Migrate Active Directory to Windows 2012 R2 - pt. 2

04/05/2015 No Comments Reading Time: 4–5 minutes

upgradeadto2012versionpt2_01

After preparing the AD schema and demoted the secondary DCs, additional steps are required to migrate Active Directory to Windows 2012 R2.

The installation of new Windows 2012 R2 Domain Controllers and the transfer of AD Roles are the next steps to complete the migration.

 

Blog series

Migrate Active Directory to Windows 2012 R2 - pt. 1
Migrate Active Directory to Windows 2012 R2 - pt. 2
Migrate Active Directory to Windows 2012 R2 - pt. 3

 

Deploy the first Windows 2012 R2 DC

From vSphere Web Client (if you work with VMware), deploy a new Windows 2012 R2 Server we'll use as new Domain Controller.

upgradeadto2012versionpt2_02

In the new server, perform a Windows Update to have latest patches installed in the system.

upgradeadto2012versionpt2_03

 

Join the server to the domain

From the Server Manager, select Local Server and click on the Workgroup name to join the server to the domain.

upgradeadto2012versionpt2_04

In Computer Name tab, click on Change button and type the Domain name to join. Click OK to save the configuration.

upgradeadto2012versionpt2_05

Type the credentials of the Domain Administrator to join the machine to domain and click OK.

upgradeadto2012versionpt2_06

The new server is joined to the domain. Click OK.

upgradeadto2012versionpt2_07

Click OK to continue.

upgradeadto2012versionpt2_08

Click Apply to apply changes.

upgradeadto2012versionpt2_09

Click Restart now to reboot the server.

upgradeadto2012versionpt2_10

 

Install Roles

To promote the new server as Domain Controller, dcpromo command is no longer used in Windows 2012 but Active Directory Domain Services role must be installed instead.

From the Server Manager, click Add roles and features option.

upgradeadto2012versionpt2_11

Click Next to start the Add Roles and Feature Wizard.

upgradeadto2012versionpt2_12

Select Role-based or feature-base installation option then click Next.

upgradeadto2012versionpt2_13

Thick Select a server from the server pool and select the server to install. Click Next.

upgradeadto2012versionpt2_14

Select Active Directory Domain Services role.

upgradeadto2012versionpt2_15

Since the selected role requires some additional features, click Add Features to complete the requirements.

upgradeadto2012versionpt2_16

Click Next to continue.

upgradeadto2012versionpt2_17

Click Next to continue.

upgradeadto2012versionpt2_18

Nothing to select here. Click Next.

upgradeadto2012versionpt2_19

Check the Restart the destination server automatically if required option and click Yes in the pop up window.

upgradeadto2012versionpt2_20

Click on Install button to install selected roles.

upgradeadto2012versionpt2_21

The roles are being installed.

upgradeadto2012versionpt2_22

When complete, a warning message informs the server must be promoted to a Domain Controller. Click on the Promote this server to a domain controller link.

upgradeadto2012versionpt2_23

 

Promote the server as Domain Controller

When the Active Directory Domain Services Configuration Wizard starts, select the Add domain controller to an existing domain option then click Next.

upgradeadto2012versionpt2_24

Make sure DNS and GC are selected and insert a strong password for DSRM.

upgradeadto2012versionpt2_25

Click Next.

upgradeadto2012versionpt2_26

Leave default Any domain controller to replicate data from then click Next.

upgradeadto2012versionpt2_27

Leave default values then click Next.

upgradeadto2012versionpt2_28

In the Review Options click Next to continue.

upgradeadto2012versionpt2_29

If all prerequisites check passed successfully, click Install to begin installation.

upgradeadto2012versionpt2_30

The installation is being performed.

upgradeadto2012versionpt2_31

When the process has completed, the server automatically reboots.

upgradeadto2012versionpt2_32

When the server has restarted, from Server Manager select Tools > Active Directory Users and Computers.

upgradeadto2012versionpt2_33

Expand the domain name and select Domain Controllers item. In the right pane the new Domain Controller shows up.

upgradeadto2012versionpt2_34

To verify if the DNS works properly, from Server Manager select Tools > DNS.

upgradeadto2012versionpt2_35

Expand the server name and Forward Lookup Zones item. Right click the domain name and select Properties.

upgradeadto2012versionpt2_36

Ensure new DC is listed in the Name Servers tab.

upgradeadto2012versionpt2_37

 

Keep same DCs' IP Addresses

If you need to keep same Domain Controllers' IP Addresses during the migration to Windows 2012 R2, setup the 2012 R2 Servers as Domain Controllers with different IPs on the same subnet.

