Having issue migrating AD from 2008R2 to 2016

Hi Experts,

I am having an issue migrating AD from 2008R2 to 2016. Please help!
The environment is simple: one server 2008R2 hosted Exchange 2010, I have managed to migrate Exchange to one server 2016, after that, I started to migrate AD to another Windows2016,
I  promoted the new server to domain controller, but when I transfer fsmo role from 2008 to 2016, a couple of things broke, the first one I noticed was Group policy, I can no longer access group policy as it pops up a window saying "the network name cannot be found" on both DC, and on the new DC, Netlogon and Sysvol was never created. The second thing it broke was Exchange, Outlook (connection status says disconnected, and there was a authentication error) was unable to connect to new exchange, and on OWA and ECP, the webpages reture "The Active Directory server is not available", some errors were captured in eventlog, please see the attachment.

I had to transfer the fsmo role back to the 2008 server,cause the new DC seemed not working properly, as soon as I transferred them back, everything started to work again. any suggestion here? did i miss anything when i promote the new DC? i followed the video here, but i read somewhere else that i should have prepad? https://www.youtube.com/watch?v=RCX_1A_-UZU
LVL 11
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Adam BrownSr Solutions ArchitectCommented:
Have you migrated the 2008 Servers from FRS replication to DFS replication? You will need to do that before they can replicate to a 2016 DC. Also, make sure your Windows Firewalls are letting replication traffic through. Server 2008 can have some issues with the rules for AD replication not getting added properly, so try dropping the firewalls for testing and force replication from the 2008 server to the 2016 server.
Chirag NagrekarSystem AnalystCommented:
Great everything is working fine on DC after reverting.

Is DC and Exchange both are on same server ?
Is it physical or virtual ? If it is virtual then take snapshot before making changes.

If you exchange migrated successfully use below links for AD migration and roles migration.



Let us know your feedback on this.
MAS (MVE)EE Solution Guide - Technical Dept HeadCommented:
Hi manav08,
Please type "net share" from new DC, You should see sysvol and netlogon.
Please check this thread. This is a similar thread.

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

do not ever take snapshot of virtual machine running as AD and / or Exchange

You already know that sysvol and netlogon shares are not available on new DCs

U need to fix that 1st
what kind of sysvol you are running?
Can you let us know if file replication service is running on 2008 DC and 2016 DC
depending on your sysvol type (FRS or DFSR) you need to do sysvol non authoritative restore on 2016 DCs

FRS sysvol non authoritative restore

DFSR syvol non authoritative restore

In both cases your FSMO roles should be on 2008 DCs only

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
manav08Author Commented:
Thanks Adam!

We haven't migrated the 2008 Servers from FRS replication to DFS replication yet, isnt FRS supported by 2016 still? our 2016 is version 1607.
Firewall has been turned off on both servers on Domain network. but it still seemed not working.
manav08Author Commented:
Hi Mahesh,

the sysvol is running on FRS, and the replication services on 2008 and 2016 DC are both showing "running".

i have tried FRS sysvol non authoritative restore actually, but it was after i transferred fsmo role to 2016, and i did the restore in 2016.

now that the fsmo is on 2008, I will try the restore again.
After transferred fsmo to 2016 server how can you attempt non authoritative restore on 2016 server?
Note that you need to transfer fsmo to server where sysvol is healthy and then try non authoritative restore on other dc where you don't see sysvol
manav08Author Commented:
Thanks Mahesh! i tried auth restore on old server and non-auth restore on the new AD at the same time and it worked! now i have transferred fsmo and everything is working well, thank you so much!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2016

From novice to tech pro — start learning today.