Dear Friends, Please help. We are a big organisation with 1600 + Users. Now I am planning to migrate two Domain Controllers (server 2012 r2) dc01 (192.168.2.45) and dc02(192.168.2.46) to two Server 2019 boxes. In order to have less impact on updating Appliance and other windows servers' DNS entries, my plan is: Demote DC02, remove it and power off the server. Set up a new DC03 server 2019 box with the same IP with DC02. And set up as secondary DC server. Migrate FSMO roles to DC03 as primary DC server. So, DC03 becomes domain master. Migrate DHCP from DC01 to DC 03. Demote DC01 and power off. Set up DC04 server 2019 and set up as secondary domain for load balancing etc. Done Can we practically do this? Thanks a lot, ML

The two prerequisites to introducing the first 2019 or 2022 domain controller are that domain functional level needs to be 2008 or higher and older sysvol FRS replication needs to have been migrated to DFSR https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Streamlined-Migration-of-FRS-to-DFSR-SYSVOL/ba-p/425405 Yes, your plan sounds good. You can also check in between steps in case some cleanup were necessary to remove remnants of demoted one. https://video2.skills-academy.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-controller-server/ba-p/280564 It's also recommended to confirm domain health is 100% (dcdiag, repadmin tools) before starting and precautionary in between steps. --please don't forget to upvote and Accept as answer if the reply is helpful--

Domain Controllers Migration

Namless Shelter 231

Dear Friends,

Please help.

We are a big organisation with 1600 + Users.

Now I am planning to migrate two Domain Controllers (server 2012 r2) dc01 (192.168.2.45) and dc02(192.168.2.46) to two Server 2019 boxes.

In order to have less impact on updating Appliance and other windows servers' DNS entries, my plan is:

Demote DC02, remove it and power off the server.
Set up a new DC03 server 2019 box with the same IP with DC02. And set up as secondary DC server.
Migrate FSMO roles to DC03 as primary DC server. So, DC03 becomes domain master.
Migrate DHCP from DC01 to DC 03. Demote DC01 and power off.
Set up DC04 server 2019 and set up as secondary domain for load balancing etc.
Done

Can we practically do this?

Thanks a lot,
ML

1 answer

Dave Patrick 426.4K Reputation points MVP

2022-03-22T00:56:26.737+00:00

The two prerequisites to introducing the first 2019 or 2022 domain controller are that domain functional level needs to be 2008 or higher and older sysvol FRS replication needs to have been migrated to DFSR
https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Streamlined-Migration-of-FRS-to-DFSR-SYSVOL/ba-p/425405

Yes, your plan sounds good. You can also check in between steps in case some cleanup were necessary to remove remnants of demoted one.
https://video2.skills-academy.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup
https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-controller-server/ba-p/280564

It's also recommended to confirm domain health is 100% (dcdiag, repadmin tools) before starting and precautionary in between steps.

--please don't forget to upvote and Accept as answer if the reply is helpful--
Please sign in to rate this answer.

1 person found this answer helpful.
Namless Shelter 231 Reputation points

2022-03-22T01:01:16.437+00:00

Thanks a lot,

Just regarding to Primary DNS IP and Secondary DNS IP, so it doesn't matter what sequence they are on every other servers and appliances, right? Doing this way, we might ended up Secondery DNS IP is on top, and Primary DNS IP is on the bottom.

Or how about we migrate FSMO roles to DC02 first. and then demote DC01..and rest of steps? So DNS IPs will end up in the right order.

ML

Dave Patrick 426.4K Reputation points MVP

2022-03-22T01:10:00.71+00:00

Yes, you could do the second option if you like but the concept of primary / secondary really no longer applies since the days of NT.

Namless Shelter 231 Reputation points

2022-03-22T01:15:32.15+00:00

Also, what if domain function is already on 2012 R2, do we need to worry about migrate to DFSR?

Thanks
ML

Dave Patrick 426.4K Reputation points MVP

2022-03-22T01:19:46.37+00:00

I'd think it should already be DFSR but you can easily check it (ADSIEDIT) if you find 48 then using DFSR, if null or 0, 16, 32 then FRS or some state of migration from FRS

Namless Shelter 231 Reputation points

2022-03-22T01:26:56.657+00:00

Also, should we use server 2022 or stick with server 2019?

Thanks
ML

Dave Patrick 426.4K Reputation points MVP

2022-03-22T01:28:57.727+00:00

Either one is fine to use.

Namless Shelter 231 Reputation points

2022-03-22T07:19:56.74+00:00

Cool thanks, so as long as one of the DNS server (Whatever member DC server) is in the entries, it will be fine. Does not matter what sequence they are on?

Dave Patrick 426.4K Reputation points MVP

2022-03-23T13:32:25.277+00:00

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--

Namless Shelter 231 Reputation points

2022-03-23T22:26:25.457+00:00

Cool thanks, so as long as one of the DNS server (Whatever member DC server) is in DNS entries on every servers, it will be fine. Does not matter what sequence they are on? Am I correct?

Thanks

Dave Patrick 426.4K Reputation points MVP

2022-03-23T22:33:02.717+00:00

Ideally, you'll have two listed for redundancy.

--please don't forget to upvote and Accept as answer if the reply is helpful--

Namless Shelter 231 Reputation points

2022-03-24T03:33:43.33+00:00

Cool thanks, so as long as one of the DNS server (Whatever member DC server) is in DNS entries on every servers, it will be fine. Does not matter what sequence they are on? Am I correct?

Thanks
ML

Dave Patrick 426.4K Reputation points MVP

2022-03-24T12:43:45.017+00:00

Just a reminder, please don't forget to close up the thread by

Dave Patrick 426.4K Reputation points MVP

2022-03-24T13:29:31.9+00:00

Ideally, you'll have two DNS listed for redundancy.

Namless Shelter 231 Reputation points

2022-03-24T22:05:57.983+00:00

Sorry what I meant is: can I have Preferred DNS and Alternative DNS in different orders? Domain Master IP is set to Alternative DNS. See attachment

192.168.0.53 is actually the domain master.

Thanks
ML

Dave Patrick 426.4K Reputation points MVP

2022-03-24T22:31:16.687+00:00

Yes, not a problem.

Namless Shelter 231 Reputation points

2022-03-25T04:27:41.567+00:00

So I want to change the order for Preferred and Alternative DNS on windows domain joined PC, I only need to change DHCP's DNS options to change up and down, right? With other appliance, might need to change manually. Is this ok to do?

Thanks a lot
ML

Dave Patrick 426.4K Reputation points MVP

2022-03-25T11:14:12.263+00:00

Yes, either way will work.

--please don't forget to upvote and Accept as answer if the reply is helpful--

Dave Patrick 426.4K Reputation points MVP

2022-03-26T13:10:19.68+00:00

Just a reminder, please don't forget to close up the thread by

Dave Patrick 426.4K Reputation points MVP

2022-04-04T12:46:38.713+00:00

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--

Erik 0 Reputation points

2024-02-01T23:57:21.46+00:00

Dave Patrick - What's the best way to contact you for a question on this?
Sign in to comment

Share via

Domain Controllers Migration

1 answer