Migrating Windows Server 2012 R2 FSMO roles to Windows Server 2016

As Microsoft Windows 2016 became available, it is time to update my lab. Before destroying everything to rebuilt, I like to migrate things and test everything. For this one, I wanted to migrate my forest to 2016 by adding a Domain Controller in Windows 2016, migrating all the FSMO roles to this new Domain Controller and then removing the Windows Server 2012 R2 one.

Details:

My Windows Server 2012 R2 Domain Controller is DC01-VM.mylab.local

The new Windows Server 2016 is AD01-VM.mylab.local

My domain name is mylab.local

First, I deploy the AD role (DCPromo) on my new Windows Server 2016 machine, I used the PowerShell commands as follow:

##################################################
# Windows PowerShell script for AD DS Deployment #
##################################################

Import-Module ADDSDeployment
Install-ADDSDomainController `
-NoGlobalCatalog:$false `
-CreateDnsDelegation:$false `
-CriticalReplicationOnly:$false `
-DatabasePath "C:\Windows\NTDS" `
-DomainName "mylab.local" `
-InstallDns:$true `
-LogPath "C:\Windows\NTDS" `
-NoRebootOnCompletion:$false `
-ReplicationSourceDC "dc01-vm.mylab.local" `
-SiteName "Nieuwegein" `
-SysvolPath "C:\Windows\SYSVOL" `
-Force:$true

Once it’s done, I used this command, to move the FSMO roles from my Windows Server 2012 R2 domain controller to the new one:

Move-ADDirectoryServerOperationMasterRole -Identity "AD01-VM" -OperationMasterRole 0,1,2,3,4

Check FSMO

If you want to make sure everything change the way you intend to, you can use this short PowerShell script to make sure everything is ok:

##############################################################
# PowerShell Script to check the FSMO on Windows Server 2016 #
##############################################################

Get-ADDomain | Select-Object InfrastructureMaster, RIDMaster, PDCEmulator

Get-ADForest | Select-Object DomainNamingMaster, SchemaMaster

Get-ADDomainController -Filter * |

     Select-Object Name, Domain, Forest, OperationMasterRoles |

     Where-Object {$_.OperationMasterRoles} |

     Format-Table -AutoSize

Result:

The Windows Server 2016 Domain Controller is up and running, now I want to get rid of Windows Server 2012 R2. The same way as I did for the DCpromo, I will demote the old domain controller using this PowerShell script:

##############################################################
# Windows PowerShell script to demote Windows Server 2012 R2 #
##############################################################

Import-Module ADDSDeployment
Uninstall-ADDSDomainController `
-DemoteOperationMasterRole:$true `
-ForceRemoval:$true `
-Force:$true

You have to specify the password for the local administrator account of the Windows Server 2012 R2 machine.

And at last, if you want to upgrade the functional level of you Active Directory from Windows Server 2012 R2  to Windows Server 2016, using this PowerShell script :

#################################################################################
# Windows PowerShell script to upgrade functional level Windows Server 2016     #
#################################################################################

Set-ADDomainMode –identity mylab.local -DomainMode Windows2016Domain

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s