How to perform Active Directory migration from Windows Server 2008 R2 to 2012 R2 (Step by Step)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
how to migrate Active Directory 2008 r2 to Active Directory 2012 r2 don't be alarmed it's not so hard hello friends this is nick from a noble solutions and today I'm going to perform an Active Directory migration from 2008 r2 server to another server which I've already installed which is 2012 r2 so in order for me to proceed I've made few prerequisites that I'm not going to demonstrate if you are interested in how to promote the domain controller you can always check my channel there are a lot of videos how to do this but from the 2008 r2 site I've already installed Active Directory domain services and what I did is I went ahead and created few records so we can test out and confirm that we have a successful migration afterwards and the successful replication of all my users and domain computers and so on so what I did is I've created another organizational unit in my Active Directory users and computers and in there I have my three departments the IT department marketing and sales and in there I have some users that I've created and of course in my marketing department I have Jean and Tommy which are really big fans of Jon Bon Jovi and most mostly it's my Lifesong so next thing that I want to show you before I start is the DNS because what I did is I went ahead and created some custom records that I have just to confirm that after the migration is done I still have the records available for me so I I created a reverse lookup zone as well and I just want to verify that this is success fully replicated and working on my second server now that we have the prerequisites covered mostly and we'll switch to my second server that is currently not joined to the domain so what I'm going to do first is I'm going to join the computer to the nav lab domain I will use my credentials after that what are we going to do is we are going to insert the 2008 r2 CD into my 2008 r2 domain controller and we are going to perform a forest preparation so we can present the new 2012 r2 domain controller and this is basically required because as you know a lot of features are being developed by Microsoft so I'm going to click OK to this and we start now so after the server restarts I'm going to log into it once again but as I was saying there are a lot of new features a lot of cool stuff developed by Microsoft in the Active Directory features were not available back then when the 2008 edition of Windows was out so what we need to do is we need to extend the schema so that it can contain the new features and they can be available on a later state so before I go ahead and extend the schema what I'm going to do is I'm going to open a registry and I just want to show you what I'm talking about if I go to local machine and then System and then currentcontrolset services go down to NTDs there it is and go down to parameters I will be able to find the key called SEMA version and the SEMA version as you can see now is 47 and if I open that in hex its 2f in decimal it's 47 so this is my current team aversion and I want to increase that schema version to the 2012 r2 one which I'm going to proceed right now I'm going to mount the CD the 2012 r2 CD and I'm going to proceed with expanding the schema now that I have the windows 2012 CD into 9 2008 machine I'm going to open common prompt as administrator and I'm going to switch to my CD which is currently located under the drive so let's change that and I will go to directory our support and then directory ad prep so in this directory the common that I need to execute in order for for me to prepare my forest for the 2012 domain controller is ad red forest prep and press Enter okay and it's showing that currently the user that I'm not that I'm logged in with is not a member of the enterprise admins group and team admins group which is a good example of what are the groups that you need to be a member of in order for you to execute this or extend the schema so you need to be an enterprise admin and a sim atman I'm pretty sure that my account is in both groups but just in case I will check it enterprise admin and scheme admin so what I'm going to do next is I'm going to restart my domain controller and we'll wait for it to boot up so it can refresh the settings and to try to execute the comment once again so let's reboot it okay and I will pause the video and to resume when the domain controller is up and running once again okay now that my domain controller is up and running once again I'm going to try to execute the same comment of course run the command prompt as administrator go to D Drive and then ass support and then ad ad prep and try down a deep red forest prep okay and it will ask me if I'm sure that I want to execute this and you will see that there is a warning message if all domain controllers in the forest run Windows Server 2003 or later and you want to upgrade the schema confirm by typing C and then press ENTER to continue otherwise type any other key or press ENTER to quit so you can see that this operation cannot be reversed after it completes so you need to be really certain that you need to execute this is this is in a test environment I really recommend for you to try and test it first for example if you have a test environment you can try upgrading or migrating first in the test environment and then doing that in the production environment so I'm going to press ENTER and you can see right