Migrating Domain Controllers From Server 2008 R2 to Server 2012 R2

In this article, I have documented the steps I took to update our two domain controllers to Server 2012 R2 from Server 2008 R2.  While this can be considered a tutorial, it is more a reflection of what I did during my migration process.  This guide assumes you have already made backups of your environment, all Windows Active Directory Domain Controllers in the forest are running Server 2003 or later, and we will be recycling (reusing) the same two servers you deployed.  Last, Microsoft strongly recommends we do a clean install and not directly upgrade each server, so we will decommission a DC, reinstall windows, and then redeploy the DC until the entire environment has been upgraded.

  1. Prepare the AD Schema for Server 2012 R2
    1. Mount the Server 2012 R2 installation disk on one of your Domain Controllers
      Windows Server 2012 R2 - Mounted DVD
    2. Open up a command prompt with Administrative Privileges and navigate to the /support/adprep folder on the installation media.
      1. Click Start, type cmd, right click select Run as administrator
        Administrative cmd prompt
      2. Execute the command: d:
      3. Execute the command: cd d:\support\adprep
      4. Windows Server 2012 R2 - support-adprep folder
    3. Execute the following command (don't close out of this until after we verify the schema version in an upcoming step):
      1. adprep /forestprep
      2. Type the letter C and press the enter key to begin the process
        adprep forestprep
        adprep forestprep success
    4. Execute the following command:
      1. adprep /domainprep
        adprep domainprep
        adprep domainprep success
    5. Verify the schema version has been updated
      1. Click Start and search for regedit
        regedit
    6. Open up regedit and navigate to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NTDS\Parameters
    7. Verify the Schema Version value matches the last entry shown in your upgrade results.  In my case, the Schema Version should be 69.
      adprep forestprep schema version
      regedit - schema version
  2. Demote and decommission secondary domain controller
    1. Click Start, Run...
      Start-Run
    2. Type dcpromo and click OK
      Run - dcpromo
    3. Click Next > on the Welcome page
      Active Directory Domain Services Installation Wizard - Welcome to the Active Directory Domain Services Installation Wizard
    4. If the domain controller has the global catalog service, make sure your primary DC also has the service enabled and click OK.  This can be done by opening up Active Directory Sites and Services and viewing the services for each domain controller.
      Active Directory Domain Services Installation Wizard - Active Directory domain controller is a global catalog server dialog
    5. Make sure the Delete this domain because this server is the last domain controller in the domain is UNCHECKED, and click Next >
      Active Directory Domain Services Installation Wizard - Delete the domain because this server is the last domain controller in the domain
    6. Type in a new password to be used for the Local Administrator account the machine will contain after it is demoted.
      Active Directory Domain Services Installation Wizard - Administrator Password
    7. Click Next > on the Summary page
      Active Directory Domain Services Installation Wizard - Summary
    8. Check the Reboot on completion box to restart the server after the service has been removed
      Active Directory Domain Services Installation Wizard - Reboot on completion
    9. Log back into the DC upon reboot and open up Server Manager
      Server Manager
    10. In Roles Summary, click Remove Roles
      Server Manager - Remove Role
    11. Click Next > on the Before You Begin page
      Remove Roles Wizard - Before You Begin
    12. Uncheck Active Directory Domain Services and DNS Server (if the role is installed) and click Next >
      Remove Roles Wizard - Remove Server Roles - Active Directory Domain Services - DNS
    13. Click Remove
      Remove Roles Wizard - Confirm Removal Selections
    14. Click Close
      Remove Roles Wizard - Removal Results
    15. Select Yes on the Do you want to restart now? dialog box
      Remove Roles Wizard - Restart Dialog
    16. Log back into the DC upon reboot and you should greeted by a Removal Results window.  Let the process finish and select Close upon removal success.
      Remove Roles Wizard - Resume Configuration Wizard
    17. Disjoin the machine from the domain
      1. Click Start, right click Computer, select Properties
        Start - Computer - Properties
      2. Click Change settings
        Control Panel - System and Security - System - Change settings
      3. Click Change... on the System Properties page
        System Properties
      4. Check Workgroup, type in a workgroup name, and click OK
        Computer Name - Domain Changes - Workgroup
      5. Click OK on the warning dialog
        Computer Name - Domain Changes - Leave domain dialog
      6. Click OK on the Welcome to the workgroup dialog
        Welcome to the workgroup dialog
      7. Click OK on the restart dialog
        You must restart your computer to apply these changes
      8. Click Close on the System Properties window
        (oops, forgot to make a screenshot!)
      9. Click Restart Later on the Microsoft Windows dialog box
      10. Shutdown the machine
        Start - Shut down
    18. Format the decommissioned machine, reinstall a clean copy of Server 2012 R2, and join the machine to the domain.
  3. Add first Server 2012 R2 Domain Controller
    1. At this point, you should have one Server 2008 R2 Domain Controller and a blank Server 2012 R2 machine joined to the domain ready for the Active Directory services.  If you are at this point, continue on, if not, you might want to read back a couple steps and see where things ventured off course.
    2. Start Server Manager on your new Server 2012 R2 machine.
      Server 2012 R2 - Server Manager
    3. Select Manage in the top right and select Add Roles and Features
      Server 2012 - Manage - Add Roles and Features
    4. Click Next > on the Before you begin screen
      Add Roles and Features Wizard - Before you begin
    5. Click Next > on the Select installation type screen
      Add Roles and Features Wizard - Select installation type
    6. Ensure your new server is selected and click Next >
      Add Roles and Features Wizard - Select destination server
    7. Check the box next to Active Directory Domain Services
      Add Roles and Features Wizard - Select server roles
