Migrating FSMO roles Windows 2022 Server
As Microsoft Windows 2022 became (almost) available, this is time again to move the FSMO roles from Windows Server 2019 to Windows Server 2022. Before destroying everything to rebuilt, I like to migrate my Active Directory and keep the work, policies and OU organisation I got for years. For this one, I wanted to migrate my forest to 2022 by adding a Domain Controller to my existing Windows 2019 Active Directory, migrating all the FSMO roles to this new Domain Controller and then removing the Windows 2016 Server once everything have been done.
Details : My Windows Server 2019 Domain Controller is DC01.raidho.local The new Windows 2022 Server is DC02.raidho.local
my domain name is raidho.local
First, to deploy the AD role (DCPromo) on my new Windows 2022 Server machine, i used Powershell commands as follow :
Take a note of your site name and make sure to replace it by the correct value. in bold the value you should change
#
# Windows PowerShell script for AD DS Deployment
#
Get-WindowsFeature AD-Domain-Services | Install-WindowsFeature
Install-ADDSDomainController `
-NoGlobalCatalog:$false `
-CreateDnsDelegation:$false `
-CriticalReplicationOnly:$false `
-DatabasePath "C:WindowsNTDS" `
-DomainName "RAIDHO.LOCAL" `
-InstallDns:$true `
-LogPath "C:WindowsNTDS" `
-NoRebootOnCompletion:$false `
-ReplicationSourceDC "DC01.raidho.local" `
-SiteName "Default-First-Site-Name" `
-SysvolPath "C:WindowsSYSVOL" `
-Force:$trueAt the end of the execution of this first script, the new Windows 2022 Server Domain Controller will reboot.
Once it’s done, I connected on the Windows 2022 Domain Controller to use this powershell script and move the FSMO roles from the Windows Server 2016 Domain Controller
Move-ADDirectoryServerOperationMasterRole -Identity "DC02" -OperationMasterRole 0,1,2,3,4If you want to make sure everything change the way you intend to, you can use this short Powershell script to make sure everything is ok
Get-ADDomain | Select-Object InfrastructureMaster, RIDMaster, PDCEmulator
Get-ADForest | Select-Object DomainNamingMaster, SchemaMaster
Get-ADDomainController -Filter * |
Select-Object Name, Domain, Forest, OperationMasterRoles |
Where-Object {$_.OperationMasterRoles} |
Format-Table -AutoSizeThe result :
2022 Domain Controller is up and running, now I want to get rid of the 2016 one, the same way as I did for the DCpromo, I will demote the old controller using this Powershell script :
#
# Windows PowerShell script for AD DS Deployment
#
Import-Module ADDSDeployment
Uninstall-ADDSDomainController `
-DemoteOperationMasterRole:$true `
-ForceRemoval:$true `
-Force:$trueYou have to specify the password for the local administrator account of the machine once it will have been demoted.
And at last, if you want to upgrade the functional level of your Active Directory to 2016/2019 /2022 if you’ve not done this already:
Set-ADDomainMode –identity raidho.local -DomainMode Windows2016Domain