Migrating Domain Controllers From Server 2008 R2 to Server 2012 R2

94 Replies

In this article, I have documented the steps I took to update our two domain controllers to Server 2012 R2 from Server 2008 R2. While this can be considered a tutorial, it is more a reflection of what I did during my migration process. This guide assumes you have already made backups of your environment, all Windows Active Directory Domain Controllers in the forest are running Server 2003 or later, and we will be recycling (reusing) the same two servers you deployed. Last, Microsoft strongly recommends we do a clean install and not directly upgrade each server, so we will decommission a DC, reinstall windows, and then redeploy the DC until the entire environment has been upgraded.

Prepare the AD Schema for Server 2012 R2
1. Mount the Server 2012 R2 installation disk on one of your Domain Controllers
2. Open up a command prompt with Administrative Privileges and navigate to the /support/adprep folder on the installation media.
  1. Click Start, type cmd, right click select Run as administrator
  2. Execute the command: d:
  3. Execute the command: cd d:\support\adprep
3. Execute the following command (don't close out of this until after we verify the schema version in an upcoming step):
  1. adprep /forestprep
  2. Type the letter C and press the enter key to begin the process
4. Execute the following command:
  1. adprep /domainprep
5. Verify the schema version has been updated
  1. Click Start and search for regedit
6. Open up regedit and navigate to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NTDS\Parameters
7. Verify the Schema Version value matches the last entry shown in your upgrade results. In my case, the Schema Version should be 69.
Demote and decommission secondary domain controller
1. Click Start, Run...
2. Type dcpromo and click OK
3. Click Next > on the Welcome page
4. If the domain controller has the global catalog service, make sure your primary DC also has the service enabled and click OK. This can be done by opening up Active Directory Sites and Services and viewing the services for each domain controller.
5. Make sure the Delete this domain because this server is the last domain controller in the domain is UNCHECKED, and click Next >
6. Type in a new password to be used for the Local Administrator account the machine will contain after it is demoted.
7. Click Next > on the Summary page
8. Check the Reboot on completion box to restart the server after the service has been removed
9. Log back into the DC upon reboot and open up Server Manager
10. In Roles Summary, click Remove Roles
11. Click Next > on the Before You Begin page
12. Uncheck Active Directory Domain Services and DNS Server (if the role is installed) and click Next >
13. Click Remove
14. Click Close
15. Select Yes on the Do you want to restart now? dialog box
16. Log back into the DC upon reboot and you should greeted by a Removal Results window. Let the process finish and select Close upon removal success.
17. Disjoin the machine from the domain
  1. Click Start, right click Computer, select Properties
  2. Click Change settings
  3. Click Change... on the System Properties page
  4. Check Workgroup, type in a workgroup name, and click OK
  5. Click OK on the warning dialog
  6. Click OK on the Welcome to the workgroup dialog
  7. Click OK on the restart dialog
  8. Click Close on the System Properties window
    (oops, forgot to make a screenshot!)
  9. Click Restart Later on the Microsoft Windows dialog box
  10. Shutdown the machine
18. Format the decommissioned machine, reinstall a clean copy of Server 2012 R2, and join the machine to the domain.
Add first Server 2012 R2 Domain Controller
1. At this point, you should have one Server 2008 R2 Domain Controller and a blank Server 2012 R2 machine joined to the domain ready for the Active Directory services. If you are at this point, continue on, if not, you might want to read back a couple steps and see where things ventured off course.
2. Start Server Manager on your new Server 2012 R2 machine.
3. Select Manage in the top right and select Add Roles and Features
4. Click Next > on the Before you begin screen
5. Click Next > on the Select installation type screen
6. Ensure your new server is selected and click Next >
7. Check the box next to Active Directory Domain Services
8. On the Add features that are required for Active Directory Domain Services? dialog, click the Add Features button
9. Click Next >
10. Click Next >
11. Check the box that says Restart the destination server automatically if required
  (Click Yes on the restart dialog if it pops up)
12. Click the Install button
13. Once the install is done, click the Close button
14. Next, head back to the Server Manager screen and select the warning icon with the flag; then select Promote this server to a domain controller.
15. On the Deployment Configuration page, make sure Add a domain controller to an existing domain is checked and hit Next >
16. Check Domain Name System (DNS) server, Check Global Catalog (GC), and uncheck Read only domain controller (RODC). Enter a strong password to be used to access Directory Services Restore Mode and click Next >
17. Click Next > on the DNS Options page
18. Click Next > on the Additional Options page, or if you would like, you can manually select a domain controller to replicate data from and then hit Next >.
19. Click Next > on the Paths page
20. Click Next > on the Review Options page
21. Click Install on the Prerequisites Check page
22. Once the domain controller reboots after installation, open up Server Manager and select Tools, Active Directory Users and Computers
23. Expand your Domain and select Domain Controllers; ensure your new machine shows up here.
24. Next, verify DNS works properly
  1. Go back to Server Manager, select Tools, DNS
  2. Expand your server, Forward Lookup Zones, and right click on your domain name and select Properties
  3. Select the Name Servers tab and ensure all DCs are listed
Next, we need to verify the FSMO (Flexible Single Master Operations) roles are stored on our other server 2008 DC
1. On the new Server 2012 R2 DC we joined, open up a command prompt with administrative privileges.
2. Execute the following command to verify FSMO roles are on our 2008 DC:
  netdom query fsmo
Next, we need to transfer the FSMO roles from our primary DC to our new one
1. Execute the following command using the same command prompt in the previous steps: ntdsutil
2. Type roles when prompted and hit enter
3. Type connections when prompted and hit enter
4. Type connect to server server2012DC.mydomain.com, where server2012DC is the new DC we just deployed, when prompted and hit enter
5. Type quit and hit enter
6. Type transfer schema master and hit enter
7. Click Yes on the Role Transfer Dialog for the Schema Master role
8. Type transfer naming master and hit enter
9. Click Yes on the Role Transfer Confirmation Dialog for the Naming Master role
10. Type transfer PDC and hit enter
11. Click Yes on the Role Transfer Configuration Dialog for the Primary Domain Controller role
12. Type transfer RID master and hit enter
13. Click Yes on the Role Transfer Configuration Dialog for the RID master role
14. Type transfer infrastructure master and hit enter
15. Click Yes on the Role Transfer Configuration Dialog for the Infrastructure Master role
16. Type quit and hit enter
17. Type quit and hit enter
18. Execute the following command to ensure the FSMO services are on the new Server 2012 R2 machine: netdom query fsmo
At this point, you should have a Server 2012 R2 DC with the FSMO roles and a secondary 2008 R2 Domain Controller. If not, please go back and complete the steps to get to this point.
Optional Step: After upgrading the first DC, you may want to reconfigure the machine to keep its time in sync with an external source. To do this, please follow my guide here: http://jackstromberg.com/2013/10/configuring-external-time-source-on-your-primary-domain-controller/
Next, decommission the last Server 2008 R2 domain controller that used to function as the primary DC.
1. Follow the same instructions in Step 2 above called Demote and decommission secondary domain controller
Next, add the machine back to the domain
1. Follow the same instructions in Step 3 above called Add first Server 2012 R2 Domain Controller
At this point, your environment should be up and running with Windows Server 2012 R2! You can optionally transfer the FSMO roles back to your "primary" DC that you had before, or continue on with the roles left on the current DC.

