troubleshooting Question

Server 2012 AD migration to 2016 failed

Avatar of Devin
Devin asked on
Active DirectoryDNSWindows 10AzureWindows Server 2012
34 Comments1 Solution261 ViewsLast Modified:
It appears once again that i am playing the nonstop error game trying to migrate FSMO roles from 2012 to 2016. The site has an existing 2012 DC and I have spun up a new 2016 server to replace it.

I followed this doc https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/upgrade-domain-controllers
Step 10 is where i ran into my first issue. Domain could not be contacted or similar. I have been playing with this for 4 hours now and I cant remember all the hoops i have had to jumped through but this is my best recollection. After making sure both servers NIC DNS settings were good AND running
Set-ADComputer -Identity NewServerName -DNSHostName $null
then
Set-ADComputer -Identity NewServerName -DNSHostName NewServerName.domain.local
I was able to get past this point.

Step 11 looks correct as per the details provided in the doc.

Now, its time to demote the existing DC, sweet! Since the doc now sends me elsewhere I have a better docs that also goes though the demoting process without chasing URL's.
https://blogs.technet.microsoft.com/canitpro/2017/05/24/step-by-step-migrating-active-directory-fsmo-roles-from-windows-server-2012-r2-to-2016/

Starting from "Migrate FSMO Roles to windows server 2016 AD" I checked using
netdom query fsmo
that both the new and old DC showed the new DC as the current owner of all FSMO roles. I moved onto demoting the old DC "Uninstalling AD role from windows server 2012 R2".

Running
Uninstall-ADDSDomainController -DemoteOperationMasterRole -RemoveApplicationPartition
however was a different story. Once again I faced "Unable to contact the server". Yet again i played with DNS and set the old server to point to the new and the new server to point to the old. I believe this was the resolution to move forward.

Back at it again and I received this error "You indicated that this Active Directory domain controller is not the last domain controller for the domain. However, no other domain controller for that domain can be contacted". Again? DNS your killing me. I re-ran the same command with -IgnoreLastDCInDomainMismatch switch and, you guessed it "A domain controller could not be contacted for the domain".

I have to get this migration done today and this server is fighting me at every turn.
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 34 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 34 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros