• Status: Solved
  • Priority: High
  • Security: Public
  • Views: 67
  • Last Modified:

Having issue migrating AD from 2008R2 to 2016

Hi Experts,

I am having an issue migrating AD from 2008R2 to 2016. Please help!
The environment is simple: one server 2008R2 hosted Exchange 2010, I have managed to migrate Exchange to one server 2016, after that, I started to migrate AD to another Windows2016,
I  promoted the new server to domain controller, but when I transfer fsmo role from 2008 to 2016, a couple of things broke, the first one I noticed was Group policy, I can no longer access group policy as it pops up a window saying "the network name cannot be found" on both DC, and on the new DC, Netlogon and Sysvol was never created. The second thing it broke was Exchange, Outlook (connection status says disconnected, and there was a authentication error) was unable to connect to new exchange, and on OWA and ECP, the webpages reture "The Active Directory server is not available", some errors were captured in eventlog, please see the attachment.

I had to transfer the fsmo role back to the 2008 server,cause the new DC seemed not working properly, as soon as I transferred them back, everything started to work again. any suggestion here? did i miss anything when i promote the new DC? i followed the video here, but i read somewhere else that i should have prepad? https://www.youtube.com/watch?v=RCX_1A_-UZU
2018-04-29-12_03_04MAINSERVER1---Con.png
2018-04-29-11_59_07-MAINSERVER1---Co.png
0
manav08
Asked:
manav08
2 Solutions
 
Adam BrownSr Solutions ArchitectCommented:
Have you migrated the 2008 Servers from FRS replication to DFS replication? You will need to do that before they can replicate to a 2016 DC. Also, make sure your Windows Firewalls are letting replication traffic through. Server 2008 can have some issues with the rules for AD replication not getting added properly, so try dropping the firewalls for testing and force replication from the 2008 server to the 2016 server.
0
 
Chirag NagrekarSystem AnalystCommented:
Great everything is working fine on DC after reverting.

Is DC and Exchange both are on same server ?
Is it physical or virtual ? If it is virtual then take snapshot before making changes.

If you exchange migrated successfully use below links for AD migration and roles migration.

http://www.rebeladmin.com/2018/01/step-step-migration-guide-active-directory-2016-powershell-guide/

https://www.experts-exchange.com/articles/31173/How-to-Transfer-FSMO-Roles.html



Let us know your feedback on this.
0
 
MAS (MVE)Technical Department HeadCommented:
Hi manav08,
Please type "net share" from new DC, You should see sysvol and netlogon.
Please check this thread. This is a similar thread.
https://www.experts-exchange.com/questions/29062986/Installed-new-DC-promoted-and-transferred-fsmo-but-new-DC-not-fuctioning.html

Thanks
MAS
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
MaheshArchitectCommented:
do not ever take snapshot of virtual machine running as AD and / or Exchange

You already know that sysvol and netlogon shares are not available on new DCs

U need to fix that 1st
what kind of sysvol you are running?
Can you let us know if file replication service is running on 2008 DC and 2016 DC
depending on your sysvol type (FRS or DFSR) you need to do sysvol non authoritative restore on 2016 DCs

FRS sysvol non authoritative restore
https://support.microsoft.com/en-us/help/290762/using-the-burflags-registry-key-to-reinitialize-file-replication-servi

DFSR syvol non authoritative restore
https://www.experts-exchange.com/articles/17360/Active-Directory-DFSR-Sysvol-Authoritative-and-Non-Authoritative-Restore-Sequence.html

In both cases your FSMO roles should be on 2008 DCs only
0
 
manav08Author Commented:
Thanks Adam!

We haven't migrated the 2008 Servers from FRS replication to DFS replication yet, isnt FRS supported by 2016 still? our 2016 is version 1607.
Firewall has been turned off on both servers on Domain network. but it still seemed not working.
0
 
manav08Author Commented:
Hi Mahesh,

the sysvol is running on FRS, and the replication services on 2008 and 2016 DC are both showing "running".

i have tried FRS sysvol non authoritative restore actually, but it was after i transferred fsmo role to 2016, and i did the restore in 2016.

now that the fsmo is on 2008, I will try the restore again.
0
 
MaheshArchitectCommented:
After transferred fsmo to 2016 server how can you attempt non authoritative restore on 2016 server?
Note that you need to transfer fsmo to server where sysvol is healthy and then try non authoritative restore on other dc where you don't see sysvol
0
 
manav08Author Commented:
Thanks Mahesh! i tried auth restore on old server and non-auth restore on the new AD at the same time and it worked! now i have transferred fsmo and everything is working well, thank you so much!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now