our existing domain that’s why we should select ”Add a domain controller to an existing domain”.

You should also select “DNS” and “GC” roles for redundancy.

Site name: Default site name become automatically.(default)

DSRM password: We must keep that password configure here, cause any of DC restore process we need it.

We can select the replication partner on this screen. If you select “Any domain controller” it will select the nearest replication partner.

You can see the DB, Log Files, SYSVOL location on this screen. The recommendation from Microsoft is keeping it on default location ( on C drive).

The new features come with Server 2012 update forest, schema and domain prep automatically also available with Server 2016.

You can check the settings so far. Click Next.

This screen verifying the system prerequisite check. If it is valid the you can click “Install”, but if any of issues find the installation will not start until the issue is solved.

Forest preparation screen.

Domain preparation.

When this process is done, new Server 2016 add existing domain as an additional domain controller.

When you restart new 2016 DC and logon you can see new roles already added on DC.

So far, we could add server 2016 as additional domain to our existing domain. Now we should check the necessary control’s on the domain.

 Start with replication status check. Run “repadmin /replsum”, and see the replication’s status is OK.

We should check that the SYSVOL folder successfully created on new Server 2016 and this is also OK.

Last thing we need to check the new server 2016 DC Health status, run “dcdiag” and as you see this is also OK. The server 2016 DC is healthy.

Now we are sure that the migration process is done successfully and it is time to transfer fsmo roles to new Server 2016 DC, then the server 2016 DC will be PDC for your domain.

Open to “cmd “ console and run “netdom query fsmo” to check fsmo roles holder.

netdom query fsmo

In a lab environment all roles on a single DC. (testdc.random.com)

And we start to transfer fsmo roles to new server 2016 DC. Used “ntdsutil.exe” to transfer roles.

cmd > ntdsutil >roles> connections > connect to server dc2016.random.com (You should configure your own server name here.)

When connect

server connections : q for existing.

You should run belowing command in order to transfer fsmo roles

Fsmo maintenance: Transfer infrastructure master

Fsmo maintenance: Transfer naming master

Fsmo maintenance: Transfer PDC

Fsmo maintenance: Transfer RID master

Fsmo maintenance: Transfer Schema master

You should select “Yes” all of transfer attention screens.

When done need to check the roles transfer successfully. Run “netdom query fsmo”. As you see all fsmo roles (a single domain and all roles (5) on a single DC) successfully transfer on new server 2016 DC.

Finally, all migration steps done including transfer fsmo roles on new server 2016 DC. Recommend that you run old server 2012 DC and server 2016 DC together for a while at this time so you can check the possible issues. Also there isn’t any known issue related with MS products running with Server 2016 DC, but third-party applications and software, you should contact to vendor to check Server 2016 compatibility before migration.

Last thing when you raise functional level to Server 2016, the older Server OS DCs become nonfunctional.(Server 2012, 2008, etc.) so before raising functional level you should demote old DCs from domain.