How to Migrate Windows Server 2008 R2 FSMO roles to Windows Server 2019

How to Migrate Windows Server 2008 R2 FSMO roles to Windows Server 2019
With the “end of assistance” on the horizon for Windows Server 2008 R2 coming January 2020, folks are browsing for resources to assist them mark off some high ticket products from their “to do” list. While returning from my last Microsoft Ignite The Tour stop – I had a long time to eliminate waiting on my connection. I believed I would dust off a few of my Active Directory admin abilities and record the fast and unclean procedure of updating your Active Directory from 2008 R2 over to the most recent variation of Windows Server 2019.TailwindTradersBasicDiagram.png
My laboratory consists of 2 domain controllers DC01 and DC02 running Windows Server 2008 R2 with the DNS and Active Directory Roles. I have actually likewise included a Windows Server 2019 member server which will work as my brand-new Domain Controller once I have promote it to host Active Directory and move the FSMO (versatile single masters of operation) over. This is a deliberately easy laboratory and write. I am going to do my “Your Mileage May Very” do your research study and screening on all the subtleties and gotch’ yas out there prior to replicating these treatments in your own environment. I would HIGHLY suggest taking a look at this post where John Flores has actually gone though an extensive list of what to keep an eye out for.
Install Active Directory on a Windows Server 2019 member server

This is simple enough, login to your WS2019 server with an account that has Domain Admin rights and Enterprise Admin rights on the member server. These rights are needed in order to include a domain controller into Active Directory in addition to extend the schema.

  1. Start up a PowerShell timely and enter the command Install-WindowsFeature AD-Domain-Services This will set up the binaries on your server.
    PowershellADServices.png

  2. Install the ADDSDeployment module by running Import-Module ADDSDeployment in order to continue to work setting up Active Directory from PowerShell.
  3. Once those extra tools have actually been set up run Test-ADDSDomainControllerInstallation -DomainName tailwindtraders.com to evaluate for any requirements.
    In this example my domain is TailwindTraders.com
    You will be triggered for the Active Directory safe mode administrator password.

    TestDomainControllerInstall.png

    Note the caution relating to “Allow cryptography algorithms suitable with Windows NT 4.0” – this is a suggestion that old customers and applications pre-dating Windows Vista will not have the ability to develop connections or logon to domain controllers running this more contemporary OS of windows Server2019

  4. Promote this member server into a domain controller by running Install-ADDSDomainController -CreateDnsDelegation:$ incorrect -InstallDns:$ real -DatabasePath ‘C: Windows NTDS’ -DomainName ‘tailwindtraders.com’
  5. After triggering you for an ADSafeMode password and verifying a reboot will occur – this will start the setup procedure.
    It will start the set up, while not troubling to make a brand-new DNS delegation zone.
    It will set up DNS service when promoting this device to a Active Directory domain
    controller. It will include itself (1270.0.1) to its DNS name server list
    It will put the Database (and logs) in the in C: windows NTDS directory site
    It will call any domain controller utilizing a basic advertisement question to find one in the
    tailwindtraders.com domain in order to continue
    You COULD target a domain controller if you like by including – ReplicationSourceDC and
    utilizing the completely certified domain of a DC if you choose
  6. You can see numerous informative messages appear in the PowerShell window as the set up, schema extension and duplication are Progress.
    ADDSDomainControllerInstall.png

A reboot will now happen as soon as the actions are finished.

Transferring the FSMO (Flexible Single Masters of Operations) functions

If this was a genuine environment you would wish to wait a while to permit duplication to occur around your Active Directory. You require to login to the brand-new domain controller with Enterprise Admin rights in order to do these next actions in order to move FSMO functions.

Like this post? Please share to your friends:
Leave a Reply

;-) :| :x :twisted: :smile: :shock: :sad: :roll: :razz: :oops: :o :mrgreen: :lol: :idea: :grin: :evil: :cry: :cool: :arrow: :???: :?: :!: