AD upgrade from 2008R2 to 2019 or move to new Server 2019.

Question

Hello,

We got 1 AD DC in our infrastructure. (Windows serve 2008 R2)

DC have such roles:

• AD DS
• AD CS
• NPS (which is not working currently)
• DNS

We need to either upgrade this server to 2019 or make a new server and transfer all roles to the new server but we need to keep old server hostname un IP adress.

So how could i do this? I see two options:

1. Install new Windows Server 2019 and install AD DS role on that server;
2. Move NPS role to the new server;
3. Move FSMO roles;
4. On old server backup AD CS and then remove AD CS role;
5. On Old server Remove AD DS role demote the server and rename it and change IP adress;
6. After old server restart, install ad ds role and promote this server to DC;
7. On new server remove AD DS role and demote server, change ip adress and hostname to the OLD server;
8. After restart install AD DS role and promote to DC;
9. Install AD CS role on new server and restore from backup;
10. Remove old AD server.

Second option.

1. Install new Windows Server 2019 and install AD DS role on that server;
2. Move fsmo roles from old server;
3. Backup AD CS;
4. Remove AD CS;
5. Remove AD DS role frome old server and demote that server;
6. After restart install AD CS role and restore from backup;
   6.Then in-place upgrade from 2008 R2 to 2012 R2;
7. Then in-place upgrade from 2012 R2 to 2019;
8. Install AD DS role back to the old server;
9. Transfer FSMO roles back to the old server;
10. Rise domain function level;
11. Remove 2nd AD DS. (maybe)

Which one is the best option?

Thank you.

Answer 1

Hi,

Upgrade in-place is not recommended approach to upgrade your CA and domain controller.
It's recommended to migrate to new server after demoting the old server.

1. Backup CA settings to prepare CA migration
2. Move FSMO to another domain controller if the DC host one of FSMO roles
3. modify IP settings to use another domain controller as DNS resolver
4. Remove CA role
5. Demote domain controller
6. Rename old server and change its IP
7. Modify the IP and the name of the new server to use the old one
8. promote domain controller
9. move FSMO roles to new server
10. Install CA and restore from old CA.

Please don't forget to mark this reply as answer if it help you to fix your issue

Answer 2

Hello,

Thank you so much for posting here.

We recommend to add a new 2019 DC to the existing domain instead of upgrading the Windows Server 2008 R2 to Windows Server 2019. I suggest we check our AD health before we make any change in our AD environment.

1, Check DC health by running Dcdiag /v and check AD replication by running repadmin/showrepl and repadmin /replsum before joining the new DC.
2, The minimum requirement to add a Windows Server 2019 Domain Controller is a Windows Server 2008 functional level. The domain also has to use DFS-R as the engine to replicate SYSVOL. So before we add 2019 DC to the existing domain, we need to ensure the functional level is at least Windows Server 2008, and the SYSVOL folder replication type is DFSR.

In the actual application environment, it is recommended to deploy the certificate server independently, and it is not recommended to deploy CA server and the domain controller on the same server.

Besides, as mentioned we got only one DC in our environment. To avoid any problem, it is suggested to have at least two DCs in our environment. In case one DC could not work, the another could continue to work.

As for the first option, the new server will have the same IP address and hostname as the old server after the upgrade.
As for the second option, both servers will be Windows server 2019 after the upgrade.

Both options are OK, we could choose one according to our requirements.

For any question, please feel free to contact us.

Best regards,
Hannah Xiong

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.