22/11/2022 10:24 Step-by-Step Guide to Migrate from Active Directory 2012 R2 to Active Directory 2019 (PowerShell Guide) - Technical
echnical Blog | REB…
ARCHIVE CONTACT US PRIVACY POLICY
Premiere Pro Try Now
by adobe.com
Skip Ad
00:34 / 00:46
0:07
Learn about Active Directory and Various Azure Services
Step-by-Step Guide to Migrate from Active Search this website
Directory 2012 R2 to Active Directory 2019
(PowerShell Guide) ABOUT ME
Last Updated on January 28, 2019 by Dishan M. Francis
Windows server 2019 was available for public (GA) from early oct
2018. In past i have written many articles about domain migrations
by covering different Active Directory versions. So, it is time me to
write about AD 2019 migrations. In this demo I am going to
demonstrate how to migrate from Active Directory 2012 R2 to Active
Directory 2019. The same procedure is going to apply for any AD
version from Windows Server 2008.
Migration itself is very straight forward task. But there are other
things you need to consider before you do an AD migration. In below
I am Dishan Francis. I’m a
I listed a checklist you can use in many occasions.
Azure/Identity Consultant at
Microsoft. I’m a dedicated and
• Evaluate business requirement for active directory migration enthusiastic information
technology expert who enjoys
• Perform Audit on Existing Active Directory Infrastructure professional recognition and
Confidentialité - Conditions
accreditation from several
https://www.rebeladmin.com/2019/01/step-step-guide-migrate-active-directory-2012-r2-active-directory-2019-powershell-guide/ 1/13
22/11/2022 10:25 Step-by-Step Guide to Migrate from Active Directory 2012 R2 to Active Directory 2019 (PowerShell Guide) - Technical Blog | REB…
• Provide Plan for implementation Process respected institutions. I am
ARCHIVE CONTACT US this blog
maintaining PRIVACY POLICY
for last 7
• Prepare Physical / Virtual resources for Domain Controller years. This includes more than
400 articles already. These are
mainly about Microsoft Active
• Install Windows server 2019 Standard / Datacenter
Directory Service and Azure
Active Directory Service. I also
• Patch Servers with latest Windows Updates
blog about different Azure
services. If you need further help
• Assign Dedicate IP address to Domain Controller
on subject matters, feel free to
contact me on
• Install AD DS Role rebeladm@live.com. Also to get
latest updates, follow me on
• Migrate Application and Server Roles from the Existing Domain twitter @rebeladm
Controllers.
MASTERING ACTIVE DIRECTORY, THIRD
• Migrate FSMO roles to new Domain Controllers EDITION
• Add New Domain controllers to the Existing Monitoring system
• Add New Domain controllers to the Existing DR Solution
• Decommission old domain controllers
• Raise the Domain and Forest Functional level
• On Going Maintenance
I am glad to announce the
release of my new book
“Mastering Active Directory –
3rd Edition”. It is available for
purchase worldwide now For
more info….
As per the above figure therebeladmin.com domain has two domain
controllers. In here, the FSMO role holder is running windows
server 2012 R2. Domain and forest functional level currently
operating at Windows server 2012 R2. A new domain controller with
Windows server 2019 will be introduce and it will be the new FSMO
role holder for the domain. once FSMO role migration completed,
Domain controller running windows server 2012 R2 will be Confidentialité - Conditions
https://www.rebeladmin.com/2019/01/step-step-guide-migrate-active-directory-2012-r2-active-directory-2019-powershell-guide/ 2/13
22/11/2022 10:25 Step-by-Step Guide to Migrate from Active Directory 2012 R2 to Active Directory 2019 (PowerShell Guide) - Technical Blog | REB…
decommissioned. After that forest and domain function level will
ARCHIVE CONTACT US PRIVACY POLICY
raised to the windows server 2019.
In the demonstration, REBEL-DC2012 is the domain controller with
windows server 2012 R2 and REBEL-DC2016 is the domain controller
with windows server 2019.