away that the current schema version is 47 and it's going to upgrade the schema to version 69 so it's going to take some time to upgrade the schema but I will wait for it to finish up and we'll resume the video after the process is fully done ok now that the process finished successfully and it took around 2 minutes to finish to fully finish so it's not so bad I'm going to chop and rag edit once again yes and if I check the schema version now instead of 47 it's already a 69 schema version so that's good I have my schema upgraded so the next thing that I'm going to do is I'm going to promote my 2012 domain controller and of course there are a few prerequisites that need to you need to take care of first you need to take care of the name and the IP address because you don't want your domain controller to be with a dynamic assigned IP address so what I'm going to do is I'm going to install the Active Directory domain services on this server okay and I'm going to pause the video until the process is fully done and we are going to proceed with promoting the domain controller now that the installation finished successfully I had a small hiccup there where it didn't pick up my proper permissions for my account so I had to rebuild the server really fast but now everything is working fine so I'm going to promote this server to a domain controller and I'm going to promote it to an existing domain okay I will leave it a DNS server and a global catalog and I will leave it in my default first site name this is the only one that I have so I'm going to set up a directory services with normal password as you know this is really important and you need to remember this and I'm going to leave this like this and I'm going to leave it to replicate from any domain controller I have only one in my domain so it's not that bad I'm going to leave the defaults and it's saying that in order for me to join it you can see this is another method that will allow you to join a 2012 domain controller to your domain and it's going to automatically check and prepare your domain because if you remember we prepared the forest but now it's going to prepare the domain of course you can use the ad prep domain prep to prepare the domain as well but I'm going to leave it here so the wizard can finish this process for me so then if I scroll down a bit let's see DNS server read only let me view the script and confirm what is it going to do so it's going to install the domain controller and yep I'm not able to see any power show comments but I'm pretty sure that it's going to perform this for me so let's confirm that the prerequisite check will go through without any major concerns because if you remember from promoting other domain controllers 2012 there are a few things that will show up as an error but at the end it will say that operators it checks pass successfully so I'm going to install and promote this server as a domain controller I'm going to pause the video and wait for the process to finish ok after the promotion process is finished the domain controller we started and now that we are back up and running I'm going to perform some checks so firstly I'm going to open the Active Directory users and computers and I'm going to verify that the replication finished successfully and I can see my users under under my organizational unit and I'm currently connected to my 2012 domain controller and please note that depending on your bandwidth depending on where you are promoting the domain controller it can take some time to replicate the changes so it's always a good idea when you promote it to leave it to finish the initial replication and finished replicating everything that is needed before you go ahead and demote the old domain controller so the next step that I'm going to check is the DNS and if I open my forward look up zone I can see that it's available I can see the records I can see my reverse zone along side with the PTR records as well so it looks good and the next thing that you want to check is the Active Directory sites and services so let's see if my domain controllers are properly propagated to the sites and services console and if I have the connection objects available and if they are working fine so if I go to my default first site name I will see that I have my two domain controllers and under the NTDs settings I can see that I have connection objects are automatically generated for my two domain controllers so this is the initial check it's always a good idea to as I said leave it leave the domain controllers overnight so they can talk to each other and synchronize everything properly for example if you have a lot of group policy policies you will need to leave it so that the sysvol replication can occur properly and there are no errors and what you can do during that process or if you decide to it's time to demote the domain controller you can always open the Event Viewer and under the server roles you can always double check the Active Directory domain services for any errors showing that there are problems with the sysvol replication or anything else that could be preventing the proper proper replication between the two DCs of course you can check the DNS server for years as well so in general the Event Viewer is a really good way for you to determine if there are any problems that need to be resolved before you go ahead and demote the first DC the next thing that I want to do is I'm going to open a PowerShell as administrator but of course you can do this in common prompt as well