Notes

Official information on removing a domain controller from the domain can be found on Microsoft's website here: http://technet.microsoft.com/en-us/library/cc771844(v=ws.10).aspx

94 thoughts on “Migrating Domain Controllers From Server 2008 R2 to Server 2012 R2”

Bandito December 19, 2013 at 9:44 am

By far the easiest and most concise article I've read on this subject! I will definitely be referencing this when we upgrade our DCs to 2012 R2.

Reply ↓
1. Jack Post authorDecember 19, 2013 at 9:49 am
  
  Thanks for the feedback Bandito! 🙂
  
  Reply ↓
Freddie December 27, 2013 at 10:04 pm

Hi Jack,

This article seems to be the best and the easiest to follow for successfully migration.
It is a free give away.

Thank you so much Jack.

Reply ↓
1. Jack Post authorDecember 28, 2013 at 9:54 am
  
  Thank you for the feedback Freddie! 🙂
  
  Reply ↓
Kevin January 14, 2014 at 8:36 pm

Nicely written article, very informative.

Reply ↓
1. Jack Post authorJanuary 14, 2014 at 10:05 pm
  
  Thanks Kevin!
  
  Reply ↓
Oleg January 29, 2014 at 1:37 pm

Thanks Kevin, exellent article!

One more question: can we use GUI (AD Users and Computers, AD Domains and Trusts) to transfer FSMO roles, instead "ntdsutil"?

Reply ↓
1. Jack Post authorJanuary 29, 2014 at 1:42 pm
  
  Hi Oleg,
  
  You can definitely transfer the roles via the GUI methods. I don't go into moving them via the GUI in this guide as it seemed to be less steps doing it the command line way and also was an easy way to verify/double check the roles transferred. I would stick to whatever method you are comfortable with as long as you have verified the roles have been moved before removing the primary DC.
  
  Jack
  
  Reply ↓
Shaun VT January 29, 2014 at 2:46 pm

Very nice article.

Easy to follow,.

One thing that would maybe be worth mentioning is that you had to change the authorative time server in the domain before. I'm not sure if this is the case still.