    8. On the Add features that are required for Active Directory Domain Services? dialog, click the Add Features button
      Add Roles and Features Wizard - Add features that are required for Active Directory Domain Services Dialog
    9. Click Next >
      Add Roles and Features Wizard - Select server roles - Active Directory Domain Services Checked
    10. Click Next >
      Add Roles and Features Wizard - Active Directory Domain Services
    11. Check the box that says Restart the destination server automatically if required
      (Click Yes on the restart dialog if it pops up)
      Add Roles and Features Wizard - Confirm installation selections
    12. Click the Install button
      Add Roles and Features Wizard - Confirm installation selections - restart
    13. Once the install is done, click the Close button
      Add Roles and Features Wizard - Installation progress
    14. Next, head back to the Server Manager screen and select the warning icon with the flag; then select Promote this server to a domain controller.
      Server Manager - Promote this server to a domain controller
    15. On the Deployment Configuration page, make sure Add a domain controller to an existing domain is checked and hit Next >
      Active Directory Domain Services Configuration Wizard - Deployment Configuration
    16. Check Domain Name System (DNS) server, Check Global Catalog (GC), and uncheck Read only domain controller (RODC).  Enter a strong password to be used to access Directory Services Restore Mode and click Next >
      Active Directory Domain Services Configuration Wizard - Domain Controller Options
    17. Click Next > on the DNS Options page
      Active Directory Domain Services Configuration Wizard - DNS Options
    18. Click Next > on the Additional Options page, or if you would like, you can manually select a domain controller to replicate data from and then hit Next >.
      Active Directory Domain Services Configuration Wizard - Additional Options
    19. Click Next > on the Paths page
      Active Directory Domain Services Configuration Wizard - Paths
    20. Click Next > on the Review Options page
      Active Directory Domain Services Configuration Wizard - Review Options
    21. Click Install on the Prerequisites Check page
      Active Directory Domain Services Configuration Wizard - Prerequisites Check
    22. Once the domain controller reboots after installation, open up Server Manager and select Tools, Active Directory Users and Computers
      Server Manager - Active Directory Users and Computers
    23. Expand your Domain and select Domain Controllers; ensure your new machine shows up here.
      Active Directory Users and Computers - Domain Controllers
    24. Next, verify DNS works properly
      1. Go back to Server Manager, select Tools, DNS
        Server Manager - DNS
      2. Expand your server, Forward Lookup Zones, and right click on your domain name and select Properties
        DNS - Domain Name - Properties
      3. Select the Name Servers tab and ensure all DCs are listed
        DNS - Properties - Name Servers
  4. Next, we need to verify the FSMO (Flexible Single Master Operations) roles are stored on our other server 2008 DC
    1. On the new Server 2012 R2 DC we joined, open up a command prompt with administrative privileges.
      Server 2012 - Administrative Command Prompt
    2. Execute the following command to verify FSMO roles are on our 2008 DC:
      netdom query fsmo
      netdom query fsmo
  5. Next, we need to transfer the FSMO roles from our primary DC to our new one
    1. Execute the following command using the same command prompt in the previous steps: ntdsutil
      ntdsutil
    2. Type roles when prompted and hit enter
      ntdsutil - roles
    3. Type connections when prompted and hit enter
      ntdsutil - roles - connections
    4. Type connect to server server2012DC.mydomain.com, where server2012DC is the new DC we just deployed, when prompted and hit enter
      ntdsutil - roles - connections - connect to server
    5. Type quit and hit enter
      ntdsutil - roles - connections - connect to server - quit
    6. Type transfer schema master and hit enter
      ntdsutil - transfer schema master
    7. Click Yes on the Role Transfer Dialog for the Schema Master role
      Role Transfer Confirmation Dialog - Schema Master
    8. Type transfer naming master and hit enter
      ntdsutil - transfer naming master
    9. Click Yes on the Role Transfer Confirmation Dialog for the Naming Master role
      Role Transfer Confirmation Dialog - Naming Master
    10. Type transfer PDC and hit enter
      ntdsutil - transfer PDC
    11. Click Yes on the Role Transfer Configuration Dialog for the Primary Domain Controller role
      Role Transfer Confirmation Dialog - Primary Domain Controller
    12. Type transfer RID master and hit enter
      ntdsutil - transfer RID master
    13. Click Yes on the Role Transfer Configuration Dialog for the RID master role
      Role Transfer Confirmation Dialog - RID master
    14. Type transfer infrastructure master and hit enter
      ntdsutil - transfer infrastructure master
    15. Click Yes on the Role Transfer Configuration Dialog for the Infrastructure Master role
      Role Transfer Confirmation Dialog - Infrastructure Master
    16. Type quit and hit enter
      ntdsutil - fsmo maintenance - quit
    17. Type quit and hit enter
      ntdsutil - quit
    18. Execute the following command to ensure the FSMO services are on the new Server 2012 R2 machine: netdom query fsmo
      netdom query fsmo - moved dc
  6. At this point, you should have a Server 2012 R2 DC with the FSMO roles and a secondary 2008 R2 Domain Controller.  If not, please go back and complete the steps to get to this point.
  7. Optional Step: After upgrading the first DC, you may want to reconfigure the machine to keep its time in sync with an external source.  To do this, please follow my guide here: http://jackstromberg.com/2013/10/configuring-external-time-source-on-your-primary-domain-controller/
  8. Next, decommission the last Server 2008 R2 domain controller that used to function as the primary DC.
    1. Follow the same instructions in Step 2 above called Demote and decommission secondary domain controller
  9. Next, add the machine back to the domain
    1. Follow the same instructions in Step 3 above called Add first Server 2012 R2 Domain Controller
  10. At this point, your environment should be up and running with Windows Server 2012 R2!  You can optionally transfer the FSMO roles back to your "primary" DC that you had before, or continue on with the roles left on the current DC.