[su_note]When you introduce new domain controllers to the
existing infrastructure it is recommended to introduce to the forest
root level first and then go to the domain tree levels.[/su_note]
Automate
more.
Deliver
faster.
Always
improve.
Start your free trial
1. Log in to the Server 2019 as a member of local administrators
group.
2. Add server to the existing domain as member
3. After restart, log in to the server as Enterprise Administrator
4. Assign static IP address to the server
5. Launch the PowerShell Console as an Administrator
Confidentialité - Conditions
https://www.rebeladmin.com/2019/01/step-step-guide-migrate-active-directory-2012-r2-active-directory-2019-powershell-guide/ 3/13
22/11/2022 10:25 Step-by-Step Guide to Migrate from Active Directory 2012 R2 to Active Directory 2019 (PowerShell Guide) - Technical Blog | REB…
6. Before the configuration process, we need to install the AD DS
ARCHIVE CONTACT US PRIVACY POLICY
Role in the given server. In order to do that we can use Following
command.
Install-WindowsFeature –Name AD-Domain-Services -
IncludeManagementTools
7. Configure the new server as additional domain controller.
Install-ADDSDomainController
-CreateDnsDelegation:$false
-NoGlobalCatalog:$true
-InstallDns:$true
-DomainName "therebeladmin.com"
-SiteName "Default-First-Site-Name"
-ReplicationSourceDC "REBEL-DC2012.therebeladmin.com"
-DatabasePath "C:\Windows\NTDS"
-LogPath "C:\Windows\NTDS"
-NoRebootOnCompletion:$true
-SysvolPath "C:\Windows\SYSVOL"
-Force:$true
Confidentialité - Conditions
https://www.rebeladmin.com/2019/01/step-step-guide-migrate-active-directory-2012-r2-active-directory-2019-powershell-guide/ 4/13
22/11/2022 10:25 Step-by-Step Guide to Migrate from Active Directory 2012 R2 to Active Directory 2019 (PowerShell Guide) - Technical Blog | REB…
ARCHIVE CONTACT US PRIVACY POLICY
There are no line breaks for the command and I have listed it as
above to allow readers to identify on the parameters clearly.
Argument Description
Install-ADDSDomainController This cmdlet will install the
domain controller in active
directory infrastructure.
-NoGlobalCatalog If you do not need to create the
domain controller as global
catalog server, this parameter
can use. By default, system will
enable global catalog feature.
-SiteName This Parameter can use to
define the active directory site
name. the default value is
Default-First-Site-Name
-DomainName This parameter defines the
FQDN for the active directory
domain.
-ReplicationSourceDC Using this parameter can
define the active directory
replication source. By default, it
will use any available domain
controller. But if need we can
be specific.
Once execute the command it will ask for SafeModeAdministrator
Password. Please use complex password to proceed. This will be
used for DSRM.
8. After configuration completed, restart the system and log back in
as administrator to check the AD DS status.
Get-Service adws,kdc,netlogon,dns
Confidentialité - Conditions
https://www.rebeladmin.com/2019/01/step-step-guide-migrate-active-directory-2012-r2-active-directory-2019-powershell-guide/ 5/13
22/11/2022 10:25 Step-by-Step Guide to Migrate from Active Directory 2012 R2 to Active Directory 2019 (PowerShell Guide) - Technical Blog | REB…
ARCHIVE CONTACT US PRIVACY POLICY
Will confirm the status of the AD DS service.
Get-ADDomainController -Filter * | Format-Table Name,
IPv4Address, Site
Will list down the domain controllers along with the IP address and
Sites it belongs to.
9. Migrate all five FSMO roles to the New domain controller using
following command,
Move-ADDirectoryServerOperationMasterRole -Identity REBEL-
DC2019 -OperationMasterRole SchemaMaster,
DomainNamingMaster, PDCEmulator, RIDMaster,
InfrastructureMaster
In above the REBEL-DC2019 is domain controller running with
windows server 2019.
