Tag Archives: Active Directory Forest

Step-by-Step guide to migrate active directory FSMO roles from windows server 2012 R2 to windows server 2016

Windows server 2016 was released for public (GA) on mid oct 2016. Its exciting time as businesses are already working on migrating their services in to new windows server 2016 infrastructures. In this post, I am going to explain how you can migrate from active directory running on windows server 2012 R2 to windows server 2016 active directory. The same steps are valid for migrating from windows server 2012, windows server 2008 R2 and windows server 2008.

In my demo setup, I have a windows server 2012 R2 domain controller as PDC. I setup windows server 2016 and already added to the existing domain.

updc1

Current domain and forest functional level of the domain is windows server 2012 R2.

updc2

So, let’s start with the migrate process. 

Install Active Directory on windows server 2016
 
1. Log in to windows server 2016 as domain administrator or enterprise administrator
2. Check the IP address details and put the local host IP address as the primary DNS and another AD server as secondary DNS. This is because after AD install, server itself will act as DNS server
3. Run servermanager.exe form PowerShell to open server manager (there is many ways to open it) 
updc3
 
4. Then click on Add Roles and Features
updc4
 
5. It will open up the wizard, click next to continue
updc5
 
6. In next window keep the default and click next
updc6
 
7. Roles will be installed on same server, so leave the default selection and click next to continue
updc7
 
8. Under the server roles tick on Active Directory Domain Services, then it will prompt with the features needs for the role. Click on add features. Then click next to proceed
updc8
updc9
updc10
 
9. On the features windows keep the default and click next
updc11
 
10. In next window, it will give brief description about AD DS, click next to proceed 
updc12
 
11. Then in next window it will give brief description about configuration and click on install to start the role installation process. 
updc13
updc14
 
12. Once installation completed, click on promote this server to a domain controller option
updc15
 
13. It will open up the Active Directory Domain Service configuration wizard, leave the option Add a domain controller to existing domain selected and click next.
updc16
 
14. In next window define a DSRM password and click next
updc17
 
15. In next window click on next to proceed
updc18
 
16. In next windows, it asks from where to replicate domain information. You can select the specific server or leave it default. Once done click next to proceed. 
updc19
 
17. Then it shows the paths for AD DS database, log files and SYSVOL folder. You can change the paths or leave default. In demo, I will keep default and click next to continue
updc20
 
18. In next windows, it will explain about preparation options. Since this is first windows server 2016 AD on the domain it will run forest and domain preparation task as part of the configuration process. Click next to proceed.
updc21
 
19. In next window, it will list down the options we selected. Click next to proceed. 
updc22
 
20. Then it will run prerequisite check, if all good click on install to start the configuration process.
updc23
 
21. Once the installation completes it will restart the server. 
updc24
 
Migrate FSMO Roles to windows server 2016 AD
 
I assume by now you have idea what is FSMO roles. If not search my blog and you will find article explaining those roles. 
There are 2 ways to move the FSMO roles from one AD server to another. One is using GUI and other one is using command line. I had already written articles about GUI method before so I am going to use PowerShell this time to move FSMO roles. If you like to use GUI mode search my blog and you will find articles on it. 
 
1) Log in to windows server 2016 AD as enterprise administrator
2) Open up the Powershell as administrator. Then type netdom query fsmo. This will list down the FSMO roles and its current owner. 
updc25
 
3) In my demo, the windows server 2012 R2 DC server holds all 5 fsmo roles. Now to move fsmo roles over, type Move-ADDirectoryServerOperationMasterRole -Identity REBELTEST-PDC01 -OperationMasterRole SchemaMaster, DomainNamingMaster, PDCEmulator, RIDMaster, InfrastructureMaster and press enter
 
In here REBELTEST-PDC01 is the windows server 2016 DC. If FSMO roles are placed on different servers, you can migrate each and every FSMO roles to different servers. 
updc26
 
4) Once its completed, type netdom query fsmo again and you can see now its windows server 2016 DC is the new FSMO roles owner. 
updc27

 
Uninstall AD role from windows server 2012 R2
 
Now we moved FSMO roles but we still running system on windows 2012 R2 domain and forest functional levels. In order to upgrade it, first we need to decommission AD roles from existing windows server 2012 R2 servers. 
 
1) Log in to windows 2012 R2 domain server as enterprise administrator
2) Open the PowerShell as administrator
3) Then type Uninstall-ADDSDomainController -DemoteOperationMasterRole -RemoveApplicationPartition and press enter. It will ask for local administrator password. provide new password for local administrator and press enter.
updc28
updc29
updc30
 
4) Once its completed it will restart the server.
 
Upgrade the forest and domain functional levels to windows server 2016
 
Now we have the windows server 2012 R2 domain controllers demoted, next step is to upgrade domain and forest functional levels. 
 
