Migrate Active Directory Server 2019 to Server 2022
in ,

How to Migrate Active Directory Server 2019 to Server 2022

In this article, we will see how to Migrate Active Directory Server 2019 to Server 2022. In the previous article, I configured an additional domain controller on Windows Server 2022. I will now upgrade the Active Directory to Windows Server 2022 and raise the functional level.

Overview of Windows Server upgrades

Virtual Machines Details

Virtual MachineOSRoleIP Address
WS2019-DC (Root DC)2019Primary Domain Controller192.168.121.150
WS2022-DC (new DC)2022Secondary Domain Controller192.168.121.152

First, we need to check the Master Operation role by typing this command Get-ADForest

Now you can see the Schema Master is on WS2019-DC.xpertstec.local and the Forest Model level is still Windows2016.

Get-ADFores PowerShell

Now run this command Get-ADDomain to know about the following.

PDC Emulator
Infrastructure Master
RID Master

Table of Content

Join Windows Server 2022 to Domain

Configure Additional Domain Controller

Replication between the domain controllers

Migrating FSMO roles to Windows Server 2022

Change Active Directory Domain Controller

Change Schema Master Role

Change Global Catalog

Raise Domain and Forest Function Level

Demote-active-directory-domain-service

Migrate Active Directory Server 2019 to 2022

One new virtual machine with Windows Server 2022 OS has been installed in order to make smooth migration. Once migration is completed, Windows Server 2019 domain controllers will be decommissioned.

The Domain Controller server is running on Windows Server 2019 OS and name called WS2019-DC. The domain name is xpertstec.local

Steps to Migrate Domain Controller Server 2019 to Server 2022

Prepare existing Active Directory to support Server 2022 as a domain controller.

Configure Window Server 2022 to an additional domain controller.

Verify the replication between Domain Controllers (Windows Server 2019 and Windows Server 2022).

Transfer Master Operation roles (FSMO) to Windows Server 2022.

Promote Server 2019 as an additional domain controller

Login with the windows server 2022 system, Open Server Manager, and then click on add roles and features.

Server manager

Click next

Add roles and features wizard

Click next

Role based or feature based

Click next

Select destination server

Tick the checkbox Active Directory Domain Services roles.

Active directory domain services role

Click on add features.

Add features that are required

Click next

Select roles active directory

Default options, click next.

Add roles and features

Click next

Active directory domain services (ad ds)

Click install

Confirm ADDC installation selection

Click close

Active directory domain services results

After installation, click on the notification button and then choose promote this server to a domain controller option.

Promote this server to a domain controller

Click on the change button, to add existing domain controller (WS2019-DC.xpertstec.local) credentials.

Added Domain Controller

Enter credentials and then click ok.

Credentials for deployment confirmation

Click next

Migrate active directory server deployment confirmation

Type your domain controller credentials and then click next.

Migrate domain controller options

Click next

Migrate active directory server DNS options

Under the Additional Options choose the existing domain controller and then click next.

Select domain controller

Select default options for Paths and then click next.

Migrate active directory server paths

Review Options, click next.

Migrate active directory server review options

Prerequisites Check, click install.

Migrate active directory prerequisite check

The system will reboot after the installation.

Login into the additional domain controller and check the status of the domain name by typing the following commands.

[System.Net.Dns]::GetHostByName($env:computerName).HostName

systeminfo | findstr /B /C:”OS Name” /C:”OS Version”
netdom query fsmo

Netdom query fsmo

Check the registry settings

Observer the schema Version

Check Replication between the domain controllers

Open Server Manager, click on the Tools tab and then click on Active Directory Sites and Services.

Server manager tools

Expand default first site name, expand WS2022-DC machine, right click on NTDS settings, click on all tasks then click on check Replication Topology.

Active directory sites and services

Click ok

Check replication topology

Now check the replication status opening DNS Manager. The authority number 21 both domain controllers for _msdcs.secure.com

DNS manager msdcs

DNS Replication Status.

DNS manager msdcs

(Microsoft domain controller service) and 46 both domain controllers for xpertstec.local

DNS manager local domain

DNS Replication Status

DNS manager local domain

Migrating FSMO roles to Windows Server 2022

From WS2019-DC, open active directory users and computers console. Right-click on the local domain and then click on Change Domain Controller.

Change domain controller

Change to WS2022-DC.local and then click ok.

Migrate Operation Masters

Right click on the local domain and then select operation masters.

Change operations master role

Click on the RID tab and then select the Change button.

Change operations master RID

Click yes to transfer the role

Transfer operations master role?

Select ok

Operations master successfully transferred

Select the PDC tab and then select the Change button.

Change operations master PDC

Click yes to transfer the role

Transfer operations master role?

