Breaking News

Migrating Active Directory FSMO Roles From Windows 2012 R2 to Windows 2016


This article will guide you through the steps to transfer active directory FSMO roles from Windows Server 2012 R2 to Windows Server 2016.  For this guide, example.com will be my domain name. I have a Windows Server 2012 R2 domain controller as PDC (source server) and one Windows Server 2016 (target server) which I have already added to my existing domain.







Current domain and forest functional level of the domain is Windows Server 2012 R2.


Let's begin with the migration process.

Installing Active Directory on Windows Server 2016

1. Log in to windows server 2016 as domain administrator or enterprise administrator
2. Check the IP address details and set the localhost (127.0.0.1) IP address as the primary DNS and another AD server as secondary DNS. This is because after AD install, server itself will act as DNS server
3. Run servermanager.exe form PowerShell to open server manager.


4. Then click on Add Roles and Features


5. It will open up the Add Roles and Feature Wizard, click next to continue


6. Keep the default selection and Click next


7. Select your server and click next to continue


8. Under the server roles click on Active Directory Domain Services, it will then prompt with the features needs for the role. Click on add features. Then click next to proceed




9. Keep the default selection and click next


10. Click next to proceed


11. Click on install to start the role installation process.



12. Once installation completed, click on promote this server to a domain controller option


13. Active Directory Domain Service configuration wizard, keep the option Add a domain controller to existing domain selected and click next.


14. Provide a DSRM password and click next


15. Click on next to proceed


16. From where to replicate domain information. You can select the specific server or leave it default. Once done click next to proceed.


17. You can change the paths or keep the default. Click next to continue


18. Since this is the first Windows Server 2016 AD domain, it will run forest and domain preparation task. Click next to proceed.


19. Click next to proceed.


20. Then it will run prerequisite check, if all well then click on install to start the configuration process.


21. Once the installation completes it will restart the server.



Migrating FSMO Roles to Windows Server 2016 AD
There are 2 methods to transfer the FSMO roles from one server to another. One is using GUI and other one is command line. Since I am more comfortable with command line so I'll be using PowerShell to transfer FSMO roles from Windows 2012 R2 to Windows Server 2016.

1. Log in to Windows Server 2016 AD as enterprise administrator
2. Open up the PowerShell as administrator. Then execute netdom query fsmo command. This will list down the FSMO roles and its current owner. 


3. In our example, the Windows Server 2012 R2 AD server holds all 5 fsmo roles. To transfer FSMO toles, execute the following command

Move-ADDirectoryServerOperationMasterRole -Identity TEST-PDC01 -OperationMasterRole SchemaMaster, DomainNamingMaster, PDCEmulator, RIDMaster, InfrastructureMaster

and press enter

In our example, TEST-PDC01 is the Windows Server 2016 DC. If FSMO roles are placed on different servers in your environment, you can migrate each and every FSMO roles to different servers. 


4. Once its completed, execute netdom query fsmo again and now you can see its Windows Server 2016 DC is the new FSMO roles owner.


Uninstalling AD role from Windows Server 2012 R2

We have successfully transfered FSMO roles, but still domain and forest functional levels running on Windows 2012 R2 . In order to upgrade it, first we need to decommission AD roles from existing Windows Server 2012 R2 servers. 

1. Log in to Windows 2012 R2 domain server as enterprise administrator
2. Open the PowerShell as administrator
3. Execute the following command 

Uninstall-ADDSDomainController -DemoteOperationMasterRole -RemoveApplicationPartition

and press enter. It will ask for local administrator password. provide new password for local administrator and press enter.




4. Once its completed it will restart the server.





Upgrading the forest and domain functional levels to Windows Server 2016
Since we have demoted Windows Server 2012 R2 domain controller, next step is to upgrade domain and forest functional levels. 
1. Log in to Windows Server 2016 DC as enterprise administrator 
2. Open PowerShell as administrator
3. Execute the following command

Set-ADDomainMode –identity rebeladmin.net -DomainMode Windows2016Domain to upgrade domain functional level to Windows Server 2016.  In our example, example.com is the domain name. 


4. Now type Set-ADForestMode -Identity rebeladmin.net -ForestMode Windows2016Forest to upgrade forest functional level.


5. Once completed, you can run Get-ADDomain | fl Name,DomainMode and Get-ADForest | fl Name,ForestMode to confirm new domain and functional level


That's all for now.

2 comments:

  1. How about creating a PowerShell script to transfer FSMO roles? I want to ask an IT guy to perform this task but i don't want to share administrator privileges due to security concerns.....Pls share your thoughts

    ReplyDelete
    Replies
    1. you just need to convert commands (mentioned in the article) into a powershell script and execute it...simple

      Delete