Install 2016 DC (x2) to replace 2008 R2 DC (x2) and raise AD, FFL/DFL to 2016.

Objective: Install 2016 DC (x2) to replace 2008 R2 DC (x2) and raise AD, FFL/DFL to 2016.

Working on adding 2016 DC (x2) to our domain with the intent of retiring our current 2008 R2 DC (x2). Just want to run this past a few experts who have done this to iron out any kinks. Based on what I have read thus far I should be able to move directly to 2016 and thus bypass 2012 altogether.

Environment (right now):

  •      DFL/FFL = 2008 R2 and two DC 2008 R2
  •       Exchange is 2013 (cluster of two) is already in place, as is SharePoint 2013 (single farm)
  •       No WSUS or other role/feature servers. Two MS based file servers running 2012.
  •       120 desktops and 15 physical and 15 virtual (3 hosts VMware 6.0) systems
  •       DSDIAG (DNS, WINS, AD)  health check came back okay and replication between current 2008 R2 DC is good
  •       DFS already replaced by DFSR – done when we went to 2008 R2 FFL/DFL
  •       We have already purchased 2x HP ProLiant servers and licenses for 2 x 2016 Standard and all required user CALS.

The Plan:

  • Send emails to all application vendors to identify any compatibility issues that DC 2016 or FFL/DFL 2016 might cause for their products.
  •       Replace any/all 2003 o/s member servers with 2012 o/s
  •       Run full (dcdiag, repadmin) set of health checks for AD and DNS. Assuming they come back without major errors proceed.
  •       Install 2016 Standard on both new physical servers.
  •       Consolidate all existing 2008 R2 FSMO roles on primary 2008 R2 DC.
  •       Remove all roles (WINS, DNS) from the secondary 2008 R2 DC and demote the existing 2008 R2 secondary DC to a member server were it will continue as such since it hosts some DHCP scopes that can stay on it. So DHCP export/import is not needed at this point.
  •        Rename the DC (without removing it from the domain) we just demoted to another name to reflect its new role as DHCP only.
  •       Install ADDS role on new DC and promote the first new 2016 DC into the existing forest/domain with same name and IP as the secondary 2008 R2 that I demoted. Same name and IP to avoid having to repoint all the servers DNS/WINS to a new IP. Replication should take care of the DNS on the new DC. Should I delete the computer account from AD after demotion and recreate it when I promote the new 2016 DC?
  •       From what I read there is no need to run ADprep on Server 2008 R2 prior as the Server 2016 should prompt me if it needs it. The only requirements are that the new 2016 needs access to the Schema Master, etc. which it would have as it will be promoted to the same AD and IP subnet as the existing 2008 R2 DC with the FSMO roles.
  •       Verify that Group Policy still works and download new Group Policy templates for 2016.
  •       Transfer the FSMO roles from the existing primary 2008 R2 to the new 2016 DC after the Group Policy and Replication has been working for a few days.
  •       Turn off the existing 2008 R2 primary DC for a day or so to make sure nothing breaks.
  •       If everything worked then turn the 2008 R2 DC back on and uninstall AD roles (WINS, DNS, etc.) and demote that server, thus removing the last 2008 R2 DC.
  •       Replace (same name and IP) the primary 2008 R2 DC we just demoted with the second 2016 server – same procedure as before.
  •       Run everything for a few days.
  •       If there are no issues then raise FFL/DFL to 2016 (from 2008 R2).
Thoughts, concerns, issues. All insights greatly appreciated and thank you very much in advance for taking the time to share.
Laszlo DenesAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

timgreen7077Exchange EngineerCommented:
This look good. Looks like you covered all the bases. I don't really see anything you missed. Nice to-do list :)
Dariusz TykaICT Infrastructure Specialist Senior Commented:
What I miss in this plan is to rename and IP change for old primary domain controller that holds DHCP role. As you would like to use the same name/IP for new 2016 DC. Besides that it looks like a good plan to follow :-)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Laszlo DenesAuthor Commented:
LOL! And THIS is why I love posting here, because people catch stuff that I don't think of .... thanks.... I have amended the plan... :-)
Laszlo DenesAuthor Commented:
Thanks everyone appreciate it
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2016

From novice to tech pro — start learning today.