Notes

Official information on removing a domain controller from the domain can be found on Microsoft's website here: http://technet.microsoft.com/en-us/library/cc771844(v=ws.10).aspx

94 thoughts on “Migrating Domain Controllers From Server 2008 R2 to Server 2012 R2

  1. Bandito

    By far the easiest and most concise article I've read on this subject! I will definitely be referencing this when we upgrade our DCs to 2012 R2.

    Reply
  2. Freddie

    Hi Jack,

    This article seems to be the best and the easiest to follow for successfully migration.
    It is a free give away.

    Thank you so much Jack.

    Reply
  3. Oleg

    Thanks Kevin, exellent article!

    One more question: can we use GUI (AD Users and Computers, AD Domains and Trusts) to transfer FSMO roles, instead "ntdsutil"?

    Reply
    1. Jack Post author

      Hi Oleg,

      You can definitely transfer the roles via the GUI methods. I don't go into moving them via the GUI in this guide as it seemed to be less steps doing it the command line way and also was an easy way to verify/double check the roles transferred. I would stick to whatever method you are comfortable with as long as you have verified the roles have been moved before removing the primary DC.

      Jack

      Reply
  4. Shaun VT

    Very nice article.

    Easy to follow,.

    One thing that would maybe be worth mentioning is that you had to change the authorative time server in the domain before. I'm not sure if this is the case still.

    So make the new PDC emulator an authorative time server and state which time server it should update from. You would also then need to point the 2nd DC to the PDC as its time source.

