Tag: Update DNS and DHCP

  • How to Migrate Active Directory Server 2019 to Server 2022

    How to Migrate Active Directory Server 2019 to Server 2022

    In this article, we will see how to Migrate Active Directory Server 2019 to Server 2022. In the previous article, I configured an additional domain controller on Windows Server 2022. I will now upgrade the Active Directory to Windows Server 2022 and raise the functional level.

    Overview of Windows Server upgrades

    Virtual Machines Details

    Virtual MachineOSRoleIP Address
    WS2019-DC (Root DC)2019Primary Domain Controller192.168.121.150
    WS2022-DC (new DC)2022Secondary Domain Controller192.168.121.152

    First, we need to check the Master Operation role by typing this command Get-ADForest

    Now you can see the Schema Master is on WS2019-DC.xpertstec.local and the Forest Model level is still Windows2016.

    Get-ADFores PowerShell

    Now run this command Get-ADDomain to know about the following.

    PDC Emulator
    Infrastructure Master
    RID Master

    Get-ADDomain PowerShell

    Table of Content

    Join Windows Server 2022 to Domain

    Configure Additional Domain Controller

    Replication between the domain controllers

    Migrating FSMO roles to Windows Server 2022

    Change Active Directory Domain Controller

    Change Schema Master Role

    Change Global Catalog

    Raise Domain and Forest Function Level

    Demote-active-directory-domain-service

    Migrate Active Directory Server 2019 to 2022

    One new virtual machine with Windows Server 2022 OS has been installed in order to make smooth migration. Once migration is completed, Windows Server 2019 domain controllers will be decommissioned.

    The Domain Controller server is running on Windows Server 2019 OS and name called WS2019-DC. The domain name is xpertstec.local

    Steps to Migrate Domain Controller Server 2019 to Server 2022

    Prepare existing Active Directory to support Server 2022 as a domain controller.

    Configure Window Server 2022 to an additional domain controller.

    Verify the replication between Domain Controllers (Windows Server 2019 and Windows Server 2022).

    Transfer Master Operation roles (FSMO) to Windows Server 2022.

    Promote Server 2019 as an additional domain controller

    Login with the windows server 2022 system, Open Server Manager, and then click on add roles and features.

    Server manager

    Click next

    Add roles and features wizard

    Click next

    Role based or feature based

    Click next

    Select destination server

    Tick the checkbox Active Directory Domain Services roles.

    Active directory domain services role

    Click on add features.

    Add features that are required

    Click next

    Select roles active directory

    Default options, click next.

    Add roles and features

    Click next

    Active directory domain services (ad ds)

    Click install

    Confirm ADDC installation selection

    Click close

    Active directory domain services results

    After installation, click on the notification button and then choose promote this server to a domain controller option.

    Promote this server to a domain controller

    Click on the change button, to add existing domain controller (WS2019-DC.xpertstec.local) credentials.

    Added Domain Controller

    Enter credentials and then click ok.

    Credentials for deployment confirmation

    Click next

    Migrate active directory server deployment confirmation

    Type your domain controller credentials and then click next.

    Migrate domain controller options

    Click next

    Migrate active directory server DNS options

    Under the Additional Options choose the existing domain controller and then click next.

    Select domain controller

    Select default options for Paths and then click next.

    Migrate active directory server paths

    Review Options, click next.

    Migrate active directory server review options

    Prerequisites Check, click install.

    Migrate active directory prerequisite check

    The system will reboot after the installation.

    Login into the additional domain controller and check the status of the domain name by typing the following commands.

    [System.Net.Dns]::GetHostByName($env:computerName).HostName

    systeminfo | findstr /B /C:”OS Name” /C:”OS Version”
    netdom query fsmo

    Netdom query fsmo

    Check the registry settings

    Observer the schema Version

    Check Replication between the domain controllers

    Open Server Manager, click on the Tools tab and then click on Active Directory Sites and Services.

    Server manager tools

    Expand default first site name, expand WS2022-DC machine, right click on NTDS settings, click on all tasks then click on check Replication Topology.

    Active directory sites and services

    Click ok

    Check replication topology

    Now check the replication status opening DNS Manager. The authority number 21 is for both domain controllers for _msdcs.secure.com

    DNS manager msdcs

    DNS Replication Status.

    DNS manager msdcs

    (Microsoft domain controller service) and 46 both domain controllers for xpertstec.local

    DNS manager local domain

    DNS Replication Status

    DNS manager local domain

    Migrating FSMO roles to Windows Server 2022

    From WS2019-DC, open active directory users and computers console. Right-click on the local domain and then click on Change Domain Controller.

    Change domain controller

    Change to WS2022-DC.local and then click ok.

    Migrate Operation Masters

    Right click on the local domain and then select operation masters.

    Transfer operations master role?

    Click on the RID tab and then select the Change button.

    Change operations master RID

    Click yes to transfer the role

    Transfer operations master role?