So make the new PDC emulator an authorative time server and state which time server it should update from. You would also then need to point the 2nd DC to the PDC as its time source.

Many Thanks.

Shaun

Reply ↓
1. Jack Post authorJanuary 29, 2014 at 11:13 pm
  
  Hey Shaun,
  
  I noticed the same problem too with the time after upgrading! I actually have a second article relating to this here: http://jackstromberg.com/2013/10/configuring-external-time-source-on-your-primary-domain-controller/
  
  I have added a note to optionally configure the PDC to sync to an external time source in step 7.
  
  Appreciate the feedback!
  Jack
  
  Reply ↓
2. Yohan John April 21, 2014 at 4:40 pm
  
  I am trying to install 2012 R2 DC in our single domain 11 DCs enterprise. The first DC is a DNS server and the second DC is DHCP server and these two hold all the 5 FSMO roles. I am little confused how to proceed.
  Can I build a 2012 DC join it to the existing domain and convert it to DC while joined to the domain and make it a DNS server while the 2008 R2 DC is still alive in the same domain? or what is the process I should take. Would be grateful for your kind advise. Thanks in advance.
  
  Reply ↓
  1. Jack Post authorApril 21, 2014 at 7:10 pm
    
    Hi Yohan,
    
    If the FSMO roles are scattered, you could spin up a 2012 R2 DC and join it to the domain as a member server. Once a member server, upgrade it to a Domain Controller and move the FSMO roles over to it and ensure it is also functioning as a DNS server. Once verified DNS and the FSMO roles are on the new 2012 R2 machine, retire one of the Server 2008 R2 machines and replace it with another Server 2012 R2 machine. Move the DHCP role from the remaining 2008 R2 machine in the environment to the new 2012 R2 DC.
    
    Hope this helps!
    Jack
    
    Reply ↓
EricP February 16, 2014 at 5:50 pm

Great Article!

After you demote and remove the server from the domain, for some reason Microsoft doesn't remove the Demoted server(s) from the servers list on Active Directory Sites and Services, it is safe to just remove the demoted server.

Reply ↓
1. Jack Post authorFebruary 28, 2014 at 2:02 pm
  
  Hi Eric,
  
  I would recommend running the netdom query fsmo command to ensure the fsmo roles have been removed off the machine. Once you have verified none of them are running on it, you can demote the server.
  
  Jack
  
  Reply ↓
JoelaFrite March 10, 2014 at 10:46 am

Thx very much !

Reply ↓
Melanie Rutberg March 17, 2014 at 2:21 pm

Hello, I just wanted to comment as well that these instructions are great!

I recently used these instructions to migrate my (2) Windows 2008 R2 Domain Controllers to Windows 2012R2 DCs.

As part of the project we migrated the DCs to new hardware running 2012R2. We also retained the original servers names and IPs.

There was minimal downtime for the environment and so far the 2012R2 DCs are running fine with all of our Enterprise Applications.

Thanks Jack! I don't think our migration would have gone nearly as smooth without this!
Melanie

Reply ↓
1. Jack Post authorMarch 17, 2014 at 3:16 pm
  
  Glad to hear the migration was a success Melanie! Appreciate the feedback! 🙂
  
  Jack
  
  Reply ↓
Mark March 28, 2014 at 7:31 am

Excellent article... thanks for taking the time to put it together! We were able to migrate our 2 Win2008R2 domain controllers to 2 new Win2012R2 servers and found these instructions to be very helpful. Much appreciated!

Reply ↓
JD April 17, 2014 at 10:56 am

After the migration, were the client computers able to connect without any changes on their end? I'm getting ready to do this for the first time in my career, and I just want to make sure I have all of my bases covered.

Reply ↓
1. Jack Post authorApril 17, 2014 at 2:32 pm
  
  Yep, the clients will reconnect back. If you have a second DC, the clients should automatically failover to the secondary. However, if you only have one DC, the clients should reconnect once it is back online.
  
  Jack
  
  Reply ↓
  1. JD April 17, 2014 at 3:33 pm
    
    Great, thank you for you reply, and thank you for taking the time to create this guide. I am going to try it over the weekend. Fingers are crossed. 😀
    
    Reply ↓
    1. Jack Post authorApril 17, 2014 at 3:38 pm
      
      Good luck! Just make sure you follow the steps closely and you should be golden. It isn't a race, so take your time to verify each step. Your secondary DC should takeover while you upgrade, so your clients shouldn't notice any downtime.
      
