Log in Subscribe
Active directory

Migrating FSMO roles Windows 2019 Server

Stephane Thirion
· 3 min read
Migrating FSMO roles Windows 2019 Server

Be careful, the Windows 2019 Server iso have been pulled out, it should be back shortly (Nov-2018)

As Microsoft Windows 2019 became (almost) available, this is time again to move the FSMO roles from Windows Server 2016 to Windows Server 2019. Before destroying everything to rebuilt, I like to migrate my Active Directory and keep the work, policies and OU organisation I got for years. For this one, I wanted to migrate my forest to 2019 by adding a Domain Controller to my existing Windows 2016 Active Directory, migrating all the FSMO roles to this new Domain Controller and then removing the Windows 2016 Server once everything have been done.

Details :
My Windows Server 2016 Domain Controller is DC01.metal.inc
The new Windows 2019 Server is DC92.metal.inc

my domain name is  metal.inc

First, to deploy the AD role (DCPromo) on my new Windows 2019 Server machine, i used Powershell commands as follow :

Take a note of your site name and make sure to replace it by the correct value.

#
# Windows PowerShell script for AD DS Deployment
#
 
Get-WindowsFeature AD-Domain-Services | Install-WindowsFeature 
Install-ADDSDomainController `
-NoGlobalCatalog:$false `
-CreateDnsDelegation:$false `
-CriticalReplicationOnly:$false `
-DatabasePath "C:WindowsNTDS" `
-DomainName "METAL.INC" `
-InstallDns:$true `
-LogPath "C:WindowsNTDS" `
-NoRebootOnCompletion:$false `
-ReplicationSourceDC "DC01.METAL.INC" `
-SiteName "Default-First-Site-Name" `
-SysvolPath "C:WindowsSYSVOL" `
-Force:$true

Be careful, at the end of the execution of this first script, the new Windows 2019 Server Domain Controller will reboot.

Once it’s done, I connected on the Windows 2019 Domain Controller  to use this powershell script and move the FSMO roles from the Windows Server 2016 Domain Controller

Move-ADDirectoryServerOperationMasterRole -Identity "DC92" -OperationMasterRole 0,1,2,3,4

If you want to make sure everything change the way you intend to, you can use this short Powershell script to make sure everything is ok

Get-ADDomain | Select-Object InfrastructureMaster, RIDMaster, PDCEmulator
 
Get-ADForest | Select-Object DomainNamingMaster, SchemaMaster
 
Get-ADDomainController -Filter * |
 
     Select-Object Name, Domain, Forest, OperationMasterRoles |
 
     Where-Object {$_.OperationMasterRoles} |
 
     Format-Table -AutoSize

The result :

2019 Domain Controller is up and running, now I want to get rid of the 2016 one, the same way as I did for the DCpromo, I will demote the old controller using this Powershell script :

#
# Windows PowerShell script for AD DS Deployment
#
 
Import-Module ADDSDeployment
Uninstall-ADDSDomainController `
-DemoteOperationMasterRole:$true `
-ForceRemoval:$true `
-Force:$true

You have to specify the password for the local administrator account of the machine once it will have been demoted.

And at last, if you want to upgrade the functional level of your Active Directory to 2016/2019 :

Set-ADDomainMode –identity metal.inc -DomainMode Windows2016Domain

Related Articles

Automating VMware VM Deployment with Ansible: Guide to Static IP Configuration - request

Automating VMware VM Deployment with Ansible: Guide to Static IP Configuration - request

· 3 min read
Self-hosted ComfyUI install - Ubuntu 24.02

Self-hosted ComfyUI install - Ubuntu 24.02

· 3 min read
From Hype to Reality: The AI Stack That Actually Matters

From Hype to Reality: The AI Stack That Actually Matters

· 3 min read
Ansible Playbook for Creating Multiple VMs with Sequential Naming in vCenter

Ansible Playbook for Creating Multiple VMs with Sequential Naming in vCenter

· 5 min read
Automating VM Deployment in VMware vSphere with Ansible

Automating VM Deployment in VMware vSphere with Ansible

· 4 min read
What is Ansible?

What is Ansible?

· 3 min read