    Select ok

    Change operations master RID

    Select the PDC tab and then select the Change button.

    Change operations master PDC

    Click yes to transfer the role

    Transfer operations master role

    Select ok

    Operations master successfully transferred

    Select the Infrastructure tab and then select the Change button.

    Change operations master infrastructures

    Click yes to transfer the role.

    Transfer operations master role?

    Select ok

    Operations master successfully transferred

    Now RID, PID, and Infrastructure roles switched to WS2022-DC.xpertstec.local

    Change operations master infrastructures

    Now check the Master Operation role by typing the following command Get-Domain.

    Get-ADdomain PowerShell

    Check the Master Operation role by typing the following command Get-ADForest.

    Get-ADForest PowerShell

    Use this command “netdom query fsmo” to get all outputs.

    Netdom query fsmo PowerShell

    Change Active Directory Domain Controller

    From xpertstec.local, open Active Directory Domain and Trusts console

    Right-click Active Directory Domain and Trusts, and then select change Active Directory Domain Controller.

    Active directory domains and trusts

    Select the directory server from WS2019-DC.xpertstec.local to WS2022-DC.xpertstec.local and then click ok.

    Change directory server

    Now change the Operations Master. Right click on the top-level container and then choose Operations Master.

    Active directory domains and trusts

    Click on the change button to transfer the domain naming master role to the WS2019-DC.xpertstec.local server.

    Domain naming operations master

    Click Yes

    Operations master successfully transferred

    Select ok

    Operations master successfully transferred

    Verify the domain naming operations master in the Operation Master interface is now transferred.

    Domain naming operations master

    In the WS2019-DC.xpertstec.local server, open the command prompt and then enter regsvr32 schmmgmt.dll to change the Schema Master.

    Read this article: DllRegisterServer failed error code 0x80040201 schmmgmt.dll

    Click ok

    Regsvr32 schmmgmt.dll command

    Change Schema Master Role

    On the WS2019-DC.xpertstec.local server type mmc in the run command to launch console root.

    Select the File tab and then click on Add/Remove Snap-in.

    Console addremove snap-ins

    In the add or Remove Snap-ins interface, click on Active Directory Schema, click on Add and then click OK.

    Add or remove snap-ins

    Now right-click Active Directory Schema and then select the Change Active Directory Domain Controller option.

    Console root change active directory

    Change the Directory Server window, select WS2022-DC.xpertstec.local, and then click ok.

    Change directory server

    Click ok to proceed.

    Active directory schema

    In the Console root, right-click on Active Directory Schema and then select Operations Master.

    Console root operation master

    To Change the Schema Master interface, select the change button to transfer the schema master role to the WS2022.xpertstec.local server.

    Migrate active directory change schema master

    Click Yes

    Active directory schema yes

    Select ok to proceed.

    Operation master successfully transferred

    Now confirm schema master is WS2022-DC.xpertstec.local and then click close.

    Migrate active directory change schema master

    Type the following command netdom query fsmo to get all outputs and we can see all the roles have been changed to WS2022-DC.xpertstec.local

    Netdom query fsmo PowerShell

    Change Global Catalog

    Launch Active Directory Sites and Services, expand Sites, then Default-first-site-name, right-click on NTDS Settings and click on properties.

    Active directory sites and services

    Untick Global Catalog and then click ok.

    NTDS system properties global catalog

    Raise Domain and Forest Function Level

    In the active directory user and computer, right-click on the domain and then choose Raise domain functional level.

    Active directory users and computers

    Here is the raised domain functional level.

    Raise domain functional level

    Launch domains and trusts, Right click on the active directory domain, and then click on raise forest functional level.

    Active directory domain and trusts

    Here is the raised forest functional level.

    Raise forest functional level

    Confirm the domain and forest functional levels by using the below PowerShell command.

    Get-ADDomain | fl Name, DomainMode
    Get-ADForest | fl Name, ForestMode

    Get-addomain PowerShell

    Now replace your DNS IP address.

    Internet protocol version 4 properties

    How to demote active directory domain service in window server 2019

    Open Server Manager, click on the Manage tab and then select Remove Roles and features.

    Server manager manage

    Click next

    Remove roles and features wizard

    Click next

    Remove roles and features server pool

    Uncheck Active Directory Domain Services checkbox.

    Remove Server roles active directory

    Select Remove Features.

    Remove features that required active directory

    Now Untick the DNS Server role box.

    Remove Server roles DNS Server

    Click on Remove Features.

    Remove features that are require

    Click next

    Remove Server roles active directory

    Click next

    Remove roles and features

    Confirm removal selections and then select the Remove button.

    Confirm removal roles selections

    Click close

    View removal roles progress

    Read more about how to remove a domain controller server.

    troller serveroot the server and then join it in the workgroup.

    Also, read this article: Upgrade Windows Server 2019 to 2022,.