asked on

Active Directory 2008 Upgrade Path

I'm the new and only AD engineer in a mid-sized organization (6,000+ users). The environment is 2008 Forest and Domain Functional Levels with 3 DC's in the root domain (let's call it contoso.com) and 9 DC's in the single child domain (ad.contoso.com). All DC's in both domains are Windows Server 2008. The root domain is for all intents empty with are no resources and only a handful of user accounts for administrators. The ad.contoso.com domain contains all user objects, computer objects, member server objects, Exchange environment, etc.

For obvious reasons we need to upgrade the servers and functional levels. The mechanics of upgrade aren't a problem as I've done it before in other large organizations. My question is are there any unknown caveats going straight from Server 2008 to Server 2016 that I haven't discovered in my research or would it be better to migrate to 2012 or 2012 R2 first?

Adam Brown

The biggest issue is migrating SYSVOL to DFSr, which means that unless you do that before migrating, you can only use RS1 at most to do the migration. Every version of 2016 after that doesn't support FRS in any way.

Scott Silva

You will need to make sure you do a full conversion to DFSR from FRS. Although Microsoft claims 2016 supports FRS, I have seen at least a dozen failures from it.

https://www.mowasay.com/2017/06/guide-to-migrate-frs-to-dfsr/
https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Streamlined-Migration-of-FRS-to-DFSR-SYSVOL/ba-p/425405
After that you just do the standard steps... Add new servers, install AD services, and after everything is stable you start retiring the 2008 boxes... After all systems are replaced, then you can raise domain and forest function levels...

Paul Nickl

ASKER

Thank you very much Adam and Scott. Up to this point AD administration has been handled by the Systems Engineering team so I'm not sure how we got to Server 2008 from previous Windows versions and more importantly the current SYSVOL replication method. I'm willing to bet they didn't migrate from FRS to DFS but I'll add it to my list for research.

DrDave242

2016 does support FRS. Really, it does; I have plenty of firsthand experience with this. 2019 does not support FRS, and promotion of a 2019 server to a DC will be blocked if FRS is in use. You will absolutely want to migrate SYSVOL to DSFR as soon as you can, for a number of reasons, but FRS still works in 2016.

Scott Silva

I know it is supposed to work, but I have seen a dozen systems so far that had errors that could not be resolved without migrating off of FRS...

Paul Nickl

ASKER

I'm curious Scott, what were the circumstances with those FRS errors? What were the errors and what OS' were in AD at the time? What was throwing the errors, 2008 servers or 2012 or 2016?

Scott Silva

These were mostly older systems that have been migrated several times... Some started on 2008, a couple started back from 2003... All of them had most likely subtle corruptions that 2016 choked on...

Paul Nickl

ASKER

Understood, thank you Scott. My understanding is that all of our servers were clean builds on the current OS from birth. And the new DC's will be clean builds as well. As of now I still haven't found any other caveats to prevent going straight from 2008 to 2016.

ASKER CERTIFIED SOLUTION

Scott Silva

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Paul Nickl

ASKER

Thanks Adam, Scott, and DrDave. Current project time line is to complete this by September of this year. I'll update here any hiccups we come across in the process.