At the end of this blog, if you want to go further with 2016 migration (DHCP, ADFS…) go to check Eric (my Norwegian CTP fellow) blog here
As Microsoft Windows 2016 became available, it is time to update my lab. Before destroying everything to rebuilt, I like to migrate things and test everything. For this one, I wanted to migrate my forest to 2016 by adding a Domain Controller in Windows 2016, migrating all the FSMO roles to this new Domain Controller and then removing the 2012r2 one.
Details :
my 2012r2 Domain Controller is DC01.metal.inc
The new Windows 2016 Server is AD01.metal.inc
my domain name is metal.inc
First, to deploy the AD role (DCPromo) on my new Windows 2016 machine, i used Powershell commands as follow :
#
# Windows PowerShell script for AD DS Deployment
#
Import-Module ADDSDeployment
Install-ADDSDomainController `
-NoGlobalCatalog:$false `
-CreateDnsDelegation:$false `
-CriticalReplicationOnly:$false `
-DatabasePath "C:WindowsNTDS" `
-DomainName "METAL.INC" `
-InstallDns:$true `
-LogPath "C:WindowsNTDS" `
-NoRebootOnCompletion:$false `
-ReplicationSourceDC "DC01.METAL.INC" `
-SiteName "NewYork" `
-SysvolPath "C:WindowsSYSVOL" `
-Force:$true
Once it’s done, I used this command, to move the FSMO roles from my Windows 2012r2 domain controller to the new one
Move-ADDirectoryServerOperationMasterRole -Identity "AD01" -OperationMasterRole 0,1,2,3,4
If you want to make sure everything change the way you intend to, you can use this short Powershell script to make sure everything is ok
Get-ADDomain | Select-Object InfrastructureMaster, RIDMaster, PDCEmulator
Get-ADForest | Select-Object DomainNamingMaster, SchemaMaster
Get-ADDomainController -Filter * |
Select-Object Name, Domain, Forest, OperationMasterRoles |
Where-Object {$_.OperationMasterRoles} |
Format-Table -AutoSize
The result :
2016 Domain Controller is up and running, now I want to get rid of the 2012r2 one, the same way as I did for the DCpromo, I will demote the old controller using this Powershell script :
#
# Windows PowerShell script for AD DS Deployment
#
Import-Module ADDSDeployment
Uninstall-ADDSDomainController `
-DemoteOperationMasterRole:$true `
-ForceRemoval:$true `
-Force:$true
You have to specify the password for the local administrator account of the machine once it will have been demoted.
And at last, if you want to upgrade the funtcional level of you Active Directory from 2012r2 to 2016 :
Set-ADDomainMode –identity metal.inc -DomainMode Windows2016Domain
Links : Active Directory FSMO roles in Windows