    Many Thanks.

    Shaun

    Reply
    1. Yohan John

      I am trying to install 2012 R2 DC in our single domain 11 DCs enterprise. The first DC is a DNS server and the second DC is DHCP server and these two hold all the 5 FSMO roles. I am little confused how to proceed.
      Can I build a 2012 DC join it to the existing domain and convert it to DC while joined to the domain and make it a DNS server while the 2008 R2 DC is still alive in the same domain? or what is the process I should take. Would be grateful for your kind advise. Thanks in advance.

      Reply
      1. Jack Post author

        Hi Yohan,

        If the FSMO roles are scattered, you could spin up a 2012 R2 DC and join it to the domain as a member server. Once a member server, upgrade it to a Domain Controller and move the FSMO roles over to it and ensure it is also functioning as a DNS server. Once verified DNS and the FSMO roles are on the new 2012 R2 machine, retire one of the Server 2008 R2 machines and replace it with another Server 2012 R2 machine. Move the DHCP role from the remaining 2008 R2 machine in the environment to the new 2012 R2 DC.

        Hope this helps!
        Jack

        Reply
  5. EricP

    Great Article!

    After you demote and remove the server from the domain, for some reason Microsoft doesn't remove the Demoted server(s) from the servers list on Active Directory Sites and Services, it is safe to just remove the demoted server.

    Reply
    1. Jack Post author

      Hi Eric,

      I would recommend running the netdom query fsmo command to ensure the fsmo roles have been removed off the machine. Once you have verified none of them are running on it, you can demote the server.

      Jack

      Reply
  6. Melanie Rutberg

    Hello, I just wanted to comment as well that these instructions are great!

    I recently used these instructions to migrate my (2) Windows 2008 R2 Domain Controllers to Windows 2012R2 DCs.

    As part of the project we migrated the DCs to new hardware running 2012R2. We also retained the original servers names and IPs.

    There was minimal downtime for the environment and so far the 2012R2 DCs are running fine with all of our Enterprise Applications.

    Thanks Jack! I don't think our migration would have gone nearly as smooth without this!
    Melanie

    Reply
  7. Mark

    Excellent article... thanks for taking the time to put it together! We were able to migrate our 2 Win2008R2 domain controllers to 2 new Win2012R2 servers and found these instructions to be very helpful. Much appreciated!

    Reply
  8. JD

    After the migration, were the client computers able to connect without any changes on their end? I'm getting ready to do this for the first time in my career, and I just want to make sure I have all of my bases covered.

    Reply
    1. Jack Post author

      Yep, the clients will reconnect back. If you have a second DC, the clients should automatically failover to the secondary. However, if you only have one DC, the clients should reconnect once it is back online.

      Jack

      Reply
      1. JD

        Great, thank you for you reply, and thank you for taking the time to create this guide. I am going to try it over the weekend. Fingers are crossed. 😀

        Reply
        1. Jack Post author

          Good luck! Just make sure you follow the steps closely and you should be golden. It isn't a race, so take your time to verify each step. Your secondary DC should takeover while you upgrade, so your clients shouldn't notice any downtime.

          Please let me know how it goes!
          Jack

          Reply
          1. JD

            At this time, we have a single domain environment, so there will be some downtime, however, that's why I'm doing this on a Saturday, and we are a small business, so it shouldn't be too painful. The new environment will have two domain servers for redundancy purposes. I will keep you up to date, and thank you again! I feel this post will be a life saver.

          2. Jack Post author

            Actually, you still shouldn't experience much downtime even with one DC. What I would do is follow Step 1 (Prepare the AD Schema for Server 2012 R2) and stop at that point. Rather than following step 2 on demoting the DC (this would be a bad idea since you would have no more DCs in your domain), skip to Step 3 (Add first Server 2012 R2 Domain Controller). Once you have up the new DC, configure your DHCP scope and clients with static IPs to use the new DC's IP address for DNS. Once that is done, you should be able to safely retire the 2008 R2 machine without your clients noticing any downtime.

            Hope this helps!
            Jack

  9. JD

    Great, thanks for the advice! I'm going to start the work shortly, and I'm confident that your post will help me tremendously.

