Fabio Rosiglioni
asked on
Migrate Active Directory Server 2003 to Active Directory Server 2016
I have to migrate the windows 2003 32bit servers (yes I know, it was time!) with domain controller role to the windows 2016 64bit servers. I have read several documents on the procedure to follow. But I would like a confirmation on the procedure to follow according to my reality.
o 2 SQL server Win 2008 (site C)
I thought of following this procedure:
Step 1. Install 6 new Windows Servers 2016, 2 for each site. (named DC1, DC2, DC3, DC4, DC5, DC6).
Step 2. Assign the new IP Address in Servers 2016.
Step 3. Join all new Windows Servers 2016 to AD 2003 Domain.
Step 4. Login to Servers 2016 with the Domain Administrator account.
Step 5. Raise the Domain & Forest Functional Levels on AD Server 2003.
Q: Do I have to perform this procedure on all 2003 servers or is it sufficient on the primary domain controller?
Step 6. Add Active Directory Domain Services to Server 2016. I do it for all new servers.
Step 7. Promote Server 2016 to Domain Controller. I do it for all new servers.
Step 8. Transfer the Operation Masters Role to Server 2016 . From AD1 (2003) to DC1 (2016).
Step 9. Change the Active Directory Domain Controller to Server 2016. From AD1 (2003) to DC1 (2016).
Step 10. Change the Domain Naming Master to Server 2016. From AD1 (2003) to DC1 (2016).
Step 11. Change the Schema Master to Server 2016. From AD1 (2003) to DC1 (2016).
Step 12. Verify that all FSMO Roles have transferred to Server 2016.
Step 13. Remove Server 2003 from Global Catalog.
Q: Do I have to perform this procedure on all 2003 servers or is it sufficient on the primary domain controller?
Step 14. Change the Preferred DNS Address on Servers 2003 to match Server's 2016 IP.
AD1, AD2 > DC1;
AD3, AD4 > DC3;
AD5, AD6 > DC5;
Step 15. Demote Server 2003 from Domain Controller. (all servers 2003)
Step 16. Change static IP addresses on servers 2003 and servers 2016, assigning new IP addresses to old 2003 servers and previously used IP addresses to 2016 servers. This in order not to have to reconfigure all the devices with static IP (not in DHCP).
Step 17. Login to Active Directory 2016 from the Workstations.
Q: Do I have to finish the whole procedure for all servers before connecting with workstations or can I also connect during the procedure?
Step 18. (Optional) Remove all Servers 2003 from the Domain & Network.
The clients are for 90% windows 10 Pro, 9% windows 7 Pro and for 1% windows XP Pro SP3 and 2 (I can't update these machines because they have industrial software dedicated to laboratory equipment.)
Q: Do XP computers work in a domain with DC windows server 2016?
Q: Should I expect something else?
Fabio
o 2 SQL server Win 2008 (site C)
I thought of following this procedure:
Step 1. Install 6 new Windows Servers 2016, 2 for each site. (named DC1, DC2, DC3, DC4, DC5, DC6).
Step 2. Assign the new IP Address in Servers 2016.
Step 3. Join all new Windows Servers 2016 to AD 2003 Domain.
Step 4. Login to Servers 2016 with the Domain Administrator account.
Step 5. Raise the Domain & Forest Functional Levels on AD Server 2003.
Q: Do I have to perform this procedure on all 2003 servers or is it sufficient on the primary domain controller?
Step 6. Add Active Directory Domain Services to Server 2016. I do it for all new servers.
Step 7. Promote Server 2016 to Domain Controller. I do it for all new servers.
Step 8. Transfer the Operation Masters Role to Server 2016 . From AD1 (2003) to DC1 (2016).
Step 9. Change the Active Directory Domain Controller to Server 2016. From AD1 (2003) to DC1 (2016).
Step 10. Change the Domain Naming Master to Server 2016. From AD1 (2003) to DC1 (2016).
Step 11. Change the Schema Master to Server 2016. From AD1 (2003) to DC1 (2016).
