question

Hai-6646 avatar image
0 Votes"
Hai-6646 asked DSPatrick commented

2012 Essentials DC to 2016 Standard DC

I have two systems. System A currently running 2012 Essentials (ver 6.2.9200) as the only Domain Controller for Domain A. System B currently has 2016 Standard (not essentials) installed. How do I move the Domain function and AD structure to the 2016 Standard and get rid of the of 2012 Essentials completely?

  1. Join system B to Domain A

  2. Promote system B to be a DC

  3. Transfer FSMO roles to system B

  4. Demote system A from the domain

  5. Format system A

Will this process work or are there other steps/process I need to do to get this accomplished?

Thank you for all you help.

windows-active-directorywindows-server-2016windows-server-migrationwindows-server-essentials
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
1 Vote"
DSPatrick answered

The prerequisite before introducing the first 2016 domain controller: domain functional level needs to be 2003 or higher

I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2019, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one.


--please don't forget to upvote and Accept as answer if the reply is helpful--





5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hai-6646 avatar image
0 Votes"
Hai-6646 answered

Thank you DSPatrick for you reply. I am taking this at a very slow pace due to the fact that this company only has on DC and I want to make sure I don't blow anything up. I hope this weekend I will be able to Image the machine and finish out my project. I will certainly return and let you know if your suggestions were right on the spot in getting this accomplished.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Sounds good, you're welcome.

--please don't forget to upvote and Accept as answer if the reply is helpful--



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hai-6646 avatar image
0 Votes"
Hai-6646 answered

I'm back with my results of my DC upgrade. Remember, I'm going from 2012 Essentials Domain Controller to 2016 Standard Domain Controller.
1. Verified 2012 DC - good to go
2. Installed 2016, activated, updated it, and joined the 2012 domain - good to go
3. Installed AD services, promoted 2016 server to DC, rebooted the system - good to go
4. Transfer the FSMO roles to the new 2016 Standard DC - good to go
5. Rebooted, shutdown 2012 DC, and get error opening ADUC on new DC (works just fine if both DC are up and running) - eventually fixed the problem by cleaning up and making changes to the DNS servers on both machine
6. At this point, I have a 2012 Essential DC and 2016 Standard DC with the FSMO roles
7. Shutdown 2012 Essentials DC to make sure everything works without it running - good to go
8. While 2012 Essentials DC off, joined a Windows 10 to the domain, created a new OU, and created a new User - good to go (able to log on with all accounts on the Windows 10 machine)
9. Restart the 2012 Essentials DC and new objects created in AD showed up in the ADUC on the essentials machine
10. Check Group Policy - PROBLEM - Error 1 : error occurred collecting data using the base domain controller / Error 2 : System cannot find the path specified
11. Sysvol folder on the 2016 DC was empty but 2012 has Policies, scripts, ...
12. Verify replication - good to go
Here is my problem: I need the Sysvol information from 2012 to 2016 so I can demote and remove the 2012 completely. Sysvol folder is there but nothing inside the folder.

Any suggestions on how to get the Sysvol functioning correctly so can remove the 2012? I am so close to getting this done and believe this maybe my last hurdle.

Thank you for any help.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hai-6646 avatar image
0 Votes"
Hai-6646 answered

Thank you and will get back regarding results.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Sounds good, you're welcome.

--please don't forget to upvote and Accept as answer if the reply is helpful--



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hai-6646 avatar image
0 Votes"
Hai-6646 answered DSPatrick commented

Well, after a couple of weeks, I have finally finished moving from 2012 Essentials DC to 2016 Standard DC (2x).
1. Like DSPatrick said: make sure all errors in even viewers are fixed
2. Make sure all DNS records are fixed - had to use ADSIedit to help clean up some of the DNS records that were old and kept showing up in the database
3. Fixed replication issue stuck at state 2 - This was causing problems with sysvol and netlogon not being shared and no GPO replication was being done
4. Image as you are working through successful goal points. It may take a little longer but if there is an issue, it is much easier to bring back where you last were successful
5. Most importantly, slow down and not be in a hurry to get everything done because there is a deadline. You will either miss something simple or make a mistake that create more issues

I now have two 2016 Domain Controllers with the same domain name as it was on 2012 Essentials and so far have not had to do too many rejoining of computers.




· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Glad to hear of success.




1 Vote 1 ·