    Reply
  10. Kiran Gandhi

    Hi Jack, this is an excellent article. I want to upgrade our 2008 R2 DCs to Server 2012 R2.
    I have a envmt. of 3 sites, includes 10 DCs of Root Domain, Child, Tree Domain, RODC.

    My requirement is I want to retain the demoted server host name & IP address to be used on the new DCs. Many of our applications are configured with LDAP queries pointing to DN of the DC. How can I configure the new DC with the same host name & IP? Will the AD Site & Serivces clear up records pertaining to the host name & IP of the demoted DC?

    Appreciate your time and assistance.

    Regards,
    Kiran Gandhi

    Reply
    1. Jack Post author

      Hi Kiran,

      You will have to demote the old server, disjoin it from the domain, add it back as a Server 2012 R2 machine, promote it to a DC, and then you should be fine. Unfortunately, you would experience downtime if you have your applications pointed directly to a specific DC.

      Jack

      Reply
  11. Ron

    Awesome article. I really appreciate the attention to detail and the precise instructions you gave. Made my life soooo much easier.

    Thanks

    Reply
  12. hassan

    Hi, I have a domain controller in 2008 R2 and a backup domain in 2008 R2 as well. I am going to upgrade my backup domain to 2012 R2 first. But my DNS is available in both DC but DHCP is integrated only with PDC and when I upgrade how can I transfer these services to 2012 R2 machine? I want make the new 2012 R2 machine as PDC after the upgrade. Later remaining 2008 R2 machine will be upgraded to 2012 R2 as well.
    Also when I do the upgrade can I change the NAME and IP address? Will this have any effect for client machines?

    Hi, if have a domain controller with integrated DNS and DHCP, what will happen to these services when I migrate? In 2012r2 domain do I need to do any extra steps for this.
    Also can I use a different name and IP address for the new domain controller and will it have any effect on the client PCs,

    Reply
    1. Jack Post author

      Hi Hassan,

      I merged your posts together.

      DNS will not be affected during the migration as long as you check to have DNS installed during the domain controller installation (Step 16).

      As far as DHCP goes, you will have to manually reinstall that once you have completed the migration. I would follow my guide here on how to migrate your DHCP settings from one server to your new one: http://jackstromberg.com/2013/10/migrate-dhcp-role-from-server-2008-r2-to-server-2012-r2/

      Last, if you change your DC to a new name and IP address, you should be fine provided you update your DHCP server to reflect the changes as well as update any machines that you have set static IP addresses on.

      Hope this helps!
      Jack

      Reply
  13. ALex

    Hello Jack, this is article is AWESOME! Anyway I'm preparing to upgrade our Windows 2008 R2 to 2012 R2, I have Exchange server 2007 on the DC ( we have just one DC) , how should I work on it ? I would like to upgrade Exchange too, but how can I move ? Should I upgrade Exchange in first and then upgrade 2008 R2 to 2012 R2 or vice versa ?

    Thank you in advance!

    Alex

    ps. How should I move the file system ( really big) to the new server 2012 R2 ?

    Reply
    1. Jack Post author

      Hi Alex,

      Unfortunately, there isn't an easy way to perform a migration with a single server in your environment. Unless this is a virtual machine, I would highly recommend seeing if you can purchase another server to upgrade. If you can get approval for a second machine, I would install Server 2012 R2 on the new machine, promote it as a domain controller, and then begin bringing additional roles over to the new machine. I would then keep the second server as your Exchange Server or File Server to help take some stress off your DC.

      Sorry I don't have a better solution, but an in-place upgrade with that many dependencies could get fairly difficult, especially if you cannot take an image of the machine to redeploy in the event an upgrade fails.

      Hope this helps!
      Jack

      Reply
  14. Faisal

    Hi Jack,

    Thanks for sharing such a nice article with us, can you please share the steps; how can we migrate domain controller when our organisation already used Exchange Server 2007/2010 infrastructure?

    Thanks in adv..
    Regards,
    Faisal

    Reply
    1. Jack Post author

      Hi Faisal,

      Is Exchange currently deployed on the controller? If it is currently deployed on the DC, I would encourage you to try and move it to another machine.

      If you have Exchange deployed on a member server or it was previously deployed and is no longer being used, you should be able to follow the guide below without any issues.