Step 12. Verify that all FSMO Roles have transferred to Server 2016.
Step 13. Remove Server 2003 from Global Catalog.
Q: Do I have to perform this procedure on all 2003 servers or is it sufficient on the primary domain controller?
Step 14. Change the Preferred DNS Address on Servers 2003 to match Server's 2016 IP.
AD1, AD2 > DC1;
AD3, AD4 > DC3;
AD5, AD6 > DC5;
Step 15. Demote Server 2003 from Domain Controller. (all servers 2003)
Step 16. Change static IP addresses on servers 2003 and servers 2016, assigning new IP addresses to old 2003 servers and previously used IP addresses to 2016 servers. This in order not to have to reconfigure all the devices with static IP (not in DHCP).
Step 17. Login to Active Directory 2016 from the Workstations.
Q: Do I have to finish the whole procedure for all servers before connecting with workstations or can I also connect during the procedure?
Step 18. (Optional) Remove all Servers 2003 from the Domain & Network.
The clients are for 90% windows 10 Pro, 9% windows 7 Pro and for 1% windows XP Pro SP3 and 2 (I can't update these machines because they have industrial software dedicated to laboratory equipment.)
Q: Do XP computers work in a domain with DC windows server 2016?
Q: Should I expect something else?
Fabio
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
to kevinhsieh
Do your DCs do anything else besides AD related stuff?DCs perform only the roles listed above: DC, AD services, DNS, WINS, DHCP
It is easier if your 2016 DC takes the IP address of the 2003 server it is replacing. Just give the 2003 DC a new IP. Give the 2016 DC the old IP and reboot. No need to update WINS or DNS or DHCP settingsIn which step it is recommended to "exchange" the addresses?
ASKER
to Seth Simmons
Is it the only way?
I read somewhere that direct migration was possible after step 5 (Raise the Domain & Forest Functional Levels on AD Server 2003)
https://techencyclopedia.wordpress.com/2017/02/02/windows-server-migration-2003-to-2016/
But in the following article I find confirmation in your words
https://docs.microsoft.com/it-it/windows-server/identity/ad-ds/active-directory-functional-levels
Do you all agree with Seth Simmons that I first have to step into Server 2012 or does anyone know of alternatives?
you will need to take steps first to get to 2016 because of dependencies
at some point you need to migrate from FRS to DFSR which requires your functional level to be at least 2008 meaning you have to get off 2003 servers first. also, 2016 domain controllers don't support a 2003 functional level (your step 3 and subsequent steps won't work) so your best bet is to install 2012 R2 first as a domain controller, decommission the 2003 server(s) then raise the forest/domain functional level to do the FRS -> DFSR migration prior to the 2016 domain controller install. 2012 R2 is the highest supported domain controller version that will work to co-exist with 2003. it will be a longer process but you have to do that to get to where you want to be.
Is it the only way?
I read somewhere that direct migration was possible after step 5 (Raise the Domain & Forest Functional Levels on AD Server 2003)
https://techencyclopedia.wordpress.com/2017/02/02/windows-server-migration-2003-to-2016/
But in the following article I find confirmation in your words
https://docs.microsoft.com/it-it/windows-server/identity/ad-ds/active-directory-functional-levels
Do you all agree with Seth Simmons that I first have to step into Server 2012 or does anyone know of alternatives?
Windows 2016 DCs can be added to a domain at 2003 functional level.
