This article walks you through how to implement a new domain controller and retire an old one.
In our scenario, our environment has one existing 2012 R2 domain controller and we’re going to replace it with a 2019 Server. The existing DC is also the file and print server which we’ll also migrate to the new DC.
Alternatively, you can migrate file shares and printers to a dedicated server instead. Of course these two scenarios don’t fit all situations but is the exact scenario of many small businesses around the world.
Some of these steps are best practices and others merely my preferences. Use what is helpful to you.
The New Server
- If it’s virtual, Create the VM
- Install Windows 2019 Server
- For local Administrator account, specify a long, complex, unique password
- If it’s virtual, Install hypervisor tools (Vmware Tools or Hyper-V Integration Services)
- Assign it a static IP address
- Install anti-virus
- Fully patch it up
- Activate Windows
Promote to DC:
- Install the Active Directory Services role
- Run the AD promotion wizard
- Follow the wizard to promote it to a domain controller:
- If you get stopped with an error about needing to first migrate from FRS to DFS, then follow this article to migrate.
- Choose the option to add a DC to an existing forest/domain
- You can safely ignore the warning about DNS delegation
- If you get stopped saying that the forest or domain functionality needs raised, follow this article to raise it.
- The process will extend the forest and domain schema.
Once the DC is Promoted:
- Check the Directory Services and DNS event logs for entries saying that both services are healthy.
- Check that the SYSVOL and NETLOGON shares are the new DC. If they are not, then the old DC is probably in journal wrap. Follow this article to resolve that.
- Remove the DNS forwarder that is automatically created on the new DC that points to the old.
- Change the new DC to use 127.0.0.1 and nothing for secondary.
Move FSMO Roles:
- Move the FSMO roles by following this article.
Migrate DHCP Server:
- Migrate DHCP Server by following this article.
At this point the new server is a domain controller and DNS server, with FSMO roles and DHCP migrated to it. Next we’ll migrate network shares and printers.
(to be continued)
Jason works as a project specialist at an IT MSP in Pennsylvania, USA. He’s an IT/security professional with 20 years experience.