      Please let me know how it goes!
      Jack
      
      Reply ↓
      1. JD April 17, 2014 at 3:57 pm
        
        At this time, we have a single domain environment, so there will be some downtime, however, that's why I'm doing this on a Saturday, and we are a small business, so it shouldn't be too painful. The new environment will have two domain servers for redundancy purposes. I will keep you up to date, and thank you again! I feel this post will be a life saver.
      2. Jack Post authorApril 17, 2014 at 4:05 pm
        
        Actually, you still shouldn't experience much downtime even with one DC. What I would do is follow Step 1 (Prepare the AD Schema for Server 2012 R2) and stop at that point. Rather than following step 2 on demoting the DC (this would be a bad idea since you would have no more DCs in your domain), skip to Step 3 (Add first Server 2012 R2 Domain Controller). Once you have up the new DC, configure your DHCP scope and clients with static IPs to use the new DC's IP address for DNS. Once that is done, you should be able to safely retire the 2008 R2 machine without your clients noticing any downtime.
        
        Hope this helps!
        Jack
JD April 18, 2014 at 4:32 pm

Great, thanks for the advice! I'm going to start the work shortly, and I'm confident that your post will help me tremendously.

Reply ↓
Kiran Gandhi May 7, 2014 at 1:51 am

Hi Jack, this is an excellent article. I want to upgrade our 2008 R2 DCs to Server 2012 R2.
I have a envmt. of 3 sites, includes 10 DCs of Root Domain, Child, Tree Domain, RODC.

My requirement is I want to retain the demoted server host name & IP address to be used on the new DCs. Many of our applications are configured with LDAP queries pointing to DN of the DC. How can I configure the new DC with the same host name & IP? Will the AD Site & Serivces clear up records pertaining to the host name & IP of the demoted DC?

Appreciate your time and assistance.

Regards,
Kiran Gandhi

Reply ↓
1. Jack Post authorMay 7, 2014 at 7:13 am
  
  Hi Kiran,
  
  You will have to demote the old server, disjoin it from the domain, add it back as a Server 2012 R2 machine, promote it to a DC, and then you should be fine. Unfortunately, you would experience downtime if you have your applications pointed directly to a specific DC.
  
  Jack
  
  Reply ↓
Ron May 12, 2014 at 11:32 am

Awesome article. I really appreciate the attention to detail and the precise instructions you gave. Made my life soooo much easier.

Thanks

Reply ↓
hassan May 13, 2014 at 12:07 pm

Hi, I have a domain controller in 2008 R2 and a backup domain in 2008 R2 as well. I am going to upgrade my backup domain to 2012 R2 first. But my DNS is available in both DC but DHCP is integrated only with PDC and when I upgrade how can I transfer these services to 2012 R2 machine? I want make the new 2012 R2 machine as PDC after the upgrade. Later remaining 2008 R2 machine will be upgraded to 2012 R2 as well.
Also when I do the upgrade can I change the NAME and IP address? Will this have any effect for client machines?

Hi, if have a domain controller with integrated DNS and DHCP, what will happen to these services when I migrate? In 2012r2 domain do I need to do any extra steps for this.
Also can I use a different name and IP address for the new domain controller and will it have any effect on the client PCs,

Reply ↓
1. Jack Post authorMay 25, 2014 at 10:57 am
  
  Hi Hassan,
  
  I merged your posts together.
  
  DNS will not be affected during the migration as long as you check to have DNS installed during the domain controller installation (Step 16).
  
  As far as DHCP goes, you will have to manually reinstall that once you have completed the migration. I would follow my guide here on how to migrate your DHCP settings from one server to your new one: http://jackstromberg.com/2013/10/migrate-dhcp-role-from-server-2008-r2-to-server-2012-r2/
  
  Last, if you change your DC to a new name and IP address, you should be fine provided you update your DHCP server to reflect the changes as well as update any machines that you have set static IP addresses on.
  
  Hope this helps!
  Jack
  
  Reply ↓
ALex May 15, 2014 at 3:34 am

Hello Jack, this is article is AWESOME! Anyway I'm preparing to upgrade our Windows 2008 R2 to 2012 R2, I have Exchange server 2007 on the DC ( we have just one DC) , how should I work on it ? I would like to upgrade Exchange too, but how can I move ? Should I upgrade Exchange in first and then upgrade 2008 R2 to 2012 R2 or vice versa ?

Thank you in advance!

Alex

ps. How should I move the file system ( really big) to the new server 2012 R2 ?

Reply ↓
1. Jack Post authorMay 25, 2014 at 12:26 pm
  
  Hi Alex,
  
  Unfortunately, there isn't an easy way to perform a migration with a single server in your environment. Unless this is a virtual machine, I would highly recommend seeing if you can purchase another server to upgrade. If you can get approval for a second machine, I would install Server 2012 R2 on the new machine, promote it as a domain controller, and then begin bringing additional roles over to the new machine. I would then keep the second server as your Exchange Server or File Server to help take some stress off your DC.
  
