In this article we will show you how to promote a new domain controller with Windows Server 2016 in the Active Directory domain, move FSMO roles from an old domain controller (running Windows Server 2012 R2/2008), raise the domain functional level to Windows Server 2016 and then demote the DC from Windows Server 2012/2008 to the domain member server.
We assume that you already have a new server running Windows Server 2016. Our task is to install the Active Directory Domain Services role on it. In our lab, we have an installed domain contoso.com with one PDC domain controller on Windows Server 2012 R2. We will add the second domain controller with Windows Server 2016 and transfer all the FSMO roles to it.
How to move FSMO Roles from old DC?
To install a domain controller and transfer FSMO roles, your account must be in the Domain Admins and Enterprise Admins groups. You can install the ADDS role from the Server Manager console GUI (screenshot below), but it’s much more convenient and easier to install a AD role from the PowerShell console.
On a new server run elevated PowerShell command line. Import the ServerManager module to the PowerShell session and install the ADDS services and the management tools.
Import-Module ServerManager Install-WindowsFeature -name AD-Domain-Services –IncludeManagementTools
Wait until the ADDS role and management tools have been installed. A server reboot is not required.
To promote this server to a domain controller, run the following command (replace the domain, first DC and site names to your own!):
Install-ADDSDomainController ` -NoGlobalCatalog:$false ` -CreateDnsDelegation:$false ` -CriticalReplicationOnly:$false ` -DatabasePath "C:\Windows\NTDS" ` -DomainName "contoso.com" ` -InstallDns:$true ` -LogPath "C:\Windows\NTDS" ` -NoRebootOnCompletion:$false ` -ReplicationSourceDC "dc.contoso.com" ` -SiteName "NewYork" ` -SysvolPath "C:\Windows\SYSVOL" ` -Force:$true
You must specify the local DSRM password and confirm it. After the role is configured, the server will automatically reboot.
Now you can transfer all (or only a part of) FSMO roles to the new DC.
You can transfer FSMO roles from one DC to another using GUI consoles or via PowerShell. By using PowerShell the transfer becomes much easier.
Make sure that all FSMO roles are located on the old (Windows 2012r2) domain controller:
netdom query fsmo
Now you can transfer all 5 FSMO roles to a new DC:
Move-ADDirectoryServerOperationMasterRole -Identity "dc3-2016" -OperationMasterRole 0,1,2,3,4
After the transfer is complete, make sure that the new DC with Windows Server 2016 is the new FSMO roles owner:
Get-ADDomain | Select-Object InfrastructureMaster, RIDMaster, PDCEmulator
Get-ADForest | Select-Object DomainNamingMaster, SchemaMaster
Get-ADDomainController -Filter * |
Select-Object Name, Domain, Forest, OperationMasterRoles |
Where-Object {$_.OperationMasterRoles} |
Format-Table -AutoSize
After transferring all of the roles, you can remove the old DC by demoting it with the following Powershell commands:
Import-Module ADDSDeployment Uninstall-ADDSDomainController -DemoteOperationMasterRole -RemoveApplicationPartition
The command prompts you to specify a new password for the local server Administrator.
After the command completes, reboot the server.
The last thing to do is update the functional level of your Active Directory domain to Windows 2016. Make sure that the current domain level is Windows2012R2Domain:
Get-ADDomain | fl Name,Domainmode
To upgrade the functional level of you AD from 2012r2 to 2016, run the command:
Set-ADDomainMode –identity contoso.com -DomainMode Windows2016Domain
So, in this way we have successfully upgraded the Active Directory domain to Windows Server 2016.
The post Move FSMO Roles and Upgrade Domain to Windows Server 2016 appeared first on TheITBros.