Migrate 2008 R2 DC to 2012 R2

So why Migrate?

There are a number of reasons why you should migrate your Domain Controllers over to the latest version of the Server Operating system. Here are a few below…

Continued support for the Operating System – Ideally you want to be on the latest version of the operating system to still receive continued support, either technical support or latest patch updates. If you don’t update your operating system you face vulnerabilities from hackers trying to exploit the operating system and gain entry. Just as Microsoft releases patches you can bet that hackers are trying to work just as hard trying to compromise your systems. This is why it’s important to have the latest version as patching helps prevent and close some of these loopholes.It’s not the only solution but goes a long way. (Prevention is better than cure)

Latest updates in technology – With every new version of an operating system comes new technology features, better security.

Pushes hardware changes – By upgrading/migrating your operating systems you might also be pushed to update your hardware as well. You might think that this is a negative reason as there is cost involved however you need to understand that just as operating systems evolve so does hardware. If you don’t upgrade your hardware you are more than likely not getting the best efficiency out of your operating system and support from vendors as they tend to stop software releases after a while. (Think Drivers etc)

Third Party vendor and application support – With continued updates and releases you can bet that being ahead of the game will help later down the line as you will not be facing issues with incompatible hardware and software because the operating system is to old to support.

Improved performance and stability – With the latest version of the operating system you can be sure that Microsoft has improved upon what they have learnt from previous versions of the operating system to help improve overall performance and stability in the latest version

Staying within Compliance – To be within certain compliance and standards you will need to have the latest version(supported versions).

Step 1:

  • Backup your Domain Controller first and foremost before continuing. If there are any issues you need a recourse on reverting back.
  • Let's confirm configuration, Open Server Manager on your 2008 DC
2008 DC Server Manager

Step 2:

  • Open CMD Prompt (Admin) to verify FSMO roles
    Now that we have verified who holds the fsmo roles we can now move over to the newly installed Server 2012 operating system.
netdom query

Step 3:

  • First thing to do is to join the newly installed 2012 os to the 2008 Domain.
Joined dc

Step 4:

  • Now that we have joined to the 2008 domain controller we need to insert the Server 2012 disk / image in the drive.
    The reason we do this is to make use of a utility called adprep. What this helps us to do is to prepare the active directory schema for the upgrade. This will add new object types that are required by the new operating system.

Step 5:

  • So how do you know what you current schema version of your operating system is before you run adprep. This is a simple check to do beforehand.
  • Run Cmd Prompt(Admin) and enter regedit or Type it into the search
  • Drill down Hkey_Local_machine / System / CurrentControlSet / Services / NTDS / Parameters on the right panel you will note Schema version . It will most likely be 47. Keep this in the back of your mind as once the adprep utlilty has run this will change.
regestry

Step 6:

  • So lets update the Schema by running the Adprep command
  • First lets open up CMD prompt (admin)
  • Type the following Command: D: (Whatever the location is of the 2012 image)
    cd support
    cd adprep
    adprep /forestprep     (You might get a warning stating that you are not part of the Schema admin group or Enterprise admin group. Make sure you add yourself to this group before continuing)
  • You will receive a warning stating that you will be upgrading the Schema and to type 'C' and Enter to continue, go ahead and do so. As soon as you do you will see it updating the Schema Version from 47 to 69. If you confirm the Registry settings again you will note that the version is now 69
schema upgrade

Step 7:

  • We will now go ahead and Promote our 2012 Os install to a DC
    Note - Don't forget to Create a Static IP and a Computer Name that reflects that it is a DC
  • Go Ahead and add the Role Active Directory Domain Services, Click Next
Active directory domain services

Step 8:

  • We want to add it to an existing domain , Click Next
existing domain

Step 9:

  • Leave DNS and Global Catalog checked and enter your Directory Services Restore mode password, Click Next
dsrm password

Step 10:

  • Replicate from the Domain Controller that you need to, Click Next
Replicate from Domain Controller

Step 11:

  • I tend to leave the default location database , Click Next

Step 12:

  • You Are now presented with a window stating that to install the domain controller the wizard needs to perform the Domain Prep operation. (You can also do the same thing as what we did with the Forest prep command on the 2008 DC, this is just another method of doing it as well( The alt method would be to run the following command after the forest prep command. adprep /domainprep
domain prep

Step 13:

  • Popup Review window, click Next

Step 14:

  • Click Install of prerequisite Check
prerequisite check

Step 15:

  • Now that the DC has been configured we need a reboot
Configured DC

Step 16:

  • After the Reboot has been completed I like to wait to make sure that all objects have been replicated to the New Domain Controller there are some checks that should be done to make sure. I would leave it overnight to make sure that all replication has completed (Note -Don't rely on this as your DC might be setup differently, best to check ). You can also force the replication as well as configure the timings between replications to be less. I will do a seperate guide to this procedure.
  • Go ahead and open Active Directory Users and Computers and you will note with visual inspection that our objects have replicated over to the new controller
Active Directory users and computers

Step 17:

  • Also go ahead with visual inspection to check that within DNS Manager that your DNS records have also been replicated i created an entry www to confirm this.