and I'm going to check the replication to see if it's successful so okay and I can see that the replication occurred few minutes ago and it's so successful it's able to replicate everything another good method is DCT AK you can check and see if your new domain controller properly passes all the tests that are required for the domain controller to advertise properly and to work after you decommission the first one so you can see that I have few events showing that there there is no dns resolution but that external DNS resolution which is okay because I don't have an external gateway currently configured so it's all good I can see that pretty much all the tests pass successfully and I'm not able to see any critical errors when I perform my checks of course you can be more specific you can go ahead search on TechNet and find a lot of information how to properly check if a domain controller is working fine of course what you can do is after we migrate the FISMA rolls you can try to shut down the first domain controller but you need to be careful how you configure the DHCP for example if you configure the DHCP to provide IP addresses that for example give the DNS to the first domain controller your users won't be able to to browse to the Internet they could possibly have authentication problems so you need to pre configure this before you shut down the first one but this is a good step for you to confirm when you configure everything when you change the IPS to confirm that the first domain controller is not needed to be online anymore so the next thing that I'm going to do is I'm going to transfer the FISMA roles from my first domain controller to my second one so I'm going to start by opening another PowerShell window you can do this with CMD as administrator of course and perform the comment let down weary fees more oh sorry okay so this is going to query and will return where exactly are the FISMA roles at the moment and they should be all on my first domain controller so let's wait and see okay and they are all on my NLB dc1 if if you are confused with my current configuration I have my NL BDC 1 which is my 2008 r2 and NLB this is 0-1 which is my 2012 I did this because after I decommission this one controller I want to have a proper naming convention so this is an administrator thing let's say so let's open users and computers and right-click on NLB lab calm and go to operations masters so now I have my rid master on my dc1 and I want to change it to this is 0-1 so I'm going to click change yes it transferred successfully so next one is the PDC change ok and the infrastructure okay so these were the operations the domain FISMA roles so they are already transferred to my new domain controller so the next step that I'm going to do is I'm going to open Active Directory domains and trusts and right-click on the nav lab dot oh I mean on the Active Directory domains and trusts and click operation master and here is the first forest white FISMA role which is the domain naming so this is really important I want to change it yes okay it transferred successfully which is great so I'm going to close this and the last one is the schema FISMA role which I need an additional DLL to be registered because it's not available when I open the tools from here so what I'm going to do is I'm going to open another PowerShell and write down the following so it's Rick SR SV r32 and SEMA management DLL okay and it's succeeded which is great so the next thing I'm going to open MMC and from here I'm going to add remove snapping and I will add add my Active Directory schema click OK now that I have my Active Directory schema I will right-click on it operations master and I will move the schema master FISMA role so change okay so I in order for me to start in order for me to move the operations master I need to be connected on DC 0 1 so I'm going to change Active Directory domain controller and I'm going to switch to 0 1 ok anything that is currently not connected to the schema but I'm going to now you can see that I'm going to transfer to the 0 1 and click change ok ok it's successfully transferred so the next thing that I want you to do let me see if I have still have no I don't have it so yep let done query FISMA and confirm that all my FISMA roles are currently residing on nab DC 0 1 now that it returns the proper FISMA roles output I can see and I can confirm that everything has been transferred to my NAB DC 0 1 so the next thing that I want to do actually is I can proceed with removing the old 2008 r2 domain controller so I'm going to switch to this domain controller and demote it before I switch to my first domain controller and demote it I just want to show you something which is a really good example where you need to check and confirm that everything has been modified to acknowledge the new domain controller and you can see that on my new domain controller the preferred DNS server is my old DC which I'm going to change right now so after changing this I'll be sure that there are no issues with my dns resolution to my clients another interesting thing to show you I'm really sorry about that but I just wanted to verify and confirm that it's working is the functional level so if I go now before I demote the 2008 r2 domain controller and try to raise the functional level it will say that I cannot trace it because their domain controllers that are currently residing and working on this level so I just want to confirm that after I demote the 2008 r2 I will be able to raise the functional