  Sorry I don't have a better solution, but an in-place upgrade with that many dependencies could get fairly difficult, especially if you cannot take an image of the machine to redeploy in the event an upgrade fails.
  
  Hope this helps!
  Jack
  
  Reply ↓
Faisal May 25, 2014 at 4:36 am

Hi Jack,

Thanks for sharing such a nice article with us, can you please share the steps; how can we migrate domain controller when our organisation already used Exchange Server 2007/2010 infrastructure?

Thanks in adv..
Regards,
Faisal

Reply ↓
1. Jack Post authorMay 25, 2014 at 12:21 pm
  
  Hi Faisal,
  
  Is Exchange currently deployed on the controller? If it is currently deployed on the DC, I would encourage you to try and move it to another machine.
  
  If you have Exchange deployed on a member server or it was previously deployed and is no longer being used, you should be able to follow the guide below without any issues.
  
  Hope this helps!
  Jack
  
  Reply ↓
Pingback: New Windows Server 2012 DC
NickSP June 17, 2014 at 6:38 pm

Hi Jack,
Do you know if there are some issues about client logons, GPOs changes, active directory integrated applications, for example, Exchange, Checkpoit, Wireless APs, Proxies, Websense, etc when I migrate the AD and raise the Forest Functional Level and Domain Functional Level to WS2012R2?
Thanks in advance.

Reply ↓
1. Jack Post authorJune 18, 2014 at 7:57 am
  
  Hi Nick,
  
  Unfortunately, this is something you will neeed to research. I do not know what your existing environment looks like, so it very much depends.
  
  Sorry!
  Jack
  
  Reply ↓
Pingback: Domain Migration from Server 2008 R2 to Server 2012 R2 - vsexplorer.com
Pingback: How to detect applications using "hardcoded" DC name or IP? | MS Tech BLOG
Matthew August 12, 2014 at 9:04 am

Hi Jack,

Thanks for this guide it looks great. I am just about to move our 2008R2 DC into new infrastructure and migrating it to 2012R2, at the same time introduce a BDC. I need to make sure there will be no effect on our GPOs, Can you tell me if all GPOs will be migrated without issue?

Thanks in advance!

Matt

Reply ↓
1. Jack Post authorAugust 12, 2014 at 9:07 am
  
  Hi Matthew,
  
  The GPOs will be moved/migrated over to the Server 2012R2 DC and your BDC upon deployment.
  
  Jack
  
  Reply ↓
latif August 27, 2014 at 7:12 pm

it looks great. it will be the same step even if i install server 2012 in different machine. there will be disturbance to the client computer..

Reply ↓
1. Jack Post authorSeptember 2, 2014 at 8:40 am
  
  Hi Latif,
  
  If done properly, you should not notice any distrubances to client computers.
  
  Jack
  
  Reply ↓
Harry December 15, 2014 at 9:23 am

Very informative article thanks, do we really need to run domain/schema update commands, as mentioned on technet http://blogs.technet.com/b/kevinholman/archive/2013/09/25/upgrading-domain-controllers-to-windows-server-2012-r2.aspx

that's also all done automatically when we promote first 2012 R2 DC to domain ?

am testing this shortly before upgrading in-production DCs .
thanks
Harry

Reply ↓
1. Jack Post authorDecember 15, 2014 at 9:34 am
  
  Hi Harry,
  
  The wizard might do this for you, however through the command line method you can verify the schema changes are made and replicated successfully through your environment before making additional changes. Additionally, if you don't have the resources to deploy another DC to run through this process, this would be an alterative to that.
  
  Jack
  
  Reply ↓
  1. Harry December 15, 2014 at 9:59 am
    
    another question ,
    as many of our other servers have hard coded dnsname and IPs for current DCs. (2008R2s)
    
    i am planning to introduce a new 2012R2 VM , promote as DC move all roles to this.
    then remove both existing 2008R2 DCs from domain, and rebuild these two as 2012R2 but i then intend to keep same name and IPs , and then promote these two, move roles back to new primary dc , and at the end get rid of temp DC VM.
    
    keeping two DCs with same name and IPs with new OS.
    hope this won't cause any issues . in terms of AD had similar names for old servers 2008 R2, i believe that will get disabled/delete them from AD once they dis-joined domain .
    
    Reply ↓
    1. Jack Post authorDecember 15, 2014 at 10:10 am
      
      You can reuse the names and IPs, but you cannot have them in use at the same time (you will need to demote the DC and then delete the VM before turning on the new Server 2012 instance).
      
