Migrating FSMO roles Windows 2016 Server

· 3 min read
Migrating FSMO roles Windows 2016 Server

At the end of this blog, if you want to go further with 2016 migration (DHCP, ADFS…) go to check Eric (my Norwegian CTP fellow) blog here

As Microsoft Windows 2016 became available, it is time to update my lab. Before destroying everything to rebuilt, I like to migrate things and test everything. For this one, I wanted to migrate my forest to 2016 by adding a Domain Controller in Windows 2016, migrating all the FSMO roles to this new Domain Controller and then removing the 2012r2 one.

Details :

my 2012r2 Domain Controller is DC01.metal.inc

The new Windows 2016 Server is AD01.metal.inc

my domain name is  metal.inc

First, to deploy the AD role (DCPromo) on my new Windows 2016 machine, i used Powershell commands as follow :

# Windows PowerShell script for AD DS Deployment
Import-Module ADDSDeployment
Install-ADDSDomainController `
-NoGlobalCatalog:$false `
-CreateDnsDelegation:$false `
-CriticalReplicationOnly:$false `
-DatabasePath "C:WindowsNTDS" `
-DomainName "METAL.INC" `
-InstallDns:$true `
-LogPath "C:WindowsNTDS" `
-NoRebootOnCompletion:$false `
-ReplicationSourceDC "DC01.METAL.INC" `
-SiteName "NewYork" `
-SysvolPath "C:WindowsSYSVOL" `

Once it’s done, I used this command, to move the FSMO roles from my Windows 2012r2 domain controller to the new one

Move-ADDirectoryServerOperationMasterRole -Identity "AD01" -OperationMasterRole 0,1,2,3,4

If you want to make sure everything change the way you intend to, you can use this short Powershell script to make sure everything is ok

Get-ADDomain | Select-Object InfrastructureMaster, RIDMaster, PDCEmulator
Get-ADForest | Select-Object DomainNamingMaster, SchemaMaster
Get-ADDomainController -Filter * |
     Select-Object Name, Domain, Forest, OperationMasterRoles |
     Where-Object {$_.OperationMasterRoles} |
     Format-Table -AutoSize

The result :


2016 Domain Controller is up and running, now I want to get rid of the 2012r2 one, the same way as I did for the DCpromo, I will demote the old controller using this Powershell script :

# Windows PowerShell script for AD DS Deployment
Import-Module ADDSDeployment
Uninstall-ADDSDomainController `
-DemoteOperationMasterRole:$true `
-ForceRemoval:$true `

You have to specify the password for the local administrator account of the machine once it will have been demoted.

And at last, if you want to upgrade the funtcional level of you Active Directory from 2012r2 to 2016 :

Set-ADDomainMode –identity metal.inc -DomainMode Windows2016Domain

Links : Active Directory FSMO roles in Windows