The simplest solution is to demote, reboot, then promo it again.
--please don't forget to Accept as answer if the reply is helpful--
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I just ran a dfsr migration state check in my domain, the Domain controllers are mix of Windows Server 2008 R2 Standard & Windows Server 2008 Standard. I'm not sure if this was an in place upgrade previously or FRS to DFSR migration. While I see the below message where in it says the Global State is "Eliminated" which means we're on DFSR but for one RODC-DC01 its at "Start". I'm not sure since when is this stuck at.
So basically we need to Introduce 2019 DC & replace all 2008 DC in this domain. And as a pre-requisite I checked if we're on DFSR or FRS which lead me to run the below command. Please help on how do we proceed ?
How do we fix this error before proceeding ?
**C:\> dfsrmig /getmigrationstate
The following Domain Controllers are not in sync with Global state ('Eliminated'
):
DC01 ('Start') - Read-Only DC
Migration has not yet reached a consistent state on all Domain Controllers.
State information might be stale due to AD latency.**
The simplest solution is to demote, reboot, then promo it again.
--please don't forget to Accept as answer if the reply is helpful--
It is imperative that domain health is 100% before making any changes such as adding new domain controllers so yes fix the problematic one as first step.
The two prerequisites to introducing the first 2019 domain controller are that domain functional level needs to be 2008 or higher and older sysvol FRS replication needs to have been migrated to DFSR
https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Streamlined-Migration-of-FRS-to-DFSR-SYSVOL/ba-p/425405
I'd use dcdiag / repadmin tools to verify health correcting all errors found
before starting any
operations. Then stand up the new 2019, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one.
--please don't forget to Accept as answer
if the reply is helpful--
So shall I demote the problematic Win2008 RODC and directly bring in the new RODC as Win2019 with same name and IP or should that be initially Win2008?
It doesn't matter. What does matter is that health has been confirmed 100% before making any changes. The simplest solution to reuse names / addresses is to move roles off, decommission, then build new one with correct name / address, promo, move on to next one. This is a 10,000 foot view of steps. Follow the detailed steps I outlined above.
--please don't forget to Accept as answer
if the reply is helpful--
is there some amount of wait that I shall do in between
It really should not be necessary assuming the demotion goes cleanly. You can check it and do manual cleanup if necessary.
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup
https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-controller-server/ba-p/280564
--please don't forget to Accept as answer
if the reply is helpful--