Active directory

Migrating FSMO roles Windows 2016 Server

Stephane Thirion
· 3 min read
Migrating FSMO roles Windows 2016 Server

At the end of this blog, if you want to go further with 2016 migration (DHCP, ADFS…) go to check Eric (my Norwegian CTP fellow) blog here

As Microsoft Windows 2016 became available, it is time to update my lab. Before destroying everything to rebuilt, I like to migrate things and test everything. For this one, I wanted to migrate my forest to 2016 by adding a Domain Controller in Windows 2016, migrating all the FSMO roles to this new Domain Controller and then removing the 2012r2 one.

Details :

my 2012r2 Domain Controller is DC01.metal.inc

The new Windows 2016 Server is AD01.metal.inc

my domain name is  metal.inc

First, to deploy the AD role (DCPromo) on my new Windows 2016 machine, i used Powershell commands as follow :

#
# Windows PowerShell script for AD DS Deployment
#
 
Import-Module ADDSDeployment
Install-ADDSDomainController `
-NoGlobalCatalog:$false `
-CreateDnsDelegation:$false `
-CriticalReplicationOnly:$false `
-DatabasePath "C:WindowsNTDS" `
-DomainName "METAL.INC" `
-InstallDns:$true `
-LogPath "C:WindowsNTDS" `
-NoRebootOnCompletion:$false `
-ReplicationSourceDC "DC01.METAL.INC" `
-SiteName "NewYork" `
-SysvolPath "C:WindowsSYSVOL" `
-Force:$true

Once it’s done, I used this command, to move the FSMO roles from my Windows 2012r2 domain controller to the new one

Move-ADDirectoryServerOperationMasterRole -Identity "AD01" -OperationMasterRole 0,1,2,3,4

If you want to make sure everything change the way you intend to, you can use this short Powershell script to make sure everything is ok

Get-ADDomain | Select-Object InfrastructureMaster, RIDMaster, PDCEmulator
 
Get-ADForest | Select-Object DomainNamingMaster, SchemaMaster
 
Get-ADDomainController -Filter * |
 
     Select-Object Name, Domain, Forest, OperationMasterRoles |
 
     Where-Object {$_.OperationMasterRoles} |
 
     Format-Table -AutoSize

The result :

2016-10-20_09-33-33

2016 Domain Controller is up and running, now I want to get rid of the 2012r2 one, the same way as I did for the DCpromo, I will demote the old controller using this Powershell script :

#
# Windows PowerShell script for AD DS Deployment
#
 
Import-Module ADDSDeployment
Uninstall-ADDSDomainController `
-DemoteOperationMasterRole:$true `
-ForceRemoval:$true `
-Force:$true

You have to specify the password for the local administrator account of the machine once it will have been demoted.

And at last, if you want to upgrade the funtcional level of you Active Directory from 2012r2 to 2016 :

Set-ADDomainMode –identity metal.inc -DomainMode Windows2016Domain

Links : Active Directory FSMO roles in Windows

 

Related Articles

Docker Swarm on Ubuntu

Docker Swarm on Ubuntu

· 4 min read
Busy Light with ESP8266 mini D1 and Home Assistant

Busy Light with ESP8266 mini D1 and Home Assistant

· 3 min read
Citrix Adaptive Authentication (Netscaler) SAML Assertion verification failed

Citrix Adaptive Authentication (Netscaler) SAML Assertion verification failed

· 1 min read
Synchronizing Disabled User Accounts Between Active Directory Domains (forest) Using PowerShell

Synchronizing Disabled User Accounts Between Active Directory Domains (forest) Using PowerShell

· 3 min read
Automated Random User Creation Script for Active Directory

Automated Random User Creation Script for Active Directory

· 2 min read
Citrix's Struggles with Partners: How It Impacts Their Business

Citrix's Struggles with Partners: How It Impacts Their Business

· 2 min read