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/upgrade-domain-controllers
"Windows Server 2016 requires a Windows Server 2003 forest functional level. That is, before you can add a domain controller that runs Windows Server 2016 to an existing Active Directory forest, the forest functional level must be Windows Server 2003 or higher. If the forest contains domain controllers running Windows Server 2003 or later but the forest functional level is still Windows 2000, the installation is also blocked. "
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/upgrade-domain-controllers
"Windows Server 2016 requires a Windows Server 2003 forest functional level. That is, before you can add a domain controller that runs Windows Server 2016 to an existing Active Directory forest, the forest functional level must be Windows Server 2003 or higher. If the forest contains domain controllers running Windows Server 2003 or later but the forest functional level is still Windows 2000, the installation is also blocked. "
It's a common misconception that Server 2016 doesn't support FRS for SYSVOL. Server 2016 domain controllers can still use FRS; 2019 DCs cannot. In fact, if you try to promote a 2019 DC in a domain that still uses FRS for SYSVOL, you'll get a blocking error telling you exactly why this won't work. If you're only promoting 2016 DCs, though, you can wait to migrate SYSVOL from FRS to DFSR until after everything else is done. You should still perform that migration at some point, though; DFSR is better than FRS in every conceivable way - and, as mentioned, FRS is no longer supported in 2019.
You don't have to complicate things. Just install new servers and promote them. After that, migrate FSMO roles from DC2003 to DC2016. Then demote old servers. After they are gone, migrate from FRS to DFSR and raise domain and forest functional level to Windows Server 2016.
How to transfer FSMO roles:
How to migrate from FRS to DFSR:
1. Perform on all DCs: Server Manager -> Manage -> Add Roles and Features -> select the DFS Replication role -> Install
2. Then run from the PDC:
How to raise DFL or FFL:
1. For Domain: Active Directory Users and Computers -> Right-click on your domain -> Raise Domain Functional Level -> Windows Server 2016
2. For Forest: Active Directory Sites and Trusts -> Right-click on Active Directory Sites and Trusts -> Raise Forest Functional Level -> Windows Server 2016
How to demote/remove old DCs:
1. Uninstall ADDS role from all servers (dcpromo)
2. Delete old DCs from Active Directory Users and Computers.
3. Then run metadata cleanup:
How to transfer FSMO roles:
C:\Windows>ntdsutil
ntdsutil: roles
fsmo maintenance: connections
server connections: connect to server <new_server>
server connections: q
fsmo maintenance: Transfer domain naming master
fsmo maintenance: Transfer infrastructure master
fsmo maintenance: Transfer PDC
fsmo maintenance: Transfer RID master
fsmo maintenance: Transfer schema master
How to migrate from FRS to DFSR:
1. Perform on all DCs: Server Manager -> Manage -> Add Roles and Features -> select the DFS Replication role -> Install
2. Then run from the PDC:
Dfsrmig /setglobalstate 1
Dfsrmig /getmigrationstate
Dfsrmig /setglobalstate 2
Dfsrmig /getmigrationstate
Dfsrmig /setglobalstate 3
Dfsrmig /getmigrationstate
How to raise DFL or FFL:
1. For Domain: Active Directory Users and Computers -> Right-click on your domain -> Raise Domain Functional Level -> Windows Server 2016
2. For Forest: Active Directory Sites and Trusts -> Right-click on Active Directory Sites and Trusts -> Raise Forest Functional Level -> Windows Server 2016
How to demote/remove old DCs:
1. Uninstall ADDS role from all servers (dcpromo)
2. Delete old DCs from Active Directory Users and Computers.
3. Then run metadata cleanup:
ntdsutil
metadata cleanup
remove selected server <servername>
4. After that, check there are no entries in DNS, Active Directory Sites and Services, Active Directory Domains and Trust. If you find any, delete them.
Yes, you can essentially swap IPs between old and new DCs, though I just give the old DC a new IP. No need to change it twice, since the idea is to get the old DC out of the way on a new IP, and then if all goes well demote it.
In adition to everyting already mentioned, you need to properly configure time sync on new DCs. Make sure time sync between host and DC as a VM is properly configured (usually disabled). Set PDC emulator to sync to a reliable time source.
In adition to everyting already mentioned, you need to properly configure time sync on new DCs. Make sure time sync between host and DC as a VM is properly configured (usually disabled). Set PDC emulator to sync to a reliable time source.