      Jack
      
      Reply ↓
Sean December 31, 2014 at 9:50 am

I felt the need to say well done. Stumbled onto this article last week and have passed it to two peers this week who are planning their migrations. I had already done a lot of the research as I'm planning a domain upgrade for next week.
Do you mind if I use this article in my documentation? If I re do the screenshots in my environment and add the raise functional level it just about cover what Ill be doing next week.
Thanks

Reply ↓
1. Jack Post authorDecember 31, 2014 at 10:03 am
  
  Hey Sean,
  
  You can use this article for internal documentation as long as you reference this site and not republish it online.
  
  That being said, Good Luck!, and please let me know how it goes! 🙂
  Jack
  
  Reply ↓
Haroula January 6, 2015 at 4:33 am

Hi Jack,

This is the best article I have come across in relation to this process but one part I am confused about.
Can you please advise on how and when you make the changes to keep the same IP address on the new 2012 server ?

Thanks in advance

Reply ↓
1. Jack Post authorJanuary 6, 2015 at 8:12 am
  
  Hi Haroula,
  
  You would apply the same IP address after you rebuild the machine.
  
  Jack
  
  Reply ↓
  1. Haroula January 6, 2015 at 3:48 pm
    
    Hi Jack,
    
    So say you have 2 DC's with 2008 R2 and one newly created DC with 2012 R2.
    You want to decommission DC01 2008R2 which has the ip address .101 at the moment but needs to be transferred to the 2012 box which is already up with a temporary ip address of 103.
    At which stage do you make the change?
    
    Reply ↓
Mo January 14, 2015 at 8:29 pm

Jack,

Excellent article and very clear and concise. I will be migrating a clients current failing 2008 R2 DC to a 2012 DC. Thus far I have built a virtual environment and using a backup solution backed-up and then spun a duplicate 2008 DC in a VM environment. I have created a VLAN and the duplicate 2008 DC and the new 2012 server will not interact with the production environment but will retain the same addressing scheme. I intend on using your method to upgrade to a 2012 DC and then place it into production. What in your opinion are possible issues I could bump into? I am trying to limit the associated downtime as much as possible that's why I am testing in a vm environment prior to putting the upgraded DC into production.

Reply ↓
1. Jack Post authorJanuary 16, 2015 at 8:59 am
  
  Hello Mo,
  
  If you follow the guide you should not experience any downtime. I would not introduce the DC you upgraded in your test environment into the production environment. The commands should be run directly in your production environment to ensure you don't experience replication issues or loss of data during the migration.
  
  Jack
  
  Reply ↓
Pingback: Migrating from Windows Server 2008 R2 to Windows Server 2012 R2 - Tangent Thoughts - Site Home - TechNet Blogs
Adele March 1, 2015 at 12:19 pm

hi,
nice write out for a newbie like me

can i know can i use this method if i going to upgrade old current 2008r2 to a brand new PC to 2012 R2?

The scope for migration services below:

1. Installation of WinServer 2012r2 on new server
2. Installation of MS SQLServer Express Edition 2012
3. Active Directory Domain Services
4. Application Server
5. DNS Server
6. File Service
7. Network Policy
8. Print Service
9. Web Server
10. Migration of users and files from the old server

Thank you in advance.

Rgs,
Adele

Reply ↓
1. Jack Post authorMarch 2, 2015 at 6:14 pm
  
  Hi Adele,
  
  This process should work fine. Just make the decommissioning process of the older DC last and you should be fine.
  
  Jack
  
  Reply ↓
Lukas March 2, 2015 at 1:52 pm

Very good article. Just used it to move our DC from DC.domain.local (Server 2008 R2) to DC1.domain.local (Server 2012 R2) and will also be adding DC2.domain.local (Server 2012 R2). Thank you for your help!!

Reply ↓
rahul bodhe March 23, 2015 at 11:21 pm

Hi Jack,
This is really awesome guide thank you so much for the step by step guide i really like it. one question i have
we need to migrate windows 2008 ADC and exchange 2010 to windows 2012 OS. do i need to run adprep and domainprep on exchange 2010 also forest function level is up windows 2008 already and we have install exchange 2010 sp3 also.
please help me for the same
thanks in advance
Regards,

Reply ↓
1. Jack Post authorMarch 26, 2015 at 11:03 am
  
  You will want to extend the schema as mentioned in the article to support the Server 2012 AD environment. You will only have to run this once against your domain, you do not need to run it from your Exchange server.
  
  Hope this helps,
  Jack
  
  Reply ↓
John April 6, 2015 at 3:19 am

Hi Jack,

We have DC running windows 2008 R2 and exchange 2010 SP3 running in windows server 2012 from different server machine. We want to migrate our DC to Windows 2012 under new server machine. Can I follow this method, will there be no configuration in exchange server side? and what are the things we need to consider for this kind of migration.