During the promotion procedure, a new DC (i.e. w12r2-dc01) has been installed in the network.

upgradeadto2012versionpt2_38

Now change the IP of one of your secondary Windows 2012 R2 Servers (i.e. w12r2-dc02) to the IP of the DC previously shutdown (i.e. w2k8r2-dc02) then restart the server.

upgradeadto2012versionpt2_39

After the restart, check the DNS Name Servers tab to see if the server is listed.

upgradeadto2012versionpt2_40

Check replica errors executing the command:

C:\>repadmin /replsummary

upgradeadto2012versionpt2_41

If no errors are detected, the procedure completed successfully.

 

Transfer the FSMO roles

Prior decommission the old Domain Controllers, the FSMO roles must be transferred to the new 2012 R2 servers to keep the Active Directory. Five roles in Active Directory must be transferred from the old to the new DCs:

  • Schema master
  • Naming master
  • PDC
  • RID master
  • Infrastructure master

To proceed, open the Command Prompt with administrative privileges.

upgradeadto2012versionpt2_42

To verify FSMO roles are on the Windows 2008 R2 Domain Controller, type the following command:

C:\Windows\system32>netdom query fsmo

upgradeadto2012versionpt2_43

The FSMO roles must be transferred to the new 2012 R2 DC using the command ntdsutil.

C:\Windows\system32>ntdsutil

upgradeadto2012versionpt2_44

Type roles when prompted then press Enter.

ntdsutil: roles

upgradeadto2012versionpt2_45

Type connections command then press Enter.

fsmo maintenance: connections

upgradeadto2012versionpt2_46

Type connect to server server2012r2dc.domain.com command where server2012r2dc is the new Domain Controller just deployed then press Enter.

server connections: connect to server w12r2-dc01.nolabnoparty.local

upgradeadto2012versionpt2_47

Now type quit command then press Enter.

server connections: quit

upgradeadto2012versionpt2_48

After connecting the DC to transfer roles to, type transfer schema master command to proceed with first role then press Enter.

fsmo maintenance: transfer schema master

Type Yes to confirm the transfer.

upgradeadto2012versionpt2_49

The schema master role is transferred.

upgradeadto2012versionpt2_50

Type transfer naming master and press Enter.

fsmo maintenance: transfer naming master

Type Yes to confirm the transfer.

upgradeadto2012versionpt2_51

The naming master role is transferred.

upgradeadto2012versionpt2_52

Type transfer PDC and press Enter.

fsmo maintenance: transfer PDC

Type Yes to confirm the transfer.

upgradeadto2012versionpt2_53

The PDC role is transferred.

upgradeadto2012versionpt2_54

Type transfer RID master and press Enter.

fsmo maintenance: transfer RID master

Type Yes to confirm the transfer.

upgradeadto2012versionpt2_55

The RID master role is transferred.

upgradeadto2012versionpt2_56

Type transfer infrastructure master and press Enter.

fsmo maintenance: transfer infrastructure master

Type Yes to confirm the transfer.

upgradeadto2012versionpt2_57

The infrastructure master role is transferred.

upgradeadto2012versionpt2_58

The five roles transfer is now complete. Type quit to exit fsmo maintenance.

fsmo maintenance: quit

upgradeadto2012versionpt2_59

Type quit to exit ntdsutil.

ntdsutil: quit

upgradeadto2012versionpt2_60

Check the roles to ensure they are on the new Server 2012 R2 using the netdom query fsmo command.

C:\Windows\system32>netdom query fsmo

upgradeadto2012versionpt2_61

The roles have been transferred successfully to the new 2012 R2 Domain Controller. Wait some minutes to replicate.

 

Set PDC to connect an external source

To keep network time in sync is suggested to configure the Domain Controller with PDC role to connect an external source.

Stop the w32time service.

c:\> net stop w32time

upgradeadto2012versionpt2_62

Configure the external time sources.

c:\> w32tm /config /syncfromflags:manual /manualpeerlist:”0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org”

upgradeadto2012versionpt2_63

Make the PDC as reliable time source for the clients.

c:\> w32tm /config /reliable:yes

upgradeadto2012versionpt2_64

Start the w32time service.

c:\> net start w32time

upgradeadto2012versionpt2_65

To check new configuration, run the following command:

c:\> w32tm /query /configuration

upgradeadto2012versionpt2_66

Part 3 will finalize the migration decommissioning the last 2008 R2 DC and migrating the DHCP service to the new 2012 R2 primary DC.

firma

Related Posts

About The Author

Paolo Valsecchi

System Engineer, VCP-DCV, VCP-DM, vExpert, VMCE, VMCA, Veeam Vanguard. Working experience focused on VMware vSphere, Microsoft Active Directory, and backup/DR solutions.