Windows 2016 DCs can be added to a domain at 2003 functional level.shame on microsoft for contradicting their own documentation
2003 functional level shows 2003-2012 R2 domain controller support
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels
Aer you using physical servers and possibly transitioning to virtual Machines?
The straight forward way with virtual machines is as noted deploy a windows server 2012 at each site)
This will achieve a seemless transition. as the 2012 can be joined to a 2003 AD as another DC.
If you have a VLCS license for windows server 2016 the 2012 is part of the coverage.
you can then promote the 2012 to the have the master and GC roles.
update the DHCP options pushed to clients to include the new DC ips.
update the static servers to point to the 2012 Dcs for DNS.
disconnect the 2003 from the network to confirm no issues,
update sites and services to make sure they see the new Dcs at each location.
Before going to 2016 you have to as suggested have to change the sysvol replication scheme from FRS to DFS-R.
On this track, if you have any NTFRS replication between and among the sites, they too will need to be converted.
Once you've achieved this, transition, you can manage in the same way the addition of the 2016 DC at a
If your 2003 are 2003 R2 that include the DFS-R option, it might be possible to convert the sysvol replication......from FRS to DFS-R. but all the DCs have to be 2003R2.
The straight forward way with virtual machines is as noted deploy a windows server 2012 at each site)
This will achieve a seemless transition. as the 2012 can be joined to a 2003 AD as another DC.
If you have a VLCS license for windows server 2016 the 2012 is part of the coverage.
you can then promote the 2012 to the have the master and GC roles.
update the DHCP options pushed to clients to include the new DC ips.
update the static servers to point to the 2012 Dcs for DNS.
disconnect the 2003 from the network to confirm no issues,
update sites and services to make sure they see the new Dcs at each location.
Before going to 2016 you have to as suggested have to change the sysvol replication scheme from FRS to DFS-R.
On this track, if you have any NTFRS replication between and among the sites, they too will need to be converted.
Once you've achieved this, transition, you can manage in the same way the addition of the 2016 DC at a
If your 2003 are 2003 R2 that include the DFS-R option, it might be possible to convert the sysvol replication......from FRS to DFS-R. but all the DCs have to be 2003R2.
Before going to 2016 you have to as suggested have to change the sysvol replication scheme from FRS to DFS-R.
Nope, this is only if you're promoting a 2019 DC. 2016 DCs can still use FRS.
If your 2003 are 2003 R2 that include the DFS-R option, it might be possible to convert the sysvol replication......from FRS to DFS-R. but all the DCs have to be 2003R2.
2003 R2 did include DFSR, but not for SYSVOL. The DCs have to be running at least 2008 in order to use DFSR to replicate SYSVOL.
Agree with Hello There.
but step3 is required only if the server is not properly demoted.
I.e. 3. Then run metadata cleanup
but step3 is required only if the server is not properly demoted.
I.e. 3. Then run metadata cleanup
Why wait till 2019 and not do a clean migration to DFSR at the first available opportunity.
The sysvol was not handled by DFSR on windows2003, but the availability of DFSR on 2003R2 makes things possible to if needed setup a DFSR replication group with the sysvol as the base and the one on the 2003 as the reference...
This ties into the presence and migration of any shares that currently exist on the 2003 platform that need to be migrated to the new one.
Do not see this as a disagreement, but options.
The sysvol was not handled by DFSR on windows2003, but the availability of DFSR on 2003R2 makes things possible to if needed setup a DFSR replication group with the sysvol as the base and the one on the 2003 as the reference...
This ties into the presence and migration of any shares that currently exist on the 2003 platform that need to be migrated to the new one.
Do not see this as a disagreement, but options.
Why wait till 2019 and not do a clean migration to DFSR at the first available opportunity.
Right; I absolutely agree that it should be done, and there's no need to wait until you're about to promote a 2019 DC to do it. I'm bringing it up for the sake of simplicity, though. Since 2016 still supports FRS, you don't have to migrate ahead of promoting the 2016 domain controllers. This has two benefits:
- You don't have to worry about whether it's actually possible to migrate SYSVOL to DFSR in 2003 R2. (I don't think it is, although it may be possible to jury-rig something.)
