How to retain same Computername and IP after migration of DC from 2016 to 2019

Prezidentj33 101 Reputation points
2023-01-09T15:35:30.517+00:00

Scenario we have 2 top lvl DC's and 4 sub domain DC's all in sync. Plan on upgrading both to 2019 from 2016 and need to keep IP's and names the same. The one I am working on has certificate services, dhcp as well with normal AD DS and DNS.

I found this from a previous forum post so I grabbed this as an initial plan

  1. Build new servers on windows 2019 and join it to domain
  2. Demote the first domain controller and rename it ( check if this Domain Controller holds a one of FSMO roles, if it's the case you should move them to another Domain controller before demote it)
  3. Once the domain controller is demoted , you can rename it to avoid a name conflict during the migration
  4. Rename one of new server windows 2019 with the old name of the first demoted domain controller
  5. Migrate DHCP and NPS from demoted domain controller to new server 2019
  6. Shutdown old domain controller
  7. Promote a domain controller on new server 2019 and change its IP in order to use the same IP of old domain controller
  8. Do the same for the second domain controller

Just wondering should I remove old DC from domain once it has been demoted and or are there any special steps here that I need to follow given my scenario? I can move FSMO roles and I think I can export Certificate Services and reimport once new DC is stood up? Or is there something specific here that I need to follow? Also for DHCP I can export and import back in as well? This is my 1st time attempting this so I apologize for anything standing out as normal operations.

Thank you

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,437 questions
Windows Server Migration
Windows Server Migration
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Migration: The process of making existing applications and data work on a different computer or operating system.
424 questions
0 comments
Accepted answer
  1. Thameur-BOURBITA 32,831 Reputation points
    2023-01-09T20:07:17.593+00:00

    Hi,

    As you have more one domain controllers per domain, you can demote domain controller on old server after moving fsmo roles to another domain controller, because The other domain controllers will ensure the authentication.
    Once this steps is completed , you can start by migrate DHCP service then certificate service.
    I recommend you to perform the following steps:

    1. Move FSMO role to another domain controller
    2. Demote domain controller on old server
    3. Backup DHCP settings (Export settings ) : export-dhcpserver
    4. Migrate DHCP service on new server by importing the settings of old server: import-dhcpserver
    5. Migrate certificate service , I invite you to read the following links :
      AD CS Migration: Migrating the Certification Authority
      migrate-root-ca-to-a-new-server
    6. Switch IP between old and new server
    7. promote domain controller on new server

    I recommend you to test and validate all migration procedures in your test and Pre-Prod environment before apply it on production environment.
    Don't forget to backup at least one domain controller per domain in your forest , to be able to restore the forest in case of issue

    Please don't forget to mark helpful reply as answer

    1 person found this answer helpful.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-01-09T17:07:24.94+00:00

    The simplest solution is to do them one at a time moving roles off and demoting and decommission one at a time.

    The two prerequisites to introducing the first 2019 or 2022 domain controller are that domain functional level needs to be 2008 or higher and older sysvol FRS replication needs to have been migrated to DFSR
    https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Streamlined-Migration-of-FRS-to-DFSR-SYSVOL/ba-p/425405

    I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2019 or 2022, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    1 person found this answer helpful.
  2. Anonymous
    2023-01-09T19:50:25.517+00:00

    The decommissioned one should be removed from network (because of the name conflict).

    I'd suggest starting a new thread here about a security server migration.
    https://video2.skills-academy.com/en-us/answers/topics/46447/windows-server-security.html

    Yes, the DHCP server scopes could be exported and then imported.
    https://video2.skills-academy.com/en-us/powershell/module/dhcpserver/export-dhcpserver?view=windowsserver2022-ps
    https://video2.skills-academy.com/en-us/powershell/module/dhcpserver/import-dhcpserver?view=windowsserver2022-ps

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.