Link to home
Start Free TrialLog in
Avatar of Peterson50
Peterson50Flag for United States of America

asked on

Migrate AD from Windows Server 2012 to Windows 2019 on new hardware

Getting a new server in (Windows 2019) to replace an aging server with Windows 2012 on it.  Will install Hyper-V role on new server and setup Windows 2019 VM.  The existing server primarily is a file and share with Quickbooks on it not much of anything else.  What is the easiest way to move everything over to new server VM with new server now taking over all roles along with Server name / shares etc in a step by step process

Avatar of Michael Pfister
Michael Pfister
Flag of Germany image

Please clarify is the 2012 server a domain controller or not?

If its both, a domain controller and file server I'd split the roles: create 2 Windows Server 2019 VMs and let one be a domain controller, th e other one the member file server. Make things easier since you can easily rename a member server but not a domain controller.
SOLUTION
Avatar of arnold
arnold
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Peterson50

ASKER

Thanks for great info will create 2 vis (small one with 4gigs for DC) and second member server etc. Join to AD as DC , replicate etc Will follow steps of Arnold and Long tomorrow as starting it up and get back quickly.  Only roles on this server is DNS, AD (its not doing DHCP) very small construction office 10 people but lots of files that need to be maintained and drawings. 
Thanks for that step I will do the migrate AD Replication on the 2012 server from FRS to DFS-R first and make sure that is correct prior to anything else.  According to the documentation you send Windows Server 2016 will still utilizes FRS but 2019 requires the DFS-R prior to AD replication.  Time to read this weekend.

Thanks
How many DC's do you have?
if you only have one currently, you can perform the DFSmigrate.

Yes DFS-R was added witn windows 2003R2 though I think the dfsrmigrate of sysvol from FRS to DFS-R waited to windows 2008.

There are many advantages to the DFS-R (no jurnalling corruption, D2/D4 burflags that prevents the sharing of the netlogon/sysvol.
Any different steps to migrate to DFS as opposed to DFS-R
Two different items.
DFS Domain based Flle Share
You always had DFS as an option, the issue was how to get the same files to exist on multiple systems that share the same Name SPace. This is where NTFRS came into play

DFS-R is the replication component of the above, the replacement to the NTFRS.

Look at the administative tools on your win2k12 and see the DFS Management interface.
sysvol is just a special/restricted shared resource.

resolve the issue with the migration of ntfrs as the data replication mechanism to the dfs-R. and another/followup question we could help with the other questions you might have.
Yes. Server 2019 and up require DFSR for AD Replication. The process is really simple.

We've not had any issues.

I do suggest taking a System State Backup of the FSMO Role holder prior to starting the process.
Ran checks on current server AD no issues. Ran AD replication status no errors. Then started with Dfsrmig /setglobalstate 1 and got the following
Current DFSR global state: Eliminated
new DFSR global state: Prepared
Invalid state change requested

What causes this error 
Run dfsrmig /GetMigrationState
to see what the state first.

Did you confirm that NTRS is what handles your sysvol replication?
I ran  dfsrmig /GetMigrationState and get the following:
All domain controllers have migrated successfully to the Global state ('Eliminated') Migration has reached a consistent state on all domain controllers
Succeeded

Ran ADSI Edit and looking at the msDFRS-Flags set to 48 indicates it is migrated properly.  Ran Dcdiag and passed all tests no errors.  Will start second step and add the 2019 server to domain and promoting it should take place properly.  Going well at this point!! 
I think this suggests that your setup was already using DFSR for sysvol.
Connection of first VM running AD went fine.  Connected to AD and everything replicated fine no errors in the database.  Getting ready to create second VM for file share and print.  It needs about 2.5TB of space.  The question is should the vhdx be fixed disk or dynamic?  Is their a huge performance difference between the two and what issues are there with power outages etc? Microsoft best practices recommends fixed disk over dynamic.