      Hope this helps!
      Jack

      Reply
  15. Pingback: New Windows Server 2012 DC

  16. NickSP

    Hi Jack,
    Do you know if there are some issues about client logons, GPOs changes, active directory integrated applications, for example, Exchange, Checkpoit, Wireless APs, Proxies, Websense, etc when I migrate the AD and raise the Forest Functional Level and Domain Functional Level to WS2012R2?
    Thanks in advance.

    Reply
    1. Jack Post author

      Hi Nick,

      Unfortunately, this is something you will neeed to research. I do not know what your existing environment looks like, so it very much depends.

      Sorry!
      Jack

      Reply
  17. Pingback: Domain Migration from Server 2008 R2 to Server 2012 R2 - vsexplorer.com

  18. Pingback: How to detect applications using "hardcoded" DC name or IP? | MS Tech BLOG

  19. Matthew

    Hi Jack,

    Thanks for this guide it looks great. I am just about to move our 2008R2 DC into new infrastructure and migrating it to 2012R2, at the same time introduce a BDC. I need to make sure there will be no effect on our GPOs, Can you tell me if all GPOs will be migrated without issue?

    Thanks in advance!

    Matt

    Reply
  20. latif

    it looks great. it will be the same step even if i install server 2012 in different machine. there will be disturbance to the client computer..

    Reply
    1. Jack Post author

      Hi Harry,

      The wizard might do this for you, however through the command line method you can verify the schema changes are made and replicated successfully through your environment before making additional changes. Additionally, if you don't have the resources to deploy another DC to run through this process, this would be an alterative to that.

      Jack

      Reply
      1. Harry

        another question ,
        as many of our other servers have hard coded dnsname and IPs for current DCs. (2008R2s)

        i am planning to introduce a new 2012R2 VM , promote as DC move all roles to this.
        then remove both existing 2008R2 DCs from domain, and rebuild these two as 2012R2 but i then intend to keep same name and IPs , and then promote these two, move roles back to new primary dc , and at the end get rid of temp DC VM.

        keeping two DCs with same name and IPs with new OS.
        hope this won't cause any issues . in terms of AD had similar names for old servers 2008 R2, i believe that will get disabled/delete them from AD once they dis-joined domain .

        Reply
        1. Jack Post author

          You can reuse the names and IPs, but you cannot have them in use at the same time (you will need to demote the DC and then delete the VM before turning on the new Server 2012 instance).

          Jack

          Reply
  21. Sean

    I felt the need to say well done. Stumbled onto this article last week and have passed it to two peers this week who are planning their migrations. I had already done a lot of the research as I'm planning a domain upgrade for next week.
    Do you mind if I use this article in my documentation? If I re do the screenshots in my environment and add the raise functional level it just about cover what Ill be doing next week.
    Thanks

    Reply
    1. Jack Post author

      Hey Sean,

      You can use this article for internal documentation as long as you reference this site and not republish it online.

      That being said, Good Luck!, and please let me know how it goes! 🙂
      Jack

      Reply
  22. Haroula

    Hi Jack,

    This is the best article I have come across in relation to this process but one part I am confused about.
    Can you please advise on how and when you make the changes to keep the same IP address on the new 2012 server ?

    Thanks in advance

    Reply
      1. Haroula

        Hi Jack,

        So say you have 2 DC's with 2008 R2 and one newly created DC with 2012 R2.
        You want to decommission DC01 2008R2 which has the ip address .101 at the moment but needs to be transferred to the 2012 box which is already up with a temporary ip address of 103.
        At which stage do you make the change?

        Reply
  23. Mo

    Jack,

    Excellent article and very clear and concise. I will be migrating a clients current failing 2008 R2 DC to a 2012 DC. Thus far I have built a virtual environment and using a backup solution backed-up and then spun a duplicate 2008 DC in a VM environment. I have created a VLAN and the duplicate 2008 DC and the new 2012 server will not interact with the production environment but will retain the same addressing scheme. I intend on using your method to upgrade to a 2012 DC and then place it into production. What in your opinion are possible issues I could bump into? I am trying to limit the associated downtime as much as possible that's why I am testing in a vm environment prior to putting the upgraded DC into production.

    Reply
    1. Jack Post author

      Hello Mo,

      If you follow the guide you should not experience any downtime. I would not introduce the DC you upgraded in your test environment into the production environment. The commands should be run directly in your production environment to ensure you don't experience replication issues or loss of data during the migration.