Select ok

Operations master successfully transferred

Select the Infrastructure tab and then select the Change button.

Change operations master infrastructures

Click yes to transfer the role.

Transfer operations master role?

Select ok

Operations master successfully transferred

Now RID, PID, and Infrastructure roles switched to WS2022-DC.xpertstec.local

Change operations master infrastructures

Now check the Master Operation role by typing the following command Get-Domain.

Get-ADdomain PowerShell

Check the Master Operation role by typing the following command Get-ADForest.

Get-ADForest PowerShell

Use this command “netdom query fsmo” to get all outputs.

Netdom query fsmo PowerShell

Change Active Directory Domain Controller

From xpertstec.local, open Active Directory Domain and Trusts console

Right-click Active Directory Domain and Trusts, and then select change Active Directory Domain Controller.

Active directory domains and trusts

Select the directory server from WS2019-DC.xpertstec.local to WS2022-DC.xpertstec.local and then click ok.

Change directory server

Now change the Operations Master. Right click on the top-level container and then choose Operations Master.

Active directory domains and trusts

Click on the change button to transfer the domain naming master role to the WS2019-DC.xpertstec.local server.

Domain naming operations master

Click Yes

Operations master successfully transferred

Select ok

Operations master successfully transferred

Verify the domain naming operations master in the Operation Master interface is now transferred.

Domain naming operations master

In the WS2019-DC.xpertstec.local server, open the command prompt and then enter regsvr32 schmmgmt.dll to change the Schema Master.

Click ok

Regsvr32 schmmgmt.dll command

Change Schema Master Role

On the WS2019-DC.xpertstec.local server type mmc in the run command to launch console root.

mmc run command

Select the File tab and then click on Add/Remove Snap-in.

Console addremove snap-ins

In the add or Remove Snap-ins interface, click on Active Directory Schema, click on Add and then click OK.

Add or remove snap-ins

Now right-click Active Directory Schema and then select the Change Active Directory Domain Controller option.

Console root change active directory

Change the Directory Server window, select WS2022-DC.xpertstec.local, and then click ok.

Change directory server

Click ok to proceed.

Active directory schema

In the Console root, right-click on Active Directory Schema and then select Operations Master.

Console root operation master

To Change the Schema Master interface, select the change button to transfer the schema master role to the WS2022.xpertstec.local server.

Migrate active directory change schema master

Click Yes

Active directory schema yes

Select ok to proceed.

Operation master successfully transferred

Now confirm schema master is WS2022-DC.xpertstec.local and then click close.

Migrate active directory change schema master

Type the following command netdom query fsmo to get all outputs and we can see all the roles have been changed to WS2022-DC.xpertstec.local

Netdom query fsmo PowerShell

Change Global Catalog

Launch Active Directory Sites and Services, expand Sites, then Default-first-site-name, right-click on NTDS Settings and click on properties.

Active directory sites and services

Untick Global Catalog and then click ok.

NTDS system properties global catalog

Raise Domain and Forest Function Level

In the active directory user and computer, right-click on the domain and then choose Raise domain functional level.

Active directory users and computers

Here is the raised domain functional level.

Raise domain functional level

Launch domains and trusts, Right click on the active directory domain, and then click on raise forest functional level.

Active directory domain and trusts

Here is the raised forest functional level.

Raise forest functional level

Confirm the domain and forest functional levels by using the below PowerShell command.

Get-ADDomain | fl Name, DomainMode
Get-ADForest | fl Name, ForestMode

Get-addomain PowerShell

Now replace your DNS IP address.

Internet protocol version 4 properties

How to demote active directory domain service in window server 2019

Open Server Manager, click on the Manage tab and then select Remove Roles and features.

Server manager manage

Click next

Remove roles and features wizard

Click next

Remove roles and features server pool

Uncheck Active Directory Domain Services checkbox.

Remove Server roles active directory

Select Remove Features.

Remove features that required active directory

Now Untick the DNS Server role box.

Remove Server roles DNS Server

Click on Remove Features.

Remove features that are require

Click next

Remove Server roles active directory

Click next

Remove roles and features

Confirm removal selections and then select the Remove button.

Confirm removal roles selections

Click close

View removal roles progress

Reboot the server and then join it in the workgroup.

Written by Jamil Parvez

Jamil Pervez works as a Network Administrator, based in Kuwait with a Primary focus on Microsoft technologies. Microsoft Certified MCSE, MCTP, MCITP, CCNP, CCIP, CCVP with 20 years of experience in administering Windows Servers, Exchange, VMWare, Veeam B&R, Veritas BackupExec.

Leave a Reply

Uninstall Kaspersky Security Center Network Agent

Uninstall Kaspersky Security Center Network Agent Steps