- You don't have to promote a DC running an intermediate version in order to make it happen. Simply perform the migration using the supported procedure after the 2003 R2 DCs are long gone.
So in this case, it's easier to wait until everything else is done before migrating SYSVOL.
I think that is the issue whether a 2016 DC can exist in a 2003 AD.
thus the suggestion to add at least one DC in each site with 2012 and have a test while the 2003's are offline.
time is potentially the issue at hand...
thus the suggestion to add at least one DC in each site with 2012 and have a test while the 2003's are offline.
time is potentially the issue at hand...
It is NOT POSSIBLE to have a 2019 DC and 2003 DC coexist in domain. Full stop.
https://techcommunity.microsoft.com/t5/storage-at-microsoft/streamlined-migration-of-frs-to-dfsr-sysvol/ba-p/425405
"It is done; Windows Server 2016 RS1 is the last version that will allow FRS - RS3 no longer includes the binaries."
You can't do the FRS to DFSR migration until the domain functional level is at least 2008. You cannot successfully introduce a 2019 DC until the migration is done to DFSR for SYSVOL replication.
If the goal is to get to 2019, then you need to make a stop off at some intermediate OS for the DCs. If the goal is to get to Windows 2016 for the DCs, you can go straight there.
See the link in this post for the instructions on getting from FRS to DFSR.
https://techcommunity.microsoft.com/t5/storage-at-microsoft/streamlined-migration-of-frs-to-dfsr-sysvol/ba-p/425405
"It is done; Windows Server 2016 RS1 is the last version that will allow FRS - RS3 no longer includes the binaries."
You can't do the FRS to DFSR migration until the domain functional level is at least 2008. You cannot successfully introduce a 2019 DC until the migration is done to DFSR for SYSVOL replication.
If the goal is to get to 2019, then you need to make a stop off at some intermediate OS for the DCs. If the goal is to get to Windows 2016 for the DCs, you can go straight there.
See the link in this post for the instructions on getting from FRS to DFSR.
It is NOT POSSIBLE to have a 2019 DC and 2003 DC coexist in domain. Full stop.
Agreed. They're only going to 2016, though, so there shouldn't be a problem.
ASKER
Thanks a lot of information.
Summing up:
The procedure will be:
Step 1 Install 6 new Windows Servers 2016, 2 for each site. (named DC1, DC2, DC3, DC4, DC5, DC6).
Step 2 Raise the Domain & Forest Functional Levels on AD Server 2003.
Step 3 Join all-new Windows Servers 2016 to the domain.
Step 4. Promote one Server 2016 to Domain Controller. DC1 (2016).
Step 5.Transfer FSMO roles from 2003 to 2016. From AD1 (2003) to DC1 (2016).
Step 6 Promote the other 5 Servers 2016 to Domain Controller level.
Step 7 Demote/remove all old 2003 DCs and remove Server 2003 from Global Catalog (on all servers)
Step 8 I swap the IPs:
Step 9 The 2016 servers are operational, the 2003 servers are off, I proceed with:
Step 10 Check there are no entries in DNS, Active Directory Sites and Services, Active Directory Domains and Trust of old 2003 DCs. In case I find them, I delete them.
Q2: As I have illustrated, the domain is extended in 3 sites, do you recommend carrying out the procedure in the shortest time possible or breaking it into several stages?
Q3: Clients, file servers, SQL servers, etc. will they work regularly after the change of DCs in 2016, or do I have to perform any procedures?
Q4: The old servers are virtual machines, if something went wrong after step 4, is it possible to restore a previous state?
Summing up:
- It is confirmed that an intermediate step to server 2012 is not required, Windows 2016 DCs can be added to a domain at 2003 functional level, if I first raise the forest level to Windows Server 2003. (Note I don't have 2003R2).
- After the last 2003 server has been demoted from the domain I migrate the SYSVOL from FRS to DFSR and the AD from DFL to FFL.