      Jack

      Reply
  24. Pingback: Migrating from Windows Server 2008 R2 to Windows Server 2012 R2 - Tangent Thoughts - Site Home - TechNet Blogs

  25. Adele

    hi,
    nice write out for a newbie like me

    can i know can i use this method if i going to upgrade old current 2008r2 to a brand new PC to 2012 R2?

    The scope for migration services below:

    1. Installation of WinServer 2012r2 on new server
    2. Installation of MS SQLServer Express Edition 2012
    3. Active Directory Domain Services
    4. Application Server
    5. DNS Server
    6. File Service
    7. Network Policy
    8. Print Service
    9. Web Server
    10. Migration of users and files from the old server

    Thank you in advance.

    Rgs,
    Adele

    Reply
    1. Jack Post author

      Hi Adele,

      This process should work fine. Just make the decommissioning process of the older DC last and you should be fine.

      Jack

      Reply
  26. Lukas

    Very good article. Just used it to move our DC from DC.domain.local (Server 2008 R2) to DC1.domain.local (Server 2012 R2) and will also be adding DC2.domain.local (Server 2012 R2). Thank you for your help!!

    Reply
  27. rahul bodhe

    Hi Jack,
    This is really awesome guide thank you so much for the step by step guide i really like it. one question i have
    we need to migrate windows 2008 ADC and exchange 2010 to windows 2012 OS. do i need to run adprep and domainprep on exchange 2010 also forest function level is up windows 2008 already and we have install exchange 2010 sp3 also.
    please help me for the same
    thanks in advance
    Regards,

    Reply
    1. Jack Post author

      You will want to extend the schema as mentioned in the article to support the Server 2012 AD environment. You will only have to run this once against your domain, you do not need to run it from your Exchange server.

      Hope this helps,
      Jack

      Reply
  28. John

    Hi Jack,

    We have DC running windows 2008 R2 and exchange 2010 SP3 running in windows server 2012 from different server machine. We want to migrate our DC to Windows 2012 under new server machine. Can I follow this method, will there be no configuration in exchange server side? and what are the things we need to consider for this kind of migration.

    Thanks in advance,

    John

    Reply
    1. Jack Post author

      Correct, you should be able to stand up a new Server 2012 R2 machine, migrate the FSMO roles over, and then decommission your old DC.

      Jack

      Reply
  29. B. Jena

    Its really a great article. Thanks a lot for all your effort to wirte this article.

    Could you please suggest the stpes to migrate the NPS/Radius server, which currently hosted on multiple DC's.

    Reply
  30. Mohamed Abd Elhamid

    Thanks for your efforts
    if DC 2008 with Exchange environment we need change any steps or add it

    Reply
    1. Jack Post author

      Yes, you will need to migrate the exchange roles and services to the other machine before shutting it down. That process is outside the scope of this document.

      Jack

      Reply
  31. Greg

    Fabulous article Jack!

    In moving from old Server 2008r2 to new Server 2012 machine, are there special considerations when the company uses redirected folders?

    Thanks again!

    Reply
    1. Jack Post author

      Hi Greg,

      You have the files pointed to your file cluster, not the DC, correct? As long as there aren't any dependencies to a specific DC, you should be alright.

      Jack

      Reply
  32. Adrian

    Hi Jack,

    I just had to say, thanks very much for this article. Brilliant, concise, easy to follow and 100% accurate. I'd never done an AD upgrade before, and everything went really smoothly thanks to you and your awesome article.

    Much obliged!!

    -Adrian

    Reply
  33. David Bridwell

    Awesome write up! I have two 2008r2 DC's and one 2012r2, will be using this guide when I upgrade them in the near future.

    Many Thanks in Advance!

    David

    Reply
  34. dinero

    Hi Jack

    Can you please let me know the steps to implement below process asked by someone else on this blog.. we need to retain the OLD DC (2008 R2) IP Address....how and when to migrate the IP address to New DC (2012 R2)

    So say you have 2 DC’s with 2008 R2 and one newly created DC with 2012 R2.
    You want to decommission DC01 2008R2 which has the ip address .101 at the moment but needs to be transferred to the 2012 box which is already up with a temporary ip address of 103.
    At which stage do you make the change?

    Reply
    1. Jack Post author

      The tutorial covers this scenario. Deprovision the secondary DC, redeploy with Server 2012 R2, promote as PDC (move FISMO roles), deprovision old primary, redeploy as Server 2012 R2, move FISMO roles as needed.