Thanks Much
2.5TB Max size

An fixed allocation consumes the entire resource. A fina ic vhdx will consume fewer storage resources from the begining, but will consume computing resources everytime it approaches and needs to expand.

How much data is currently on the 2012 that you would use dfsr to copy?

If your current space is 75% of the 2.5TB use fixed.
The Raid on New Server is at 5.45TB (8GB Raid), the current amount of actual data on old server to copy is is 2.1TB, I was considering making a 4TB fixed VHDX.  So your suggestion is right on spot. 
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I read the Best Practices and Hyper-V Performance Expections in entirety and followed the suggestions (including NIC and memory). first two volumes which are small are fixed vhdx and last one is dynamic vhdx as having to move it around it around would be easier.  When the original server crashed, I had to download 1.7TB of data on makeshift server as immediate access was needed to some files, that took time.  If it was a 4TB vhdx file that would have been a longer time and running around for drive for temporary storage so your suggestions work. Both VM servers are up and running fine, no AD issues or errors. Shares are created with proper permissions now will need to copy shares data using DFS (or sometimes I like to use beyond compare)

Final steps before decommissioning old server (may still use it as backup for Hyper-V)
Move 5 FSMO roles over
Schema
Domain Master
Infrastructure
RID
PDC

After this I can successfully remove active domain controller from old server and decommission it correct?
Thanks for all the help much appreciated.
Once the FSMO Roles are moved over and verified to be seated correctly, then the next step is to make sure DHCP is handing out IPs and DNS pointers for only the new DC and if there are others at least one other.

Then, shut down the old DC for a week. Watch for, and get calls from users, anything that may be set up to point to the old DC. This is possible given the way some LoBs are set up.

Make sure all server's have their NIC DNS moved to the new DC.
Enter-PSSession SERVERNAME
$DNS0 = "192.168.1.93"
$DNS1 = "192.168.1.92"
Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses $DNS0,$DNS1
Exit

Open in new window


If there's only one DC then delete the $DNS1 and ,$DNS1 from the lines above. Change the IP(s) as necessary. SERVERNAME gets replaced with the intended server.

The above code must be run from an elevated PowerShell using an admin account for any of the remote servers being connected to.
Personally, before shuting down the retiring DC, I would simply disconnect it from the network,  turn off network Switch port. turnartound is quicker if remote.
Performed an initial copy of data and tested access of shares and everything looks fine, will perform final replication this evening.  Reviewing FSMO transfer, when looking at the Domain Naming Master it shows an error message (picture attached) and only shows the current DC in both fields current and the new one.  What may cause this error.

Thank YouUser generated image
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial

Open in new window

As an update

1. I ran ADUC and was able to transfer RID PDC and Infrastructure roles
2. Initially I had the error I mentioned above, but I attempted to run the Operations Master while on the old server and it did display the new server and it changed (previously I got the error message on the new server DC)
3. Last one was Schema Master and when attempting to make the change it only shows the old server for both masters
4. I then ran the above two GET commands on the old server and the response is attached.  It shows the PDC,RID,Infra and DomainNaming all show the (RC-DC01) new server but the old server (Server01) as the schema master. The next message will show the new server after running the GET commands User generated imageUser generated image
This is the message I get on the new server when running those GET commands in Powershell User generated imageyou will notice Domain Master seems missing
My mistake I typed in the wrong command on the new server, as you can see on the attached picture it has the exact same information as the old server, only the schema master did not go over.  I'm getting punch drunk been up late

User generated image
I finally got in done using Move-ADDirectoryServerOperationMasterRole command with SchemaMaster as option.  All roles now show up with the new server.  Do I just power down the server, restart it or remove AD off it.  I plan to repurpose it for another role just not DC.  Or should I pull the plug for an hour or two and see if anyone starts yelling at me first?

Thanks much for great help!!
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
If I disconnect it won't I get replication errors or that is okay for the time being? After a week power the unit back on and remove AD from the unit?
Yes, there will be replication errors.
You do not need to power down, network disconnect is sufficient.

Usually, you should have two DCs..