Easy Active Directory Migration From Windows Server 2012 to Windows Server 2022

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

good day and welcome to our demonstration and explanation of both why and how to change your domain level from an old one like say server 2012 or server 2008 r2 up to something modern like say server 2019 or server 2022 there are six steps in this process and we're going to run through each of them and demonstrate it as well as explain the lab that we set up and explaining what the benefits of doing this are all right so the six steps are first install a new server so server 22 server 2019 even server 2016 you want to at least get that level you want to patch everything and reboot you want to make sure there's nothing stuck step three of six is to add your server 2022 is what we're playing with to your existing domain step four is move the fismos over that's your flexible service masters move those over to your new domain controller in our case server 2022. step five demote the old server so it's no longer domain controller and step six change both the domain and the forest level to 2016. uh fun fact uh we can get out of the way here quickly there is no uh domain or forest level for uh 2019 or 2022 so if you're looking for it you'll be disappointed first thing we're going to do is explain what's on the screen here i have built a lab top left hand corner is uh dc it's cleverly called dc 2012 r1 then on the right i've already installed a new server 2022 it is not yet a dc or domain controller as you can see i've labeled it dc 2022 but that doesn't mean that's what it is and lastly in the bottom right corner here i have a windows 10 computer now these were all set up in azure just because azure is the easiest way to do it once again original domain controller and i've got a windows 10 pc and i have a new box that will be a full domain controller but isn't and right now i don't have this other dc running this is just an old piece of junk that i have okay so the first two steps are already done in our example which was install a nice new server which i've got here server 2022 and as far as the domain is concerned as we've mentioned as long as you're at 2016 you're current and the other thing we've done is we've patched everything and rebooted it to make sure that there's nothing stuck all right so let's get on to step three which is join your new server to the domain and bump it up to via domain controller all right there's uh there's a few ways to do that you can use the control panel you can do with command line i'm just going to use server manager so in server manager click on your own machine and select in my case work group and i'm going to change that from a work group to the funky domain and this is going to fail which is intentional because i want to show you the first mistake you'll make trying to do this that's not a real domain that's an internal domain so if you wanted to find it you got to make the dns on this new server point to your old dns click open ethernet change it after settings we'll just do it there there's a bunch of ways to do this as well it's the easiest way and again having dhcp addresses horrible idea for anything other than a lab that's going to be up for an hour like this one is and okay you are attack testdom.com there we go now that it's pointing at the right dns and this is asking for your domain credentials there it is it'll want me to restart we'll do that quickly i won't make you wait we'll be right back now remember this time when you log in you need to use well you don't need to but i'm going to use a domain administrator account so i'll kick it over by doing you are tech main admin password this will take a minute to build my profile there we go now just to prove everything's happy you can see the machine is registered on the network so i've got this joined to the domain and we need to make it a domain controller easy enough to do you can do this a couple of ways easiest way is with server manager click manage in the top right hand corner click add roles and features click next yes it's role based it is not an rdp issue yes it's for this server and you want to select active directory domain services that will add in all of the required tools however it will not necessarily add in dns for you make sure you're going to add dns because when you shut down your old server let's assume you only have one well you're really gonna need a dns box aren't you now what this is coming up with the same look you are running a dhcp address on this server and running dns with the dhcp and running dns with the dhcp address is a horrible idea but i'm just going to say yeah whatever because this is a demo and not something i would do normally you're really going to want to give all of your servers static addresses let's just click next to get through this there we go and install now this is going to take a few minutes okay now you think you're done and we haven't even had to do reboot well look at the little notification up here we now need to promote this and you definitely want to add this to an existing domain it's selected to come with the correct domain that's happy you definitely want it to be a gc global catalog you'll see you need at least one on your network really good idea to have more than one and you can see the old server over here is a gc and now we'll have a second one this is not a read-only domain controller you do need to have a password for your active directory restore mode uh which you'll probably never need but man you really want to know what that password is in case you ever do have to do a active directory restore all right let's click next just ignore that message and replicate from any domain controller you know as in the only one we've got but that's fine and he is fine but it used to be that you would put your cis ball and other things on different partitions you really don't do that anymore especially with uh virtual machines you just leave them on c for one thing uh if you do have to do a restore you will have serious problems if they're not in the default locations well you don't have problems you'll just have a lot more complexity so let's just click next through this and it's not going to bark and say uh you know you've got a dna yeah here we go you've got a uh dhcp address you're a yep agreed like install all right so now it has to uh reboot now let's just go look at our old domain controller f5 to refresh and bingo there it is it's a global catalog that's a happy thing all right step four take over the fizmos easy enough to do users and computers everybody's favorite old console you know it's still fine and what you want to do is you might be tempted to go through the menus don't you have to right click on your domain uh in question and you also might be tempted to raise the domain functional level or the forest level at this point do not do that because you still have an older domain controller on board and that won't work so that's the last thing to do so let's go to operations masters and go through those five