Windows 2016 Migration Step-by-Step Guide

In this article I will explain how to upgrade your test lab environment to Windows Server 2016, but unfortunately the Windows 2016 Migration Guides from Microsoft is still under development…

I using my Automation Tool it’s easy for me to spin up or simply replace servers in my testlab, but Roles & Features like Active Directory, DNS, DHCP, ADFS, CA and File Shares are things that I want to be controlled by PowerShell, for example migration Windows 2012 R2 to Windows 2016.

In my exercise below I’ve demoted my DC-01-VM (Windows Server 2012 R2) and then just installed a new Windows 2016 Server.

I will do a migration of my Windows Server 2012 R2 forest to Windows Server 2016 by adding a Domain Controller in Windows 2016, migrating all the FSMO roles to this new Domain Controller and then demote the Windows Server 2012 R2.

Details:

My current domain name is testlab.local

My Windows Server 2012 R2 Domain Controller is dc01-vm.testlab.local

The new Windows Server 2016 will be ad01.testlab.local

First, I deploy the AD role (DCPromo) on my new Windows Server 2016 machine. For this I use the following PowerShell commands:

Install-WindowsFeature AD-Domain-Services
Install-WindowsFeature -name "AD-Domain-Services" -IncludeManagementTools
Import-Module ADDSDeployment
Install-ADDSDomainController -NoGlobalCatalog:$false -CreateDnsDelegation:$false -CriticalReplicationOnly:$false -DatabasePath "C:\Windows\NTDS" -DomainName "testlab.local" -InstallDns:$true -LogPath "C:\Windows\NTDS" -NoRebootOnCompletion:$false -ReplicationSourceDC "dc01-vm.testlab.local" -SiteName "Default-First-Site-Name" -SysvolPath "C:\Windows\SYSVOL" -Force:$true -Credential (Get-Credential)

Once this is done, I used the command below to move the FSMO roles from my Windows Server 2012 R2 Domain Controller to the new Windows Server 2016.

Move-ADDirectoryServerOperationMasterRole -Identity "AD01-VM" -OperationMasterRole 0,1,2,3,4

If you want to make sure everything change the way you intend to, you can use Powershell script below to make sure everything is ok.

Get-ADDomain | Select-Object InfrastructureMaster, RIDMaster, PDCEmulator

Get-ADForest | Select-Object DomainNamingMaster, SchemaMaster

Get-ADDomainController -Filter * |

     Select-Object Name, Domain, Forest, OperationMasterRoles |

     Where-Object {$_.OperationMasterRoles} |

     Format-Table -AutoSize

If the Windows Server 2016 Domain Controller is up and running, now I want to get rid of the Windows Server 2012 R2, the same way as I did for the DCpromo, I will demote the old Windows Server 2012 R2 Domain Controller using the PowerShell script below:

Import-Module ADDSDeployment
Uninstall-ADDSDomainController `
-DemoteOperationMasterRole:$true `
-ForceRemoval:$true `
-Force:$true

You must specify the password for the local administrator account of the machine once it have been demoted.

And at last, if you want to upgrade the funtcional level of you Active Directory from Windows Server 2012 R2 to Windows Server 2016, run the following PowerShell command:

Set-ADDomainMode –identity testlab.local -DomainMode Windows2016Domain

DHCP Migration

This was straight forward using PowerShell. Run the following command on DC-01-VM:

Export-DhcpServer -ComputerName dc-01.ctxlab.local -File C:\export\dhcpexport.xml

Copy the folder C:\Export to AD-01-VM and run the following PowerShell command:

Install-WindowsFeature -Name "DHCP" -IncludeManagementTools
Import-DhcpServer -ComputerName ad01-vm.testlab.local -File C:\export\dhcpexport.xml

Certificate Authorities Migration

Follow this Microsoft post Step-By-Step: Migrating The Active Directory Certificate Service From Windows Server 2003 to 2012 R2.

ADFS Migration

Follow the post Upgrading to AD FS in Windows Server 2016. Unfortunately I’ve forgotten my configuration details to join my ADFS farm.

File Server Migration

This is probably the most important part. I’ve researched using various tools for this including Microsoft File Server Migration Toolkit, but in my experience the easiest solution is still Robocopy.

The following command will replicate Files, Folders and Permissions to the new AD-01-VM. Run the following command from DC-01-VM:

robocopy "C:\Shares" "\\AD-01-VM\C$\Shares" /XF thumbs.db /COPY:DATSO /MIR

The final task is to export the registry key HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares

Since I’m going to still host all my Shares on DC01-VM I’m now going to demote it, delete the VM, install Windows 2016 and follow the first section of this article.

After everything is up and running I’ll replicate the files and folders back to DC01-VM, import the registry key and restart the server.

robocopy "C:\Shares" "\\DC01-VM\C$\Shares" /XF thumbs.db /COPY:DATSO /MIR

That’s it, pretty straight forward when you need to perform a Windows 2016 Migration because of the 180 day time-bomb or whatever other reason.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s