Thanks in advance,

John

Reply ↓
1. Jack Post authorApril 8, 2015 at 3:47 pm
  
  Correct, you should be able to stand up a new Server 2012 R2 machine, migrate the FSMO roles over, and then decommission your old DC.
  
  Jack
  
  Reply ↓
B. Jena May 20, 2015 at 2:56 am

Its really a great article. Thanks a lot for all your effort to wirte this article.

Could you please suggest the stpes to migrate the NPS/Radius server, which currently hosted on multiple DC's.

Reply ↓
1. Jack Post authorJune 2, 2015 at 9:57 pm
  
  Hi B. Jena,
  
  Please see the following TechNet article: https://technet.microsoft.com/en-us/library/ee791849(v=ws.10).aspx
  
  Hope this helps,
  Jack
  
  Reply ↓
Mohamed Abd Elhamid June 7, 2015 at 5:37 pm

Thanks for your efforts
if DC 2008 with Exchange environment we need change any steps or add it

Reply ↓
1. Jack Post authorJune 25, 2015 at 7:51 am
  
  Yes, you will need to migrate the exchange roles and services to the other machine before shutting it down. That process is outside the scope of this document.
  
  Jack
  
  Reply ↓
Greg June 23, 2015 at 8:24 am

Fabulous article Jack!

In moving from old Server 2008r2 to new Server 2012 machine, are there special considerations when the company uses redirected folders?

Thanks again!

Reply ↓
1. Jack Post authorJune 25, 2015 at 7:41 am
  
  Hi Greg,
  
  You have the files pointed to your file cluster, not the DC, correct? As long as there aren't any dependencies to a specific DC, you should be alright.
  
  Jack
  
  Reply ↓
Adrian December 14, 2015 at 11:35 am

Hi Jack,

I just had to say, thanks very much for this article. Brilliant, concise, easy to follow and 100% accurate. I'd never done an AD upgrade before, and everything went really smoothly thanks to you and your awesome article.

Much obliged!!

-Adrian

Reply ↓
Brent K March 16, 2016 at 2:21 pm

FYI for those of you who have small domains and still use the administrator account. Dont use this account in 2012 because MS has a bad coding issue as noted in the below article.

https://support.microsoft.com/en-us/kb/2737935

Reply ↓
Slingin_Simmo July 12, 2016 at 9:31 am

Nice one dude. This worked perfectly!

Reply ↓
David Bridwell September 22, 2016 at 4:28 am

Awesome write up! I have two 2008r2 DC's and one 2012r2, will be using this guide when I upgrade them in the near future.

Many Thanks in Advance!

David

Reply ↓
dinero September 27, 2016 at 9:14 pm

Hi Jack

Can you please let me know the steps to implement below process asked by someone else on this blog.. we need to retain the OLD DC (2008 R2) IP Address....how and when to migrate the IP address to New DC (2012 R2)

So say you have 2 DC’s with 2008 R2 and one newly created DC with 2012 R2.
You want to decommission DC01 2008R2 which has the ip address .101 at the moment but needs to be transferred to the 2012 box which is already up with a temporary ip address of 103.
At which stage do you make the change?

Reply ↓
1. Jack Post authorOctober 2, 2016 at 8:17 pm
  
  The tutorial covers this scenario. Deprovision the secondary DC, redeploy with Server 2012 R2, promote as PDC (move FISMO roles), deprovision old primary, redeploy as Server 2012 R2, move FISMO roles as needed.
  
  Reply ↓
Kurt November 21, 2016 at 1:52 pm

Is the procedure the same going from 2008 R2 to Server 2016? I'm thinking about trying this soon.

Reply ↓
1. Jack Post authorDecember 15, 2016 at 10:54 am
  
  I have not tested 2008 R2 to 2016. I'm assuming the process is fairly similar, but definitely proceed at your own risk. I'd recommend setting up a lab first.
  
  Jack
  
  Reply ↓
Karlo December 14, 2016 at 6:38 pm

hello Jack,

I still haven't got a response yet from last November i'm posting my question again. Just wanted to know whether it’s necessary to insert the server 2012 CD into the server 2008 machine when performing the upgrade? i have 2 separate servers, one which is server 2008 and a new one which is 2012. From which step should i proceed.

Reply ↓
1. Jack Post authorDecember 15, 2016 at 10:56 am
  
  If you are looking at going to 2012 R2 vs 2012, use the disk.
  
  Jack
  
  Reply ↓
  1. Karlo December 18, 2016 at 8:09 pm
    
    Thanks for your reply Jack. but why do i need the disk to migrate from 2008 R2 to 2012 R2 ? after i insert the disk 2012 R2 inside 2008 server and run forestprep command as shown, then, do i insert the CD in 2012 R2 server ?
    
    sorry but im new to this 🙂
    Thanks again Jack
    
    Reply ↓
Lynn Jersild May 26, 2017 at 6:24 pm

GREAT how to!!
Thank You!!