1) Log in to windows server 2016 DC as enterprise administrator 
2) Open PowerShell as administrator
3) Then type Set-ADDomainMode –identity rebeladmin.net -DomainMode Windows2016Domain to upgrade domain functional level to windows server 2016.  In here rebeladmin.net is the domain name. 
updc31
 
4) Then type Set-ADForestMode -Identity rebeladmin.net -ForestMode Windows2016Forest to upgrade forest functional level.
updc32
 
5) Once done you can run Get-ADDomain | fl Name,DomainMode and Get-ADForest | fl Name,ForestMode to confirm new domain and functional level 
updc33
 
Hope this post was useful and if you got any questions feel free to contact me on rebeladm@live.com


Step by Step guide to setup Active Directory on Windows Server 2012

This tutorial will explain how to install AD on server 2012 R2.

Requirement:

Minimum: 1.4 Ghz 64-bit processor

Minimum: 512 MB RAM

Minimum: 32 GB or greater

The first step is to get server 2012 install on a server. it is very similar to server 2008 install and in one of my previous posts i have discribe how to do the install in details.

1

Next thing we need to do is get network interfaces configured. it is obvious to use static ip address for the server. Since the server will be act as DNS server, for DNS server field you can use local host address 127.0.0.1

2

It is recommend to use meaning full name as the server name. in demo i renamed it as "DCPR1"

3

After this we are ready to start on the AD install. As per my next step i will start DNS role install first. This is not must to do, you also can install dns during the AD install. But as per best practice i always prefer to add DNS role first.
To do this we need to start "Server Manager" it can opne using shortcut on task bar or from Start > Server Manager

4

Then in Server Manager window click on option "Add roles and features" option.

5

Then it will load the "Add Role Wizard", Click next to continue

6

In next window keep "Role-based or feature-based installation" default selection and click on next.

7

In next window we can select which server to install role. in our case it will be local. so keep the default selection and click on next.

8

In next window it give option to select the roles. select the "DNS Server" and click on box to tick it.

9

Then it will prompt window to inform about the related additional features which DNS role need. click on "Add features" to continue.

10

In next window it gives option to select any additional feature, but in here i will keep it default. click on next to continue

11

Then it will give brief introduction about the DNS role, click on next button to continue

12

In next window it will give details about the selected features and click on "Install" to begin the installation

13

Then it will begin the installation and we need to wait till it completes.

14

Once its completes click on close.

15

Then you can access DNS server using server manager > tools > DNS

16

 

17

Now we have every thing ready for AD install. so lets load server manager again and click on "Add roles and features"

5

Then it will load the "Add roles and features" wizard. click on next to continue.

6

In next window keep "Role-based or feature-based installation" default selection and click on next.

7

In next window we can select which server to install role. in our case it will be local. so keep the default selection and click on next.

8

In next window it gives option to select the roles. select and click on tick box "Active Directory Domain Services"

dc1

Then it will prompt window to indicate the additional feature installations related to selected role. click on "Add Features" to continue.

dc3

Then in next window click on next to continue

dc4

In next window it will give option to select addtional feature to install. but i will keep the default selection. click next to install.

dc5

In next window it give brief description about the AD service. click on next to continue.

dc6

In next window it gives brief about the installation. click on "install" to start the installation.

dc7

In next window it will begins the service install and we have to wait till it finish.

dc8

Once it finish click on "close" to exit from the wizard. then next step is to reboot the server to complete the installation.

dc9

After that completes we need to start on the DC setup. to start that open the "Server Manager" and click Task flag on right hand corner. then it will list option as below picture. click on "promote this server to a domain controller" option ( highlighted with yellow in picture)

c1

Then it starts the DCPROMO wizard. on the first window since its going to be new forest i have selected option "Add a new forest" and i typed the domain name "contoso.com" which i will be using on the forest. once fill the info click on "next" to continue.

c2

In next window we can select the forest and domain functional levels. i will keep it default. then in domain controller capabilities its by default selected DNS server and Global Catalog as its first DC in the forest. then we need to defined password to use in DC recovery. click on next to continue.

c3

In next window it will give following error but it can be ignore. click on next to continue.

c4

c5

In next window it ask for the netbios name. we can keep it default and click on next to continue.

c6

In next window it give option to change file paths for AD database, log files and SYSVOL files. we can change the paths or keep them defaults. once changes are done click on next to continue.

c7

In next window it gives description about the installation. click on next to continue.

c8

In next window it will run system check and verify system is compatible with the selected installation. once test completes successfully click on install button to begin the installation. if its passes any critical errors those needs to be address before the installation begin.

c9

then it will start the install and we need to wait till it finishes.

c10

Once its complete the install it will automatically reboot the server.

Once server is rebooted log in to server using domain admin credentials.

In our demo it will be in format of

user : contoso\Administrator

password : XXXXXXXXX

Once login, load the "Server manager" and click on "AD DS" option in right hand list. then select and right click as showed in screenshot to start with AD configuration.

c11

Now we successfully completed with the DC setup on server 2012 R2. if you have any issue about the steps feel free to contact me on rebeladm@live.com