Step 18:

  • You also want to check Active Directory Sites and Services as well to note that the DC's are there and Syncing by right clicking on the NTDS and selecting replicate now
sites and services

Step 19:

  • What I would do next as well to confirm Healthy replication is to open up the CMD Prompt(admin) and type the following commands:
    Repadmin /replsummary
    (Brief Summary of replication state)
repadmin state

Step 20:

  • What I would do next as well to confirm Healthy replication is to open up the CMD Prompt(admin) and type the following commands:
    Repadmin /Queue
    (List objests still to be replicated)

Step 21:

  • What I would do next as well to confirm Healthy replication is to open up the CMD Prompt(admin) and type the following commands:
    Repadmin /showrepl
    (Ensures synchronization between replication partners)
repadmin sync

Step 22:

  • Note - Another good place to check is the event viewer logs for any issues , you should always check before you demote the old DC for any errors.
  • Make sure as well that the condition of the new DC is good you can test by running the dcdiag command within Command Prompt (admin) to make sure it passes all critical tests. (Note - What I like to do before i run this test is to save event Viewer logs if i need to revert back and look through them. Then clear all the logs and run the test. That way you get a clean View of all the tests run with the dcdiag command.
dcdiag

Step 23:

  • Let's now go ahead and Transfer our FSMO roles from the 2008 Dc as we now know replication has occured sucessfully.
  • Let's confirm where the FSMO roles are at the moment by opening up powershell (on the 2012 install) and typing the following:
    netdom query fsmo
    As we can see they are residing on the 2008 DC and we wish to move them to the 2012 DC
fsmo roles

Step 24:

  • I am going to be using powershell to move the FSMO Roles over from the 2008 DC to the 2012 DC, there are alternate methods of transferring the FSMO Roles which i list in my previous how to guides.
  • So open powershell(admin) and type the following: Type the following to import the module into powershell first: Import-Module ActiveDirectory Next Type the following: Move-ADDirectoryServerOperationMasterRole -Identity “2012DC1” –OperationMasterRole DomainNamingMaster,PDCEmulator,RIDMaster,SchemaMaster,InfrastructureMaster

    Note - What's within the quotation marks would be the Domain that you would be moving it over to
  • Enter and say yes or better yet, yes to all​
  • Verify with Powershell that Roles have been moved over
  • Type the following to verify the Forest Roles that have been moved : Get-ADForest (yourdomain) | Format-Table SchemaMaster,DomainNamingMaster
  • Type the Following to check Domain Roles: Get-ADDomain (yourdomain) | format-table PDCEmulator,RIDMaster,InfrastructureMaster
Poweshell FSMO Role holders

Step 25:

  • Verify with Powershell that Roles have been moved over
    Type netdom query fsmo
netdom query fsmo powershell

Step 26:

  • Now that we have confirmed that the roles are residing on the new Server 2012 DC we can demote the 2008 DC. Note - Before we do this however we must make sure that in IPv4 settings on the new Domain controller that we point the DNS to the new DC.
  • Type the following on the 2008 DC in CMD prompt
    dcpromo - This will open a wizard to guide you through the demotion process
dcpromo

Step 27:

  • Click next and ok on popup until you get to the below window, click next
demote dc

Step 28:

  • You will be prompted to enter Admin Password to continue click next
password

Step 29:

  • You will be receive a notification summary that you are removing the DC Role click next

Step 30:

  • The DC has now been demoted click finish and reboot on prompt
finish dc promo

Step 31:

  • You can now go ahead and remove active directory services and dns Roles from 2008 DC
  • Uncheck Active directoy roles and services as well as DNS
remove roles

Step 32:

  • A good way to check if the New Domain controller is functioning correctly is to try and join a user to the new domain in this scenario ill join a windows 10 machine to the domain to see if it works correctly (Note - Remember to make sure that the user computer points to the DNS of the new DC , Check within IP4 settings)

Step 33:

  • The last step to do now that we know we have migrated correctly and tested is to Raise the Domain Functional Level to 2012 R2 Note - once raised you cannot revert back.
  • Go to Active Directory and Users and Computers and Right click on the Domain Name and select Raise Domain functional level from the drop down.

    Congratulations you have successfully migrated 2008 DC to 2012
Raise DC
domain functional level raise