Hello MarkGilbert-0650,
Thank you for posting here.
Here are the answers for your references.
The recommended way to upgrade a domain is to promote domain controllers that run newer versions of Windows Server and demote the older domain controllers as needed. That method is preferable to upgrading the operating system of an existing domain controller.
Adprep and Domainprep
If you are doing an in-place upgrade of an existing domain controller to the Windows Server 2016 operating system, you will need to run adprep /forestprep and adprep /domainprep manually. Adprep /forestprep needs to be run only once in the forest. Adprep /domainprep needs to be run once in each domain in which you have domain controllers that you are upgrading to Windows Server 2016.
If you are promoting a new Windows Server 2016 server, you do not need to run these manually. These are integrated into the PowerShell and Server Manager experiences.
From the reference “Forest and Domain Functional Levels”, we can see:
The minimum requirement to add a Windows Server 2019 Domain Controller is a Windows Server 2008 functional level. The domain also has to use DFS-R as the engine to replicate SYSVOL.
Therefore, we can add 2019 domain controller to this existing domain. It is not recommend that we perform in-place upgrade operating system from 2012 R2 to 2019.
We can follow steps below to upgrade Window server 2012 R2 DC to Window server 2019 DC.
- Check if AD environment is healthy. Check all DCs in this domain is working fine by running Dcdiag /v. Check if AD replication works properly by running repadmin /showrepl and repadmin /replsum.
- Add the new Window server 2019 to this existing domain.
- Add AD DS and DNS roles and promote this Windows server 2019 as a DC (as a GC).
- Check if AD environment is healthy again based on step 1.
- If step 1-step 4 is OK without any error. We can transfer FSMO roles to new 2019 DC if needed.
- Demote Windows server 2012 R2 if needed. Before we demote 2012 R2 DC, we should check:
If the removed DC was a DNS server, update the DNS client configuration on all member workstations, member servers, and other DCs that might have used this DNS server for name resolution. If it is required, modify the DHCP scope to reflect the removal of the DNS server.
If the removed DC was a DNS server, update the Forwarder settings and the Delegation settings on any other DNS servers that might have pointed to the removed DC for name resolution.
References:
Forest and Domain Functional Levels
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels
Upgrade Domain Controllers to Windows Server 2016
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/upgrade-domain-controllers
Hope the information is helpful. If anything is unclear, please feel free to let us know.
Best Regards,
Stephanie Yu