Migrate Active Directory from Server 2012 R2 to Server 2016

This is very straight forward process, but make sure you test it 1st in your Test Environment.

I’m using 2 Hyper-V Machine, which is my Previous domain Server (Microsoft.lk.com).

1- Login to windows Server 2016 machine with local admin credentials, Open server manager dashboard, click Add Roles and features.

3

2 – Click Next, Choose “Role-based or feature-based installation” radio button and click Next, Scroll down and choose Active Directory Domain Services from server roles. When a new window appears, click Add Features, Click Next until confirm installation selections page, When an installation has been completed and server prompts you for further configuration, click Promote this server to a domain controller. (refer picture).

4
5
6
7
8
9
10
11
12
14

3 – Deployment Configuration interface, click Add a domain controller to an existing domain, then click select button and browse to Microsoft.lk.com, verify that credentials is Administrator, and then click Next. (refer picture).

6
3
4
5

4 – On the Domain Controller Options interface, verify that Domain Name System (DNS) server and Global Catalog (GC) is selected and fill up the Password for DSRM, and then click Next.

Screenshot (7)

5 – On the DNS Options interface, click Next

18

6 – on the Additional Options interface, beside the Replicate from : click Dc-Server.Microsoft.lk.com (this is our Server 2012 R2 AD), and then click Next.

Screenshot (8)
Screenshot (9)

7 – On the Paths interface, click Next to proceed.

20

8 – On the Preparation Options interface, click Next.

Screenshot (10)

9 – On the Reviews Options interface, verify all the information and then click Next.

Screenshot (11)

10 – On the Prerequisites Check interface, verify that All prerequisites checks passed successfully,  and then click Install.

Screenshot (12).png

11 – Please wait for few minutes for the process to complete.

Screenshot (13)

12 – Once your Server 2016 restart, log in as domain Administrator.

Screenshot (14)

13 – Follow this steps must :– Migrating FSMO (Flexible Single Master Operation) roles to Windows Server 2016.

Open active directory users and computers console. Right-click your domain and then click Operations Masters .

22 (1)

Open RID tab and click Change.

22 (2)

When you are asked for confirmation, click Yes.

22 (4)

Click OK.

22 (5)

Open PDC tab and click Change.

22 (6)

When you are asked for confirmation, click Yes.

22 (4)

Click OK.

22 (5)

Open Infrastructure tab and click Change.

22 (9)

When you are asked for confirmation, click Yes.

22 (10)

Click OK.

22 (11)

14 – Still on our Dc-Server.Microsoft.lk.com server, open Active Directory Domain and Trusts console, right click Active Directory Domain and Trusts and then click Change Active Directory Domain Controller.

15

15 – On the Change Directory Server interface, click This Domain Controller or AD LDS instance and then choose your new Windows Server 2016 which is DC-CLOUD.Microsoft.lk.com, and then click OK.

16

16 – On the Active Directory Domains and Trusts interface, hover over the Active Directory Domains and Trusts and verify that the server now reflects your new Windows server 2016 which is DC-CLOUD.Microsoft.lk.com.

17

17 – On the Active Directory Domains and Trusts interface, right click Active Directory Domains and Trusts found in the folder tree and select Operations Manager.

18

18 – In the Operations Master interface, click Change to transfer the domain naming master role to the Windows Server 2016.

19

19 – Click Yes when the wizard asked if you are sure you wish to transfer the operations master role to a different computer.

20

20 – Once the Operations Master is successfully transferred, click OK

21

21 – On the Operation Master interface, verify that Domain naming operations master is now transferred to DC-CLOUD.Microsoft.lk.com server.

22

22 – On the DC-CLOUD.Microsoft.lk.com server, open Command Prompt and then type regsvr32 schmmgmt.dll to change the Schema Master.

23
24

23 – Next we need to change Schema Master, on the DC-CLOUD.Microsoft.lk.com server, open Run Type MMC, click File and then click Add/Remove Snap-in.

25
26

24 – On the Add or Remove Snap-ins interface, click Active Directory Schema, click Add and then click OK.

27
28

25 – On the Console, right click Active Directory Schema and then click Change Active Directory Domain Controller.

29.png

26 – On the Change Directory Server interface, click This Domain Controller or AD LDS instance, click DC-CLOUD.Microsoft.lk.com server and then click OK.

30

27 – On the Active Directory Schema box just click OK to proceed.

31

28 – on the Console, right click Active Directory Schema and select Operations Master.

33

29 – On the Change Schema Master interface, click Change to transfer the schema master role to the Windows Server 2016 (DC-CLOUD.Microsoft.lk.com).

36

30 – When asked if you are sure you wish to transfer the schema master role to a different computer, just click Yes.

34

Once the schema master is successfully transferred, click OK to proceed.

35

31 – Verify the current schema master (online) is now DC-CLOUD.Microsoft.lk.com, and then click Close.

36

32 – Open PowerShell with elevated privileges and execute “netdom query fsmo” command. Check if all the five FSMO roles have been transferred to Active Directory Domain Controller Windows Server 2016.

37

33 – Uninstalling Active Directory Domain Services from Windows Server 2012 R2.

Login to Windows Server 2012 R2 machine with domain administrator credentials.

Open PowerShell with elevated privileges and execute command:

Uninstall-ADDSDomainController -DemoteOperationMasterRole –RemoveApplicationPartition

38

Provide the local administrator password and press enter.

40
41

Be patient. The operation will be completed in few minutes and server will be rebooted automatically.

43.png

34 – Upgrading Forest and Domain Functional Levels to Windows Server 2016.

Login to Windows Server 2016 domain controller, Open PowerShell with elevated privileges Execute command to change domain functional level,

Set-ADDomainMode –identity yourdomain.com –DomainMode Windows2016Domain

44
45
46

Login to Windows Server 2016 domain controller, Open PowerShell with elevated privileges Execute command to forest functional local,

Set-ADForestMode –identity yourdomain.com –ForestMode Windows2016Forest 

47
48
49

35 – Last step, confirm if domain and forest functional levels have really been changed. Execute command,

Get-ADDomain | fl Name, DomainMode

Get-ADForest | fl Name, ForestMode

53

Thank you!

Category: Active Directory 101, Windows Server 2012 /R2, Windows Server 2016