question

NamlessShelter-6097 avatar image
0 Votes"
NamlessShelter-6097 asked DSPatrick commented

Domain Controllers Migration

Dear Friends,

Please help.

We are a big organisation with 1600 + Users.

Now I am planning to migrate two Domain Controllers (server 2012 r2) dc01 (192.168.2.45) and dc02(192.168.2.46) to two Server 2019 boxes.

In order to have less impact on updating Appliance and other windows servers' DNS entries, my plan is:

  1. Demote DC02, remove it and power off the server.

  2. Set up a new DC03 server 2019 box with the same IP with DC02. And set up as secondary DC server.

  3. Migrate FSMO roles to DC03 as primary DC server. So, DC03 becomes domain master.

  4. Migrate DHCP from DC01 to DC 03. Demote DC01 and power off.

  5. Set up DC04 server 2019 and set up as secondary domain for load balancing etc.

  6. Done

Can we practically do this?

Thanks a lot,
ML










windows-dhcp-dnswindows-server-migration
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

DSPatrick avatar image
0 Votes"
DSPatrick answered DSPatrick commented

The two prerequisites to introducing the first 2019 or 2022 domain controller are that domain functional level needs to be 2008 or higher and older sysvol FRS replication needs to have been migrated to DFSR
https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Streamlined-Migration-of-FRS-to-DFSR-SYSVOL/ba-p/425405


Yes, your plan sounds good. You can also check in between steps in case some cleanup were necessary to remove remnants of demoted one.
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup
https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-controller-server/ba-p/280564

It's also recommended to confirm domain health is 100% (dcdiag, repadmin tools) before starting and precautionary in between steps.

--please don't forget to upvote and Accept as answer if the reply is helpful--




· 19
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

NamlessShelter-6097 avatar image NamlessShelter-6097 ·

Thanks a lot,

Just regarding to Primary DNS IP and Secondary DNS IP, so it doesn't matter what sequence they are on every other servers and appliances, right? Doing this way, we might ended up Secondery DNS IP is on top, and Primary DNS IP is on the bottom.

Or how about we migrate FSMO roles to DC02 first. and then demote DC01..and rest of steps? So DNS IPs will end up in the right order.

ML

0 Votes 0 ·
DSPatrick avatar image DSPatrick NamlessShelter-6097 ·

Yes, you could do the second option if you like but the concept of primary / secondary really no longer applies since the days of NT.


0 Votes 0 ·
NamlessShelter-6097 avatar image NamlessShelter-6097 DSPatrick ·

Cool thanks, so as long as one of the DNS server (Whatever member DC server) is in the entries, it will be fine. Does not matter what sequence they are on?

0 Votes 0 ·
NamlessShelter-6097 avatar image NamlessShelter-6097 ·

Also, what if domain function is already on 2012 R2, do we need to worry about migrate to DFSR?

Thanks
ML

0 Votes 0 ·
DSPatrick avatar image DSPatrick NamlessShelter-6097 ·

I'd think it should already be DFSR but you can easily check it (ADSIEDIT) if you find 48 then using DFSR, if null or 0, 16, 32 then FRS or some state of migration from FRS

185309-image.png


0 Votes 0 ·
image.png (270.3 KiB)
NamlessShelter-6097 avatar image NamlessShelter-6097 DSPatrick ·

Cool thanks, so as long as one of the DNS server (Whatever member DC server) is in DNS entries on every servers, it will be fine. Does not matter what sequence they are on? Am I correct?

Thanks

0 Votes 0 ·
Show more comments
NamlessShelter-6097 avatar image NamlessShelter-6097 ·

Also, should we use server 2022 or stick with server 2019?

Thanks
ML

0 Votes 0 ·
DSPatrick avatar image DSPatrick NamlessShelter-6097 ·

Either one is fine to use.


0 Votes 0 ·
DSPatrick avatar image DSPatrick DSPatrick ·

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--



1 Vote 1 ·
Show more comments