Reply ↓
Frank Roberts June 23, 2017 at 10:44 am

Jack - You are the MAN! Excellent article. Instructions worked perfectly as I was setting up Windows Server 2012 R2 DC on a new machine and migrating from Windows Server 2008R2 DC I had setup in VirtualBox on my macMini. Thanks for the step by step instructions. Also thanks for the other article on setting up external time server, especially since my office domain had always been ahead by 7 minutes and I couldn't figure out how to get it to the current time.

Reply ↓
Kevin Murphy October 19, 2017 at 4:00 am

I'm trying to do an upgrade of 2 Servers 2008r2 x64 SP1 Standard to Server 2012r2 standard.
Server 1 is HP ProLiant D380p gen 8, (File server, User profiles on D:\) DC, fully patched and relevant drivers updated as per HP recommendations.
Server 2 is HP ProLiant D385p gen 8, (Mail, SQL, etc..) DC, fully patched and relevant drivers updated as per HP recommendations.
Have tried an in place upgrade which errored with “upgrades to this build have been disabled!”
Cant find out why this is happening so will have to go a different upgrade path.
I have a spare machine that I could install server 2012R2 on, add to domain, and transfer fsmo roles from Server 1 to new 2012r2 box. At this point would users be able log on?
The next step would be to demote Server 1 . At this point would users be able to log on again? Or not until old server 1 had server 2012 installed, added to domain and roles transferred back again?

Reply ↓
1. Jack Post authorOctober 23, 2017 at 10:58 pm
  
  If you add another server to the mix, promote it to become a domain controller, and DNS records can resolve to it; your users should be able to authenticate to that machine. Not sure about the inplace upgrade error; as mentioned in the guide, I try to stay away from those due to the exact headaches you are experiencing 😉
  
  Reply ↓
James December 11, 2017 at 4:52 pm

Thanks for the write up!

Quick question, My current setup is 2- 2008R2 and 1-2012R2 Domain controllers. Since i already have a 2012R2 DC up and running, Do i still need to run the ADPREP commands on the 2008's before i DCPROMO them?

Thanks

Reply ↓
1. Jack Post authorDecember 21, 2017 at 9:53 am
  
  If you already promoted a 2012 R2 DC, then you should be good to go to add the second. You can run the adprep command to verify if you want.
  
  Reply ↓
Norman March 7, 2018 at 10:52 am

Will this have any negative effects on our Exchange 2010 server? Will we have any problems with email during this change?

Reply ↓
1. Jack Post authorMarch 7, 2018 at 11:13 am
  
  Provided your Exchange environment is not on the DCs themselves and you do the rolling update, you shouldn't notice an outage. As with everything, test whenever possible.
  
  Reply ↓
RSKhan July 11, 2018 at 10:16 am

Hi Jack,

I want to migrate windows 2003 physical server to 2016 virtual server in VMware and that 2003 server has running DHCP, AD DS and Radius services. I have already created the vm and installed windows server 2016 which is getting IP from 2003 DHCP server but I did not join it to the domain yet.

Should I follow the same procedure like you have mentioned? Any suggestion?
Thanks in advance !!

Reply ↓
1. Jack Post authorJuly 25, 2018 at 9:16 am
  
  Yes, you can follow the procedure. Just note that you will need to follow additional steps for migrating over the DHCP and Radius services as AD DS does not install those roles automatically.
  
  Here's a guide for what I used when migrating from Server 2008 R2 to 2012 R2 for DHCP: http://jackstromberg.com/2013/10/migrate-dhcp-role-from-server-2008-r2-to-server-2012-r2/
  
  Jack
  
  Reply ↓
Johnwilly September 6, 2018 at 1:42 am

Amazing Articdle. Thanks alot

Reply ↓
John February 26, 2020 at 7:51 pm

Feedback: you can improve the article by including full screenshots without censorship.

use dummy or lab Servers, instead of using live production servers.

Reply ↓
1. Jack Post authorFebruary 27, 2020 at 12:04 am
  
  In most cases lab/test environments would be used and are recommended, however the purpose of the document was to be a reflection upon something that I had completed many years ago (crazy to think this is 5 years old when I first published this) of an actual migration vs a simple test/lab environment that may not reflect an actual environment with active end users. The goal is to give folks a chance to see what others have done in a real environment. The censoring is only of server names/FQDNs, no steps or general information has been censored otherwise.
  
  Hope this helps!
  Jack
  
  Reply ↓
chatrughan prasad June 11, 2020 at 2:37 am

Very nice article. I have upgraded the my DC 2008 R2 to 2012 R2

Reply ↓