level of the domain okay now that I'm on my old domain controller I will advise you of course if you moved everything from this domain controller you can always shut it down and leave it for a day just to confirm that there are no issues that you forgot about so you can you can deal with them before it's too late and you did not the domain controller so the easy step here is just to run dcpromo and this comment basically will open the active directory services installation wizard and the next thing that we need to do is remove this domain controller because it's currently a global catalog server and is used to process user logins so what I'm going to do is I'm going to switch to my new domain controller I'm going to open site and services just to show you where you can remove the global the DC from being a global catalog so if we open the properties here we'll see that it's a global catalog but let me go to the NTDs settings and from here i will verify that this is DC 1 and it's currently a global catalog and i want to remove this ok and basically it will take some time to replicate the changes but I will force them and you try to run the wizard once to see if the arrow would appear so now I forced a replication and all should be fine so let's run dcpromo once again and click Next and now I don't see the error saying that the server is a global catalog so I'm not going to delete the domain because this server is the last domain controller in the domain this is not the last one but I want to just demote this one so let's click Next into a wait for the next window to appear and it will ask me what would be the new administrator account for this server I'm pretty sure that the server will would remain in the in the domain but just in case I will create an administrator password the server will be a member of the domain you can see right here and click Next and the wizard is going to start removing the or demote my old server and it should basically be done with it so I'm going to restart now I'm going to switch over to my second DC and let's see how long it will take for the settings to refresh so if I click refresh I can see that only the global catalog disappeared for now but there is there is not an entity s settings under my old domain controller and basically this link should disappear as well it should be automatically cleaned up after the full demotion is done so now my old domain controller which is not a domain controller anymore is up and running once again and of course if you want to fully remove everything you can go ahead and remove the Active Directory domain services in DNS server roles and I will just leave it like that because the view is already really long and I just want to go ahead and switch to my client computer so I can confirm that my domain is working after the demotion of my primary domain controller so the thing is I'm going to open system change settings and try to add the computer under NLB lap and I'm going to change the name to NLB pc 0 1 ok let's see if that will be successful ok it's asking for credentials and I'll be lab and then Nick ok specify the password let's see if joining the computer to the domain will be proper and successful and then I'm going to try to log into that computer with one of my user accounts so I can confirm that pretty much everything is working as it should after the demotion ok I join me to the NLB lab domain and it will say that it needs a restart so I'm going to restart now and I'm going to switch over to my domain controller and we'll go to Active Directory users and computers open the NLB lab under computers there it is the NLB - PC 0 1 is available now so what I'm going to do is I'm going to try and log in with one of my users for example wet Tom and will confirm that everything is properly working now that the computer is up and running once again I've managed to login with Tom's user account so you can see right here that my name is Tom so I can confirm that the migration of my Active Directory from 2008 r2 to 2012 r2 is fully successful so I'm going to check one more thing before I end the video and this is raising the functional level and now you can see that I have two options I can raise the functional level to 2012 or 2012 r2 and this is available now to me so basically this ends up my successful migration of 2008 Active Directory 2008 r2 to 2012 I hope that you'll be able to to learn how to perform this section it's really not that hard but you need to be really careful with the Active Directory and always perform a backup on the system before you go ahead and perform such things as migrating so once again if you liked the video you can always share like and subscribe to my channel if you don't like it you can always dislike the video and leave a comment so I will know what can be improved in the future videos and if you have any issues you can always ask me in the comments below and I will try to answer them as soon as possible this was Nick from NOP solution solutions thank you very much for viewing and see you soon
Info
Channel: NLB Solutions
Views: 83,284
Rating: 4.9530201 out of 5
Keywords: migrate AD, migration AD, Active directory migration, how to migrate AD, how to migrate Active Directory, Migrate AD 2008 to 2012, Migration Active Directory 2008 R2 to 2012 R2, step by step AD migration, how to migrate 2008 R2 Active Directory
Id: MKM1ysPWuus
Channel Id: undefined
Length: 31min 39sec (1899 seconds)
Published: Thu Jul 14 2016
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.