so this weekend change from the old to the new yep i'm sure i want to change it oh that's nice and the primary domain controller emulator the old pdc there's only one of those so that's a big deal i mean no matter how many dc's you have there's only one pvc emulator okay anyway let's change yep there we go close close so before we go any further let's show you where what the fismos are because it really is easy to get this screwed up and miss a couple because those three were easy and you think well that's all there is there's more and we can use the incredibly intuitive net dom query fsmo command i believe that's it yep and you'll see well we've already moved three of them over but there's two more to go so how to change the last two well one of them is in domains and trusts and you'll be tempted to click in your domain because that makes sense but it's not there it's actually above it so right click and select uh operations master click change uh yep there we go check your fizzmos again so now the last ones how to change the schema master well you'll be a bit surprised to find you actually have to register a dll even in the 22 version that's the command regis server 32 and schema management dll press enter register yay and then you bring up by an mmc microsoft management console and select file add remove snap in find active directory schema there it is just double click on it click ok now just uh right click on the top there and select change active directory domain controller change off to your new one my face dc 2022 yeah that's correct there we go and then right click and select operations master change yep done now let's go over here and see where the fismos are bingo and just keep your mind in one piece let's do the same thing over on the older box and it should also show everything's been kicked over bingo now if you're in a hurry you're just going to want to uh dc promo the old box down but that is not what is needed you got to get rid of that global catalog easy to do you can do it on the old or the new machine i'm going to use the new one because i just prefer to run with the windows 10 interface and what i've got to find is sites and services that's it sites and [Music] services and then into your default first site presumably and then into servers and you think it'll go i'll find it in here no it's one level down into your ntd ntds settings right click on it go to properties and get rid of that global catalog boom let's go back to old box here press f5 and there it is it's just a dc it's no longer a global catalog two steps left demote the old server change the domain and forest level and then of course just make sure everything still works so i'm just quickly going to create a share on the new server just so that we can see that the windows 10 client machine can still talk to the domain happily we'll leave it wide open obviously a horrible thing to do in a production setting but just for proving it works you get the idea there it is okay now we can dc promo this box down the old one you can't just use dc promo anymore the powershell command so you've got to do it through server manager use remove roles and features oh one thing i forgot make sure all of your machines are pointing to your new dns so i'll do that quickly all right now that that little dns problem is taken care of let's go and remove active directory and yep we'll remove those features all of them yep we want to demote it all right set a new local administrator password you may recall that somewhere around 2008 you could no longer have a domain controller with local account so i don't recall what that had to do with but i believe it was security the system needs to create a local account for you even if you're going to sign in on the domain demote fairly well all right so we're back and we're signed in go back to manage remove roles same drill active directory remove get rid of dns remove next next remove all right so let's just take a look so that server is now well let's just confirm yeah there we go still on the domain it's no longer a domain controller there it is just because it's called dc 2012 doesn't mean it is a dc that's just a name could be anything the point of a lot of this is to raise that uh the functional levels now you'll want to do that because a number of pieces of software will just require it but here's the the five or six things you get right away that are important one you get an active directory recycle bin very handy when you accidentally delete something you get gsm gmsa basically it's a way to easily change the passwords on service accounts without blowing them up you block past the hash problems you can run protected vms and you get privileged access management pam there are a couple of things to look for before you do this the first is are all of your domain controllers at at least the level you're going to set it to and secondly do you have any ancient software that the new functional level will break i know i don't because this is a lab so let's go ahead and make this happen i usually do this through command line but to do it through gui you do it through domains and trusts right click on your domain select raise domain function level and we're going to set it all the way up to 16 and this is gonna just blow stuff up watch this oh you know can't go backwards yeah i know bingo done let's just take a look at that and you can't you're at the top level but what about the forest you say well it's just above it which is not a surprise and there it is raised forest level and we want to do the same thing raise it up to 16. as you mentioned at the start there is no 19 or 20. the schema is the same 2016 is the last time the schema was changed let's just check this through powershell bingo 2016 check the forest there you go 2016. let's make sure our windows 10 client can still surf and remember it's getting its dns from the new server bingo it's happy and let's just make sure it can still see a file share bingo still there and that is how you migrate from one domain function level to another if you found this video useful we'd really appreciate the thumbs up and a subscribe is even better really helps with the google algorithms if you have any questions or comments please put them in the section below we'll get back to you or somebody else will and you can always get a hold of us at www.urtechh.ca that's urtech.ca thanks and have a great day bye bye

Info

Channel: URTechDotCa

Views: 42,398

Rating: undefined out of 5

Keywords: windows server, windows server 2022, windows server 2022 installation, windows server 2019, windows server 2016, ad migration, active directory, active directory migration, change FSMO, FSMO, domain functional level, forest functional level, AD domain functional level, Server 2012 R2, Server 2008, Server 2008R2, Server 2019, active directory migration steps, active directory migration tool, active directory migration tool step by step, ad migration step, easy AD migration

Id: bpJwZNX1MT8

Channel Id: undefined

Length: 16min 56sec (1016 seconds)

Published: Thu Nov 04 2021