Once its completed, we can verify the new FSMO role holder using
Netdom query fsmo
Confidentialité - Conditions
https://www.rebeladmin.com/2019/01/step-step-guide-migrate-active-directory-2012-r2-active-directory-2019-powershell-guide/ 6/13
22/11/2022 10:25 Step-by-Step Guide to Migrate from Active Directory 2012 R2 to Active Directory 2019 (PowerShell Guide) - Technical Blog | REB…
ARCHIVE CONTACT US PRIVACY POLICY
10. The new step of the process is to decommission the old windows
domain controller which running with windows server 2012 R2. To
do that execute the following command as enterprise administrator
from the relevant DC.
Uninstall-ADDSDomainController -DemoteOperationMasterRole -
RemoveApplicationPartition
After execute the command it will ask to define password for the
local administrator account.
Once its completed it will be a member server of the
therebeladmin.com domain.
11. Next step is to raise the domain and forest functional level to
windows server 2019. To do that can use the following commands.
To upgrade domain functional levels
Set-ADDomainMode –identity therebeladmin.com -DomainMode
Windows2016Domain
To upgrade forest function levels
Set-ADForestMode -Identity therebeladmin.com -ForestMode
Windows2016Forest
Confidentialité - Conditions
https://www.rebeladmin.com/2019/01/step-step-guide-migrate-active-directory-2012-r2-active-directory-2019-powershell-guide/ 7/13
22/11/2022 10:25 Step-by-Step Guide to Migrate from Active Directory 2012 R2 to Active Directory 2019 (PowerShell Guide) - Technical Blog | REB…
ARCHIVE CONTACT US PRIVACY POLICY
[su_note]With windows server 2019, there is no domain or forest
functional level called windows2019. It is still 2016. [/su_note]
Now we have completed the migration from AD DS 2012R2 to AD DS
2019. Same steps apply when migrate from windows server 2008,
Windows server 2008 R2, Windows server 2012 & Windows server
2016.
12. After the migration completes, we still need to verify if its
completes successfully.
Get-ADDomain | fl Name,DomainMode
This command will show the current Domain functional level of the
domain after the migration.
Get-ADForest | fl Name,ForestMode
Above command will show the current forest functional level of the
domain.
This marks the end of this blog post. Hope this was useful. If you
have any questions feel free to contact me on rebeladm@live.com
also follow me on twitter @rebeladm to get updates about new blog
posts.
Comments
Confidentialité - Conditions
https://www.rebeladmin.com/2019/01/step-step-guide-migrate-active-directory-2012-r2-active-directory-2019-powershell-guide/ 8/13
22/11/2022 10:25 Step-by-Step Guide to Migrate from Active Directory 2012 R2 to Active Directory 2019 (PowerShell Guide) - Technical Blog | REB…
Vicky says
ARCHIVE CONTACT US PRIVACY POLICY
December 11, 2019 at 3:10 pm
Hi Dishan, Thanks a lot for the article. We are in the process
of upgrading from Win 2008 R2 DCs to Win 2019 DCs.
Following your advice of doing the Forest first.
Can we Upgrade the schema first of the Forest and then
promote the 2019 server to DC ?
Reply
Murali says
July 17, 2020 at 6:07 am
Nice Article, Thank you very much.
Reply
Giuliano says
August 14, 2020 at 4:09 pm
Very useful, thanks!
Reply
Tippu Nadaf says
September 4, 2020 at 2:24 pm
This is very useful article much appreciate your work.
Reply
Eshwar says
September 24, 2020 at 8:56 pm
Thank you so much for this detailed Blog post. It helped me
immensely in planning and executing my upgrade from WS
Confidentialité - Conditions
https://www.rebeladmin.com/2019/01/step-step-guide-migrate-active-directory-2012-r2-active-directory-2019-powershell-guide/ 9/13
22/11/2022 10:25 Step-by-Step Guide to Migrate from Active Directory 2012 R2 to Active Directory 2019 (PowerShell Guide) - Technical Blog | REB…
2012 to 2019. Thanks to your post, the process went as
ARCHIVE CONTACT US PRIVACY POLICY
smoothly as could have been expected.
