At one of our customers there was the wish to upgrade the current server park to Windows Server 2016. Because there are already a few servers running on the most recent server version of Microsoft, we decided to apply this further.
In doing so, we arrived at the two Domain Controllers. These have been running on Windows Server 2008 for quite some time and they also do not escape the upgrade. However, a migration or upgrade like this has more feet in the earth than, for example, a File or Application server.
After having thoroughly mapped out everything and had a detailed test period, we were convinced that we could bring the upgrade to a good end. In this blog I will take you into the upgrade from 2x 2008 Domain Controllers to 2x 2016 Windows Servers.
Note: In this situation we take the naming including IP numbering to the new environment. This is to minimize the impact of the upgrade on the other servers. In addition, we take the following roles to the new server: FSMO, DHCP, DNS, AD DS.
In the upgrade I keep the following names:
-VMDC001 Windows Server 2008 R2
-VMDC002 Windows Server 2008 R2
-DC001NEW Windows Sever 2016
-DC002NEW Windows Server 2016
Preparation
Make sure there is rollback capability for the two DCs, take measures by taking snapshots of the current servers.
Make sure that the two new virtual machines are domain-joined without the naming being used. No roles need to be installed yet.
Change the lease time of the DHCP scope back to about 1 hour.
Start Upgrade DC01
Log on to VMDC001 as Administrator and check in the register whether the version of master's schedule is 47
Make sure that your DVD or ISO is mounted from Server 2016 or that you can call "adprep" in a different way. In my case, he was mounted on D: \
Run ADprep
-Open a command prompt and enter the following command:
"D: \ support \ adprep \ adrep / forestprep"
-Type a "c" to confirm.
After this the forestprep will be started. If this is successful, enter the following command.
Adprep / domainprep
When this is finished, check whether the value in the register has been adjusted to the value 87.
Transfer FSMO Roles
To release the primary Domain Controller we give the FSMO roles to the second Domain controller. Then also carry out the following commands.
-Log in to VMDC002 as administrator and open a command prompt and check where the roles are.
Type Netdom query FSMO
To transfer the roles, execute the following commands
-Type Ntdsutil
-Roles
-Connections
-Connect to server VMDC002
-Quit
Now that we have connected to the VMDC002, we can transfer the roles.
Transfer schedule master
-Click on 'Yes' to continue
Transfer Naming Master
-Click on 'Yes' to continue
Transfer PDC
-Click on 'Yes' to continue
Transfer RID Master
-Click on 'Yes' to continue
Transfer Infrastructure Master
-Click on 'Yes' to continue
Quit
Quit
Then check whether the roles have been transferred to the VMDC002. Type Netdom query FSMO
DHCP
Now that the roles have been converted, we can make a backup of the DHCP that is present on VMDC001. Complete the following steps:
-Log in as Administrator and start a command prompt
-Type "netsh dhcp server export c: \ dhcp.txt all"
-Copy the DHCP.txt to a place that is accessible to other systems eg sysvol
-Stop the DHCP Service
Demote VMDC001
All preparations have now been made to remove the VMDC001 from the domain. It is important that this is done correctly. Then follow the steps below.
-Log in as Administrator on VMDC001
-Type "DCpromo"
-Do not check the "Delete the domain because this server is the last domain controller in the domain". Click on "next"
-Enter the Administrator password and click on "next"
-The wizard will start now and after completion click on "Finish"
-Restart the Server
Note: You will be notified during the wizard whether DNS Delegations may be deleted. This choice is up to you whether you want to do this. In our case this is not applicable, because we want to leave the records for the current server intact.
Remove rolls
-Remove AD & DNS Roles and restart the server
-Authorize the DHCP server with the following command
Netsh dhcp delete server vmdc001.DOMAI-Suffix ipadress
-Remove the DHCP role
-Rename the server to VMDC001-OLD
-Change the IP address
-Restart the server
VM Server 2016 DC001NEW
Now that the VMDC001 is out of the domain and no longer has important roles, the server can be switched off if no more data has to be collected. Because we want to keep the current naming and IP numbers, we will transfer them from the "old VMDC001" to the new VM Server 2016. In the steps below I will explain how you can do this.
-Rename the DC001NEW to VMDC001 and set the IP number.
-Make the new VMDC001 member of the domain
-Verify that the name is correct (VMDC001) before the AD role is installed
-Install the roles: AD, DHCP and DNS
-Promote the Server to Domain Controller
Import DHCP Scope
To import the backup of the DHCP scope, complete the following steps:
-Open a command prompt
-Type netsh dhcp server import c: \ dhcp.txt all
-And add the server
-Type netsh DHCP add server VMDC002.DOMAI-Suffix ipadress
Authorize cp around the installation of the DHCP server from the Server Manager
Transfer FSMO roles
As indicated earlier, the current FSMO roles are on the VMDC002. Because we are also going to demo these, we will move these roles to the VMDC001. Follow the steps below to do this.
-Log in as Administrator on the VMDC001
-Check that the FSMO roles are on the VMDC002
-Type Ntdsutil
-Roles
-Connections
-Connect to server VMDC001
-Quit
Now that we have connected to the VMDC001, we can transfer the roles.
Transfer schedule master
-Click Yes to continue
Transfer Naming Master
-Click Yes to continue
Transfer PDC
-Click Yes to continue
Transfer RID Master
-Click Yes to continue
Transfer Infrastructure Master
-Click Yes to continue
Quit
Quit
Check whether the rolls have been transferred to the VMDC001.
Demote VMDC002
To also replace the VMDC002 with the new one, the server needs to be phased out correctly. Then also follow the previous instructions that have been provided when you are running the VMDC001.
VM Server 2016 DC002NEW
If all roles have been correctly removed, the name has been changed and the IP number has been changed, the server can be replaced by the DCNEW002.
-Log on to the DCNEW002
-Change the name to VMDC001
-Change the IP address
-Add to the domain
-Install the roles that are needed.
If all roles have been installed, both DCs will be upgraded to Server 2016 and there will be one final action, namely increasing the Forest and Domain Functional level.
-Open Active Directory Domains and Trusts
-Right mouse click on AD & DT
-Click on "Raise Forest Functional Level"
-Select Windows Server 2016 and click Raise
-Right-click on the Domain
-Click on "Raise Domain Functional Level"
-Select Windows Server 2016 and click Raise
After this last action, the Domain Controllers are equipped with Server 2016. In order to make optimal use of the possibilities that Server 2016 brings with it, think of the policies, it is advisable to also provide the Central Store of the policies with new definitions. These can be found at:
https://www.microsoft.com/en-us/download/details.aspx?id=53430
For further information about the differences between the Server versions see:
https://www.microsoft.com/en-us/cloud-platform/windows-server-comparison
Congratulations @spoiler! You received a personal award!
You can view your badges on your Steem Board and compare to others on the Steem Ranking
Do not miss the last post from @steemitboard:
Vote for @Steemitboard as a witness to get one more award and increased upvotes!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit