Scribd
Upload
1K views9 pages

Step-By-Step Guide To Migrate From Active Directory 2012 R2 To Active Directory 2019 (Powershell Guide)

The document provides a step-by-step guide to migrate an Active Directory domain from Windows Server 2012 R2 to Windows Server 2019 using PowerShell. It outlines 12 steps for the migration process, including installing AD DS on the new server, configuring it as an additional domain controller, migrating FSMO roles, decommissioning the old domain controller, and raising the domain and forest functional levels. Key steps involve installing AD DS on the new Server 2019 system, configuring it as an additional domain controller, migrating the FSMO roles, decommissioning the old Server 2012 R2 DC, and raising the domain and forest functional levels.

Uploaded by

Suhaimi Mie
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
1K views9 pages

Step-By-Step Guide To Migrate From Active Directory 2012 R2 To Active Directory 2019 (Powershell Guide)

The document provides a step-by-step guide to migrate an Active Directory domain from Windows Server 2012 R2 to Windows Server 2019 using PowerShell. It outlines 12 steps for the migration process, including installing AD DS on the new server, configuring it as an additional domain controller, migrating FSMO roles, decommissioning the old domain controller, and raising the domain and forest functional levels. Key steps involve installing AD DS on the new Server 2019 system, configuring it as an additional domain controller, migrating the FSMO roles, decommissioning the old Server 2012 R2 DC, and raising the domain and forest functional levels.

Uploaded by

Suhaimi Mie
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Step-by-Step Guide to

Migrate from Active


Directory 2012 R2 to
Active Directory 2019
(PowerShell Guide)
Windows server 2019 was available for public (GA) from early oct
2018. In past i have written many articles about domain migrations by
covering different Active Directory versions. So, it is time me to write
about AD 2019 migrations. In this demo I am going to demonstrate
how to migrate from Active Directory 2012 R2 to Active Directory 2019.
The same procedure is going to apply for any AD version from
Windows Server 2008.   

Migration itself is very straight forward task. But there are other things
you need to consider before you do an AD migration. In below I listed
a checklist you can use in many occasions.

• Evaluate business requirement for active directory migration 


• Perform Audit on Existing Active Directory Infrastructure
• Provide Plan for implementation Process
• Prepare Physical / Virtual resources for Domain Controller
• Install Windows server 2019 Standard / Datacenter
• Patch Servers with latest Windows Updates
• Assign Dedicate IP address to Domain Controller
• Install AD DS Role
• Migrate Application and Server Roles from the Existing Domain
Controllers.
• Migrate FSMO roles to new Domain Controllers
• Add New Domain controllers to the Existing Monitoring system
• Add New Domain controllers to the Existing DR Solution
• Decommission old domain controllers 
• Raise the Domain and Forest Functional level
• On Going Maintenance 
As per the above figure therebeladmin.com domain has two domain
controllers.  In here, the FSMO role holder is running windows server
2012 R2. Domain and forest functional level currently operating at
Windows server 2012 R2. A new domain controller with Windows
server 2019 will be introduce and it will be the new FSMO role holder
for the domain. once FSMO role migration completed, Domain
controller running windows server 2012 R2 will be decommissioned.
After that forest and domain function level will raised to the windows
server 2019. 
In the demonstration, REBEL-DC2012 is the domain controller with
windows server 2012 R2 and REBEL-DC2016 is the domain controller
with windows server 2019. 
 
[su_note]When you introduce new domain controllers to the existing
infrastructure it is recommended to introduce to the forest root level
first and then go to the domain tree levels.[/su_note]
 
 
1. Log in to the Server 2019 as a member of local administrators
group. 
2. Add server to the existing domain as member
 

 
3. After restart, log in to the server as Enterprise Administrator
4. Assign static IP address to the server
5. Launch the PowerShell Console as an Administrator
6. Before the configuration process, we need to install the AD DS Role
in the given server. In order to do that we can use Following
command. 
 
Install-WindowsFeature –Name AD-Domain-Services
-IncludeManagementTools
 

 
7. Configure the new server as additional domain controller.
 
Install-ADDSDomainController
-CreateDnsDelegation:$false
-NoGlobalCatalog:$true
-InstallDns:$true
-DomainName "therebeladmin.com"
-SiteName "Default-First-Site-Name"
-ReplicationSourceDC "REBEL-DC2012.therebeladmin.com"
-DatabasePath "C:\Windows\NTDS"
-LogPath "C:\Windows\NTDS"
-NoRebootOnCompletion:$true
-SysvolPath "C:\Windows\SYSVOL"
-Force:$true
 
 
There are no line breaks for the command and I have listed it as above
to allow readers to identify on the parameters clearly.
 
Argument Description
Install-ADDSDomainController This cmdlet will install the domain
controller in active directory
infrastructure.
-NoGlobalCatalog If you do not need to create the
domain controller as global catalog
server, this parameter can use. By
default, system will enable global
catalog feature.
-SiteName This Parameter can use to define the
active directory site name.  the default
value is Default-First-Site-Name
-DomainName This parameter defines the FQDN for
the active directory domain.
-ReplicationSourceDC Using this parameter can define the
active directory replication source. By
default, it will use any available
domain controller. But if need we can
be specific.
Once execute the command it will ask
for SafeModeAdministrator Password. Please use complex password
to proceed. This will be used for DSRM.
8. After configuration completed, restart the system and log back in as
administrator to check the AD DS status. 
Get-Service adws,kdc,netlogon,dns

Will confirm the status of the AD DS service. 

Get-ADDomainController -Filter * |  Format-Table Name,


IPv4Address, Site

Will list down the domain controllers along with the IP address and
Sites it belongs to.

9. Migrate all five FSMO roles to the New domain controller using
following command,
Move-ADDirectoryServerOperationMasterRole -Identity REBEL-
DC2019 -OperationMasterRole SchemaMaster,
DomainNamingMaster, PDCEmulator, RIDMaster,
InfrastructureMaster
In above the REBEL-DC2019 is domain controller running with
windows server 2019. 
Once its completed, we can verify the new FSMO role holder using 

Netdom query fsmo

10. The new step of the process is to decommission the old windows
domain controller which running with windows server 2012 R2. To do
that execute the following command as enterprise administrator from
the relevant DC. 
Uninstall-ADDSDomainController -DemoteOperationMasterRole
-RemoveApplicationPartition

After execute the command it will ask to define password for the local
administrator account.

Once its completed it will be a member server of the


therebeladmin.com domain.

11. Next step is to raise the domain and forest functional level to
windows server 2019. To do that can use the following commands.

To upgrade domain functional levels

Set-ADDomainMode –identity therebeladmin.com -DomainMode


Windows2016Domain
To upgrade forest function levels

Set-ADForestMode -Identity therebeladmin.com -ForestMode


Windows2016Forest

[su_note]With windows server 2019, there is no domain or forest


functional level called windows2019. It is still 2016. [/su_note]

Now we have completed the migration from AD DS 2012R2 to AD DS


2019. Same steps apply when migrate from windows server 2008,
Windows server 2008 R2, Windows server 2012 & Windows server
2016.

12. After the migration completes, we still need to verify if its


completes successfully. 
Get-ADDomain | fl Name,DomainMode

This command will show the current Domain functional level of the
domain after the migration. 

Get-ADForest | fl Name,ForestMode

Above command will show the current forest functional level of the
domain. 
This marks the end of this blog post. Hope this was useful. If you have
any questions feel free to contact me on [email protected] also
follow me on twitter @rebeladm to get updates about new blog posts.

You might also like