Migrating Windows 2012 R2 Domain Controllers to Windows Server 2019 - Part3

It is time to move FSMO roles from DC01 to DC02 ( New Server2019). You can run this Powershell command on your old Primary DC (DC01) or you can carry the roles by using MMC Console.

Powershell Command:

Move-ADDirectoryServerOperationMasterRole -Identity DC02 -OperationMasterRole 0,1,2,3,4

 MMC Console:

 Logon to DC02 (Server2019) > Open AD Users and Computers > Right Click Domain> Select Operations Masters> You can move RID Emu, PDC Master and Infrastructure Master Roles by clicking Change button under each of these tabs. These roles are Domain Level Roles. Schema Master and Domain Naming Master work on a forest level.

Domain Naming Master Role: Logon to DC02 (Server2019) >Open Active Directory Domains and Trusts Console > Right-click on the "Active Directory Domains and Trusts" parent node and click on Operations Master and click Change.

Schema Master Role: You can’t change the Schema Master role owner from the source server. Therefore, Logon to DC02 (Server2019) as a user who is a member of Schema Admins Security Group. By default, only the built-in domain administrator account is a member of this Active Directory group. 

>Open powershell as the administrator and run this command to make schema master mmc to be available.

regsvr32.exe "schmmgmt.dll"

Then Run> mmc > Add Active Directory Schema Snap-in

 Right Click Active Directory Schema > Change Active Directory Domain Controller and select new server (DC02) 

Select the server to which you want to transfer the role 

Click OK

Right Click Active Directory Schema again > Operations Master> Click Change button.

Click Change

Clck OK and the role is transfered.

Let's see the FSMO role owners with the command below. We confirmed that all FSMO roles are on DC02 now.

netdom query fsmo

SECOND PHASE:(DEMOTION OF DC01 and PROMOTION OF NEW SERVER)

Because the rest of the migration process is basically repating what we have done already, I am not going to give details but share the remaining steps in summary.

Demoting the Old DC:

At this point, DC02's Primary DNS is 192.168.2.31 Secondary is 192.168.2.32(itself)

Demote the old server (DC01) and Shut it down (Demoting a DC Procedure is Explained in Part1) 

Clean DC01's metadata (DNS records, AD objects etc) (MetaData CleanUp Procedure is Explained in Part1) 

Adding the New DC:

On New Server, change the IP Address to 192.168.2.31 (old, demoted dc01's ip address), Computer Name (DC01) and Join the the new server to the Domain 

Newly added server's Primary DNS is 192.168.2.32 Secondary is 192.168.2.31(itself).

Install ADDS role and promote the New Secondary DC (Adding ADDS Role and Promoting DC is Explained in Part2)

Wait for the replication completed throughly and check if AD replication works without problems and check AD health.(AD Replication Tool and dcdiag is Explained in Part2)

Raise Domain Functional Level to the Latest Possible (2016)

You can transfer FSMO Roles to DC01 if you wish to... (Transferring FSMO Role is Explained above in this article)

Congratulations, Migration is completed succesfully.