The one problem I ran into was that after making my 2019
machine the Domain Controller, it required network
reconfiguration: I had to make it take over DHCP and DNS
from the 2012 machine. This also meant that I had to have
the 2019 machine take over the Static IP of the 2012 machine
(so that DNS traffic in the network would come to it now).
Without that the decommissioning step would abort because
the 2012 machine couldn’t find another Domain Controller
on the network (so it wouldn’t downgrade itself).
Thanks again and keep up the good work!
Reply
Leave a Reply
Your email address will not be published. Required fields are marked
*
Comment
Name *
Email *
Website
Confidentialité - Conditions
https://www.rebeladmin.com/2019/01/step-step-guide-migrate-active-directory-2012-r2-active-directory-2019-powershell-guide/ 10/13
22/11/2022 10:25 Step-by-Step Guide to Migrate from Active Directory 2012 R2 to Active Directory 2019 (PowerShell Guide) - Technical Blog | REB…
Save my name, email, and website in this browser for the next time
ARCHIVE CONTACT US PRIVACY POLICY
I comment.
POST COMMENT
TOP 100 MICROSOFT
AZURE BLOGS
Rebeladmin.com is
listed among Top
100 Microsoft
Azure Blogs in
2022. For more
info….
MVP FOR LAST 7 YEARS
I am glad to
announce that I
have been awarded
with MVP award by
Microsoft for 7th
consecutive time.
For more info….
Confidentialité - Conditions
https://www.rebeladmin.com/2019/01/step-step-guide-migrate-active-directory-2012-r2-active-directory-2019-powershell-guide/ 11/13
22/11/2022 10:25 Step-by-Step Guide to Migrate from Active Directory 2012 R2 to Active Directory 2019 (PowerShell Guide) - Technical Blog | REB…
ARCHIVE CONTACT US PRIVACY POLICY
Empower
collaboration.
Increase
productivity.
Start your free trial
RECENT POSTS ABOUT REBELADMIN.COM
Step-by-Step Guide : Automate Rebeladmin Technical Blog contain more than
JML(Joiners/Movers/Leavers) process with 400 articles. The site is older than 7 years and
Microsoft Entra lifecycle workflows been updated regularly. In here you will find
articles about Active Directory, Azure Active
Microsoft Defender for Identity Part 05 – MDI
Directory, Azure Networking, Cyber Security,
Sensor installation
Microsoft Intune and many more Azure
Microsoft Defender for Identity Part 04 – Services.
Network Requirements
SOCIAL MEDIA
Step-by-Step guide to Azure Bastion IP-Based
Connection
Microsoft Defender for Identity Part 03 – TAGS
Collect Windows Events
AAD active direcotry Active directory
Active Directory Domain Service AD AD objects
AD replication Azure Azure Active
Directory Azure Active Directory
Domain Service Azure Active Directory
Confidentialité - Conditions
https://www.rebeladmin.com/2019/01/step-step-guide-migrate-active-directory-2012-r2-active-directory-2019-powershell-guide/ 12/13
22/11/2022 10:25 Step-by-Step Guide to Migrate from Active Directory 2012 R2 to Active Directory 2019 (PowerShell Guide) - Technical Blog | REB…
Domain Services
ARCHIVE
Azure AD Azure
CONTACT US
AD connect
PRIVACY POLICY
Azure AD Domain Service Azure Conditional Access Azure
Domain Service Azure Domain Services Azure
HighAvailability Azure IaaS Azure Information Protection
Azure Loadbalancer Azure Networking Azure
PowerShell Azure Region Azure Virtual Machine
Azure Virtual Network azure vm Azure VNet
Conditional Access Conditional Access Policies Data
Protection DC DNS Domain Controller Domain
Service Domain Services FSMO GPO group policies
Group Policy Microsoft PowerShell Replication
Security SSO
Archive Contact us Privacy Policy
Confidentialité - Conditions
https://www.rebeladmin.com/2019/01/step-step-guide-migrate-active-directory-2012-r2-active-directory-2019-powershell-guide/ 13/13
