Migrate Domain Controller from Windows Server 2012 & R2 to Windows Server Server 2016

In this article you can fnd the step by step migration process for migrate Server 2012 & r2 DC’s to Windows Server 2016 DC.

The recommendation is the functional level needs to be least at Server 2008.

We start with Domain Controller health check’s.

We should run “dcdiag” for check health status of a DC. If you find any health issue on current DC’s,you should fix the issues before migration process.

Again we need to check the replication status of DC entire domain. Also the same if you find any replication issues between your DC’s,you should fix the replication problems before migration process.We can run “repadmin /replsum” for check the replication status of DC’s.(also you can check the replication status with AD replication status tool.)

And we need a account for migration process which is member of administrative groups.(like Enterprise, domain and schema admins group).

Also we should be sure all FW already disabled on DC’s,necessary ports accessible between DC’s, the time settings are correct. Then you should configure correct ip on Server 2016, same time new server 2016 needs to be fully patched.

When all these things done join Server 2016 to existing domain.

When join to domain, you can logon with your administrative account on server 2016. Then select “Add Roles and Features” from Server Manager.

You can see the information screen,click to next.

You should select Role Based installation.

We should select the server to add role on it.(so we should select new server 2016,cause we add the role on it.)

Next screen you should select “Active Directory Domain Services”.

Incoming screen,said that the necessary features will be add the role.

You can see informations about ADDS,click next.

We are on the Confirm installation screen,to start installation click “install” button.

There is a screen shows up about the add role and featus installed successfully. As you see ADDS,GPM,RSAT already added to our new server.

Then you can see an attention on Server Manager menu,and you should select “Promote this server to a domain controller”.

We need to add new Server 2016 as Additional Domain Controller to our existing domain that’s why we should select ,”Add a domian controller to an existing domain”.

You should also select “DNS” and “GC” roles for redundancy.

Site name: Default site name become automatically.(default)

DSRM password : We must keep that password configure here, cause any of DC restore process we need it.

We can select the replication partner on this screen, if you select “Any domain controller” it will select the nearest replication partner.

You can see the DB, Log Files, SYSVOL location on this screen,the recommendation from Microsoft is keep under it on default location.( on C drive.)

The new features become with Server 2012 update forest, schema and domain prep automatically also available with Server 2016.

You can check the settings so far. Click next.

This screen verifying the system prerequisite check, if it is valid the you can click “install”, but if any of issues find the installation will not start until the issue is solved.

Forest preparation screen.

Domain preparation.

When these process done,new server 2016 add existing domain as an additional domain controller.

When you restart new 2016 dc and logon you can see new roles already added on dc.

So far, we could done to add server 2016 as additional domain to our existing domain. Now we should check the necessary control’s on the domain.

 Start with replication status check, run “repadmin /replsum”, and see the replication’s status are OK.

We should check that the SYSVOL folder successfully created on new server 2016,and this is also OK.

Last thing we need to check the new server 2016 DC Health status,run “dcdiag” and as you see this is also OK. The server 2016 DC is healthy.

Now we are sure that the migration process is done successfully and it is time to transfer fsmo roles to new Server 2016 DC, then the server 2016 DC will be PDC for your domain.

Open to “cmd “ console then run “netdom query fsmo” to check fsmo roles holder.

netdom query fsmo

In my lab environment all roles on a single DC.(testdc.random.com,)

And we start to transfer fsmo roles to new server 2016 DC. I use “ntdsutil.exe” to transfer roles.

cmd > ntdsutil >roles> connections > connect to server dc2016.random.com ( You should configure your own server name here.)

When connect

server connections : q for existing.

you should run belowing command in order to transfer fsmo roles

Fsmo maintenance : Transfer infrastructure master

Fsmo maintenance : Transfer naming master

Fsmo maintenance : Transfer PDC

Fsmo maintenance : Transfer RID master

Fsmo maintenance : Transfer Schema master

You should select “yes” all of transfer attention screens.

When done need to check the roles transfer successfully,run “netdom query fsmo”. As you see all fsmo roles ( I have a single domain and all roles (5) on a single DC) successfully transfer on new server 2016 DC.

Finally all migration steps done including transfer fsmo roles on new server 2016 DC. Personally recommend that run old server 2012 DC and server 2016 DC together for a while,in this time you can check the possible issues. Also there isn’t any known issue related with ms products running with Server 2016 DC, but 3rd party applications and software, you should contact to vendor to check Server 2016 compatibility before migration.

Last thing when you raise functional level to Server 2016,the older Server OS DC’s become nonfunctional.(Server 2012,2008,etc..) so before raise functional level you should demote old DC’s from domain.