The procedure will be:
Step 1 Install 6 new Windows Servers 2016, 2 for each site. (named DC1, DC2, DC3, DC4, DC5, DC6).
Assign the new IP Address in Servers 2016
Enable SMB 1
I configure the time sync of all the 2003 and 2016 servers
Step 2 Raise the Domain & Forest Functional Levels on AD Server 2003.
I do this procedure on the primary domain controller only
Q1: After this operation, do clients and everything else continue to function regularly? No other action is required? In other words: can I prepare this phase a few days before the next steps?
Step 3 Join all-new Windows Servers 2016 to the domain.
Step 4. Promote one Server 2016 to Domain Controller. DC1 (2016).
Step 5.Transfer FSMO roles from 2003 to 2016. From AD1 (2003) to DC1 (2016).
Using the commands documented by Hello There
Step 6 Promote the other 5 Servers 2016 to Domain Controller level.
Step 7 Demote/remove all old 2003 DCs and remove Server 2003 from Global Catalog (on all servers)
Using the commands documented by Hello There
Step 8 I swap the IPs:
assigning new IP addresses to old 2003 servers
assigning previously used IPs addresses to 2016 servers.
Step 9 The 2016 servers are operational, the 2003 servers are off, I proceed with:
migrate the SYSVOL from FRS to DFSR
raise the AD from DFL to FFL.
as shown Hello There
Step 10 Check there are no entries in DNS, Active Directory Sites and Services, Active Directory Domains and Trust of old 2003 DCs. In case I find them, I delete them.
Q2: As I have illustrated, the domain is extended in 3 sites, do you recommend carrying out the procedure in the shortest time possible or breaking it into several stages?
Q3: Clients, file servers, SQL servers, etc. will they work regularly after the change of DCs in 2016, or do I have to perform any procedures?
Q4: The old servers are virtual machines, if something went wrong after step 4, is it possible to restore a previous state?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You can join servers running any os as a member server at any time.
You would need to run adprep32 from the 2016 media to update schema, domain, gpo in the ad on the primary dc.
Personally. I would not go down ip swap ...route. note you will be going down this road after you confirmed everything is functioning as expected.
Why go down this road?
You could script the name server list update on servers with static ips.
Once you demote, you should not restore DCs as it will run into issues.
Conflict it counter/ids..
Updating the name server list will maintain functionality.
You would need to run adprep32 from the 2016 media to update schema, domain, gpo in the ad on the primary dc.
Personally. I would not go down ip swap ...route. note you will be going down this road after you confirmed everything is functioning as expected.
Why go down this road?
You could script the name server list update on servers with static ips.
Once you demote, you should not restore DCs as it will run into issues.
Conflict it counter/ids..
Updating the name server list will maintain functionality.
I will disagree with Arnold here. Swapping IPs is trivially easy, and easy to undo, which makes it a low risk activity.
I have a small enterprise environment. The IP addresses of my DCs are stored in literally thousands of locations between DHCP relay agents, DHCP scopes for DNS, NTP entries, static IP assignments, firewall settings and firewall rules, and wierd postfix settings. It would be impossible for me to fully successfully migrate from one set of IPs to another in any reasonable amount of time.
I once had a linux system query a specific DNS server about once a month for what looked like a mail setting. We never found the entry. I didn't get the DNS server retired until we retired the linux box several years later.
I have a small enterprise environment. The IP addresses of my DCs are stored in literally thousands of locations between DHCP relay agents, DHCP scopes for DNS, NTP entries, static IP assignments, firewall settings and firewall rules, and wierd postfix settings. It would be impossible for me to fully successfully migrate from one set of IPs to another in any reasonable amount of time.
I once had a linux system query a specific DNS server about once a month for what looked like a mail setting. We never found the entry. I didn't get the DNS server retired until we retired the linux box several years later.
ASKER
Ok thanks guys.
I have to plan the job by June, if I need help I will contact you.
Fabio
I have to plan the job by June, if I need help I will contact you.
