Migrating FSMO roles Windows 2019 Server
Be careful, the Windows 2019 Server iso have been pulled out, it should be back shortly (Nov-2018)
As Microsoft Windows 2019 became (almost) available, this is time again to move the FSMO roles from Windows Server 2016 to Windows Server 2019. Before destroying everything to rebuilt, I like to migrate my Active Directory and keep the work, policies and OU organisation I got for years. For this one, I wanted to migrate my forest to 2019 by adding a Domain Controller to my existing Windows 2016 Active Directory, migrating all the FSMO roles to this new Domain Controller and then removing the Windows 2016 Server once everything have been done.
Details :
My Windows Server 2016 Domain Controller is DC01.metal.inc
The new Windows 2019 Server is DC92.metal.inc
my domain name is metal.inc
First, to deploy the AD role (DCPromo) on my new Windows 2019 Server machine, i used Powershell commands as follow :
Take a note of your site name and make sure to replace it by the correct value.
#
# Windows PowerShell script for AD DS Deployment
#
Get-WindowsFeature AD-Domain-Services | Install-WindowsFeature
Install-ADDSDomainController `
-NoGlobalCatalog:$false `
-CreateDnsDelegation:$false `
-CriticalReplicationOnly:$false `
-DatabasePath "C:WindowsNTDS" `
-DomainName "METAL.INC" `
-InstallDns:$true `
-LogPath "C:WindowsNTDS" `
-NoRebootOnCompletion:$false `
-ReplicationSourceDC "DC01.METAL.INC" `
-SiteName "Default-First-Site-Name" `
-SysvolPath "C:WindowsSYSVOL" `
-Force:$trueBe careful, at the end of the execution of this first script, the new Windows 2019 Server Domain Controller will reboot.
Once it’s done, I connected on the Windows 2019 Domain Controller to use this powershell script and move the FSMO roles from the Windows Server 2016 Domain Controller
Move-ADDirectoryServerOperationMasterRole -Identity "DC92" -OperationMasterRole 0,1,2,3,4If you want to make sure everything change the way you intend to, you can use this short Powershell script to make sure everything is ok
Get-ADDomain | Select-Object InfrastructureMaster, RIDMaster, PDCEmulator
Get-ADForest | Select-Object DomainNamingMaster, SchemaMaster
Get-ADDomainController -Filter * |
Select-Object Name, Domain, Forest, OperationMasterRoles |
Where-Object {$_.OperationMasterRoles} |
Format-Table -AutoSizeThe result :
2019 Domain Controller is up and running, now I want to get rid of the 2016 one, the same way as I did for the DCpromo, I will demote the old controller using this Powershell script :
#
# Windows PowerShell script for AD DS Deployment
#
Import-Module ADDSDeployment
Uninstall-ADDSDomainController `
-DemoteOperationMasterRole:$true `
-ForceRemoval:$true `
-Force:$trueYou have to specify the password for the local administrator account of the machine once it will have been demoted.
And at last, if you want to upgrade the functional level of your Active Directory to 2016/2019 :
Set-ADDomainMode –identity metal.inc -DomainMode Windows2016Domain