      Reply
    1. Jack Post author

      I have not tested 2008 R2 to 2016. I'm assuming the process is fairly similar, but definitely proceed at your own risk. I'd recommend setting up a lab first.

      Jack

      Reply
  35. Karlo

    hello Jack,

    I still haven't got a response yet from last November i'm posting my question again. Just wanted to know whether it’s necessary to insert the server 2012 CD into the server 2008 machine when performing the upgrade? i have 2 separate servers, one which is server 2008 and a new one which is 2012. From which step should i proceed.

    Reply
      1. Karlo

        Thanks for your reply Jack. but why do i need the disk to migrate from 2008 R2 to 2012 R2 ? after i insert the disk 2012 R2 inside 2008 server and run forestprep command as shown, then, do i insert the CD in 2012 R2 server ?

        sorry but im new to this 🙂
        Thanks again Jack

        Reply
  36. Frank Roberts

    Jack - You are the MAN! Excellent article. Instructions worked perfectly as I was setting up Windows Server 2012 R2 DC on a new machine and migrating from Windows Server 2008R2 DC I had setup in VirtualBox on my macMini. Thanks for the step by step instructions. Also thanks for the other article on setting up external time server, especially since my office domain had always been ahead by 7 minutes and I couldn't figure out how to get it to the current time.

    Reply
  37. Kevin Murphy

    I'm trying to do an upgrade of 2 Servers 2008r2 x64 SP1 Standard to Server 2012r2 standard.
    Server 1 is HP ProLiant D380p gen 8, (File server, User profiles on D:\) DC, fully patched and relevant drivers updated as per HP recommendations.
    Server 2 is HP ProLiant D385p gen 8, (Mail, SQL, etc..) DC, fully patched and relevant drivers updated as per HP recommendations.
    Have tried an in place upgrade which errored with “upgrades to this build have been disabled!”
    Cant find out why this is happening so will have to go a different upgrade path.
    I have a spare machine that I could install server 2012R2 on, add to domain, and transfer fsmo roles from Server 1 to new 2012r2 box. At this point would users be able log on?
    The next step would be to demote Server 1 . At this point would users be able to log on again? Or not until old server 1 had server 2012 installed, added to domain and roles transferred back again?

    Reply
    1. Jack Post author

      If you add another server to the mix, promote it to become a domain controller, and DNS records can resolve to it; your users should be able to authenticate to that machine. Not sure about the inplace upgrade error; as mentioned in the guide, I try to stay away from those due to the exact headaches you are experiencing 😉

      Reply
  38. James

    Thanks for the write up!

    Quick question, My current setup is 2- 2008R2 and 1-2012R2 Domain controllers. Since i already have a 2012R2 DC up and running, Do i still need to run the ADPREP commands on the 2008's before i DCPROMO them?

    Thanks

    Reply
    1. Jack Post author

      If you already promoted a 2012 R2 DC, then you should be good to go to add the second. You can run the adprep command to verify if you want.

      Reply
  39. Norman

    Will this have any negative effects on our Exchange 2010 server? Will we have any problems with email during this change?

    Reply
    1. Jack Post author

      Provided your Exchange environment is not on the DCs themselves and you do the rolling update, you shouldn't notice an outage. As with everything, test whenever possible.

      Reply
  40. RSKhan

    Hi Jack,

    I want to migrate windows 2003 physical server to 2016 virtual server in VMware and that 2003 server has running DHCP, AD DS and Radius services. I have already created the vm and installed windows server 2016 which is getting IP from 2003 DHCP server but I did not join it to the domain yet.

    Should I follow the same procedure like you have mentioned? Any suggestion?
    Thanks in advance !!

    Reply
  41. John

    Feedback: you can improve the article by including full screenshots without censorship.

    use dummy or lab Servers, instead of using live production servers.

    Reply
    1. Jack Post author

      In most cases lab/test environments would be used and are recommended, however the purpose of the document was to be a reflection upon something that I had completed many years ago (crazy to think this is 5 years old when I first published this) of an actual migration vs a simple test/lab environment that may not reflect an actual environment with active end users. The goal is to give folks a chance to see what others have done in a real environment. The censoring is only of server names/FQDNs, no steps or general information has been censored otherwise.

      Hope this helps!
      Jack

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *