question

matteu31400 avatar image
0 Votes"
matteu31400 asked DSPatrick commented

Domain controller migration 2008r2 to 2019

Hello,

I need to migrate domain controller from 2008r2 to 2019 and I would like to know if I can keep the same ip and same name.
I think I can use temporary ip + name on my new domain controller during the migration and when my new domain controller is operationnal, I just demote the older and remove it from AD. Then I change IP + name on my new DC and reboot + verify DNS are updated and it's ok ?

Thanks for your answer.

windows-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
1 Vote"
DSPatrick answered

There are only 2 DC(SRV1 and SRV2) on the environment. I would like to avoid shut down one of them and build new one after. If there is an issue, I could have 0 DC.

Yes, I can understand this and what you propose may work out for you but it is just a very messy way to accomplish the task. The much simpler / safer method would be to stand up the temporary (SRV3), now you have redundancy! Now move roles off (SRV1) decommission demote, build a new one,, follow same steps for (SRV2), in the end decommission / demote temp (SRV3) Here was a 10,000 foot view of steps. Follow my detailed steps above for actual.

--please don't forget to Accept as answer if the reply is helpful--






5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
1 Vote"
DSPatrick answered

The much safer / simpler solution is to move roles off, decommission, then stand up the new one with correct name and address.

The two prerequisites to introducing the first 2019 domain controller are that domain functional level needs to be 2008 or higher and older sysvol FRS replication needs to have been migrated to DFSR
https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Streamlined-Migration-of-FRS-to-DFSR-SYSVOL/ba-p/425405

I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2019, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one.


--please don't forget to Accept as answer if the reply is helpful--







5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FanFan-MSFT avatar image
1 Vote"
FanFan-MSFT answered

Hi,

Yes , you can keep the same ip and same name.

Before going further , i would suggest you back up the old DC.

Check if the DFSR is used for the sysvol replication.
command :dfsrmig.exe /getglobalstate
If the Result: 3 (ELIMINATED) the DFSR is used for the replicaiton.
If not , you need to migrate the FRS TO DFSR before promote the first 2019 server.For more infromation , you can refer to :
https://docs.microsoft.com/en-us/windows-server/storage/dfs-replication/migrate-sysvol-to-dfsr

After the dfsr migration , confirm everything works well ,then you can try to rename the old DC and change the ip address of the old DC, for exmaple IP 1 to IP 2.

Run the cmd as administrator to register A records and PTR records: IPCONFIG /RegisterDNS
Check whether the related records have been modified successfully in DNS of old DC.
Restart the netlogon service to trigger the dynamic record list generation that needs to be registered
Run the cmd as administrator to force push replication on other DCs:
Repadmin /syncall /AdeP  
Wait for replication to complete, and check whether changes have been made in DNS and GC
Then assign the old name and ip address for the new DC.
Observe for a while and make sure both DCS are working properly.
We can run the “dcdiag” to check.

Demote old DC.


Best Regards,

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CARLOSGERMANBISSIO-9884 avatar image
0 Votes"
CARLOSGERMANBISSIO-9884 answered DSPatrick commented

Hi... I did a test. I created a new VM with 2019 server standard. Joined to domain, and then moved to de DOMAIN CONTROLLERS OU and then... CRASH!!! The same sympton if I join the server as DC. So there is sth in the group policy at the OU that CRASH 2019 WINDOWS SERVER.

Then I tried to unjoin from the Domain, and also still CRASHED.

Any suggest or someone with new idea? BEFORE REINSTALLING ENTIRE DOMAIN?

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I'd start a new thread as opposed to hijacking this one.




1 Vote 1 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered

Ok, yes definitely redirect the hard coded members and update the DHCP server to hand out valid healthy ones.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

matteu31400 avatar image
0 Votes"
matteu31400 answered

Before beeing DC, DC1 is just workstation.
Then it's DC + DNS.
Between this time, I suppose my client try to authenticate themself on it because they are configured with DC1 as first DNS.

I suppose that was my issue ?

I don't understand what it could be if it's not...

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered DSPatrick edited

but it isn't DNS server -

Not sure what is meant. You didn't install DNS role?

I depromote DC1 and rename it DC1-OLD I build new server DC1

Before building the new one you might check if clean up is necessary. Also clean up DNS (if needed)
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup
https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-controller-server/ba-p/280564

--please don't forget to Accept as answer if the reply is helpful--











5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

matteu31400 avatar image
0 Votes"
matteu31400 answered

Migration worked fine except something :

Before migration, there are DC1 + DC2.
I build DC3
When I depromote DC1 and rename it DC1-OLD I build new server DC1
Client computer can join DC1 but it isn't DNS server -> error when client try to login. It's working fine if I shutdown DC1 or after DC1 is promoted as DC + DNS.
Is there a way to avoid this for my next time ?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CARLOSBISSIO-7630 avatar image
0 Votes"
CARLOSBISSIO-7630 Suspended answered

Hi!... be careful... I tried to migrate, and after adding w2019 as DC, all text from desktop and explorer disappeared!! I'am working around it but not success yet.



80886-captura-de-pantalla-2021-03-23-225134.jpg



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

matteu31400 avatar image
0 Votes"
matteu31400 answered DSPatrick commented

I forget to say I would like to migrate from 2 2008r2 to 3 2019.
That means SRV3 will stay.

I understand perfectly how I have to do now :)

I think it's a good way to do migration by using temporary DC when there are only 2 DC in the environment.
I will try to convince my client to have 3 DC permanently because with 2, when 1 is down and you need to restart the other.... (He had this issue on december 2020 ^^ ).

Thank you for your help.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Sounds good, you're welcome.




0 Votes 0 ·