Fabio
I feel the question should be closed differently.
Comments above provide relevant information to the author's questions. I would mark these comments because:
1. The author also made a conclusion based on these comments that he was going to follow (here: https://www.experts-exchange.com/questions/29182699/Migrate-Active-Directory-Server-2003-to-Active-Directory-Server-2016.html#a43090424 )
2. These answers are general steps the author had to do to succeed
Comments that provided relevant info:
https://www.experts-exchange.com/questions/29182699/Migrate-Active-Directory-Server-2003-to-Active-Directory-Server-2016.html#a43089947
https://www.experts-exchange.com/questions/29182699/Migrate-Active-Directory-Server-2003-to-Active-Directory-Server-2016.html#a43089949
https://www.experts-exchange.com/questions/29182699/Migrate-Active-Directory-Server-2003-to-Active-Directory-Server-2016.html#a43089951
https://www.experts-exchange.com/questions/29182699/Migrate-Active-Directory-Server-2003-to-Active-Directory-Server-2016.html#a43089988
https://www.experts-exchange.com/questions/29182699/Migrate-Active-Directory-Server-2003-to-Active-Directory-Server-2016.html#a43090012
https://www.experts-exchange.com/questions/29182699/Migrate-Active-Directory-Server-2003-to-Active-Directory-Server-2016.html#a43090076
https://www.experts-exchange.com/questions/29182699/Migrate-Active-Directory-Server-2003-to-Active-Directory-Server-2016.html#a43090090
https://www.experts-exchange.com/questions/29182699/Migrate-Active-Directory-Server-2003-to-Active-Directory-Server-2016.html#a43090477
Comments above provide relevant information to the author's questions. I would mark these comments because:
1. The author also made a conclusion based on these comments that he was going to follow (here: https://www.experts-exchange.com/questions/29182699/Migrate-Active-Directory-Server-2003-to-Active-Directory-Server-2016.html#a43090424 )
2. These answers are general steps the author had to do to succeed
Comments that provided relevant info:
https://www.experts-exchange.com/questions/29182699/Migrate-Active-Directory-Server-2003-to-Active-Directory-Server-2016.html#a43089947
https://www.experts-exchange.com/questions/29182699/Migrate-Active-Directory-Server-2003-to-Active-Directory-Server-2016.html#a43089949
https://www.experts-exchange.com/questions/29182699/Migrate-Active-Directory-Server-2003-to-Active-Directory-Server-2016.html#a43089951
https://www.experts-exchange.com/questions/29182699/Migrate-Active-Directory-Server-2003-to-Active-Directory-Server-2016.html#a43089988
https://www.experts-exchange.com/questions/29182699/Migrate-Active-Directory-Server-2003-to-Active-Directory-Server-2016.html#a43090012
https://www.experts-exchange.com/questions/29182699/Migrate-Active-Directory-Server-2003-to-Active-Directory-Server-2016.html#a43090076
https://www.experts-exchange.com/questions/29182699/Migrate-Active-Directory-Server-2003-to-Active-Directory-Server-2016.html#a43090090
https://www.experts-exchange.com/questions/29182699/Migrate-Active-Directory-Server-2003-to-Active-Directory-Server-2016.html#a43090477
ASKER
I made the migration following the steps indicated with complete success. Perfect.
Thank you for your feedback. Please mark all posts that were a solution for you as "Yes. This is my solution." You can mark multiple answers.
at some point you need to migrate from FRS to DFSR which requires your functional level to be at least 2008 meaning you have to get off 2003 servers first. also, 2016 domain controllers don't support a 2003 functional level (your step 3 and subsequent steps won't work) so your best bet is to install 2012 R2 first as a domain controller, decommission the 2003 server(s) then raise the forest/domain functional level to do the FRS -> DFSR migration prior to the 2016 domain controller install. 2012 R2 is the highest supported domain controller version that will work to co-exist with 2003. it will be a longer process but you have to do that to get to where you want to be.