Jan 24, 2018 - The new in-place upgrade capability available with Windows Server build. Testers should back up Active Directory Domain Controllers before.
SkypeHello Windows Insiders!Today we are pleased to release a new build of the Windows Server vNext Long-Term Servicing Channel (LTSC) release that contains both the Desktop Experience as well as Server Core in all 18 server languages, as well as a new build of the next Windows Server Semi-Annual Channel release. Please also refer to this recent announcement about updates to the Windows Server Semi-Annual Channel.There are two major areas that we would like you to try out in each preview release and report back any issues:. In-place OS Upgrade (from Windows Server 2012 R2, Windows Server 2016). Application compatibility – please let us know if any server roles or applications stops working or fails to function as it used toWhat’s New in the Latest BuildClick to see the full list of new features introduced in earlier builds.
In-place upgradesIn-place upgrade allows an administrator to upgrade an existing installation of Windows Server to a newer version, retaining settings and installed features. The LTSC versions and editions of Windows Server that are supported for in-place upgrade are shown in the following table.
CURRENTLY INSTALLED OPERATING SYSTEMAVAILABLE UPGRADE VERSION & EDITIONWindows Server 2016 StandardWindows Server 2019 Standard or DatacenterWindows Server 2016 DatacenterWindows Server 2019 DatacenterWindows Server 2012 R2 StandardWindows Server 2019 Standard or DatacenterWindows Server 2012 R2 DatacenterWindows Server 2019 DatacenterStorage Migration ServiceA common issue around Windows Server is a lack of data migration options from older operating systems and storage platforms. Simply because in-place upgrades were impossible, and because manual migrations are slow and likely to cause significant interruptions to service or loss of access for users and applications, many customers are still using Windows Server 2012 R2, Windows Server 2008 R2, and even Windows Server 2003.Addressing this challenge, Windows Server 2019 introduces the Storage Migration Service (SMS), a new role included in Windows Server Standard and Datacenter editions.
Upgrading Active Directory forests to Windows Server 2016 is a relatively straightforward process. In fact, there are a variety of ways in which you can go about performing the upgrade. Even so, Microsoft has established some for upgrading Active Directory forests.The basic idea behind Microsoft’s recommendations is that it is better to add Windows Server 2016 and remove legacy Windows Server domain controllers than to try to perform an in-place upgrade on existing domain controllers. Admittedly, this approach is not always possible, and Microsoft does officially support. However, Microsoft recommends replacing rather than upgrading domain controllers whenever possible.Of course replacing your existing domain controllers with new ones is a big job, and it requires some careful planning.
My goal in writing this article is to show you some of the tasks that may be required as a part of this process. Upgrading Active Directory forests: First stepThe first step in bringing a Windows Server 2016 domain controller into a legacy Windows Server domain is to install Windows Server 2016 onto a server that will eventually become a domain controller, and then join that server to the existing domain.The next step in the process is to identify the current schema master for the Active Directory forest. You will also need to identify the infrastructure master for the domain that the Windows Server 2016 domain controller will be joined to. The easiest way to accomplish this is to open an administrative PowerShell window on a domain controller within the target domain and enter the following commands:Get-ADForest Select-Object SchemaMasterGet-ADDomain Select-Object InfrastructureMasterYou can see what this looks like in the figure below.The reason why you need to know the name of the schema master and the infrastructure master is because the Windows Server 2016 machine will need to prepare the Active Directory schema and the Active Directory domain. Some administrators like to do this manually by using the ADPREP /FORESTPREP and the ADPREP /DOMAINPREP commands, but you don’t have to manually prepare the Active Directory unless you just want to. Converting the Windows Server 2016 server into a domain controller will cause the Active Directory to be automatically prepared.
For this to work, however, the Windows Server 2016 server must be able to communicate with the schema master and the infrastructure master. That’s why it is important to identify the server that holds these roles. By doing so, you will be able to verify that the new domain controller is able to communicate with the infrastructure master and schema master before you attempt to upgrade the Active Directory.Another thing that you will need to do before moving forward with a domain upgrade is to figure out what you want to do about DNS. Active Directory has a dependency on DNS. If you are going to be deprovisioning your legacy domain controllers, then this may mean that you are deprovisioning your DNS servers as well. In that type of situation, you can configure one or more of your Windows Server 2016 domain controllers to act as a DNS server, and then configure your DHCP server to use those server’s IP addresses as the organization’s DNS servers.
Of course you may have to manually update any servers that are configured to use static IP addresses. Add domain controller to the domainTo add a Windows Server 2016 domain controller to the domain, log onto the Windows Server 2016 machine, open Server Manager, and then launch the Add Roles and Features Wizard.
Use the wizard’s role selection screen to install the Active Directory Domain Services and the DNS Server services (and any required features), as shown in the next figure.When the installation process completes, open the Active Directory Domain Services Configuration Wizard, and use the option to add the domain controller to an existing domain, as shown in the figure below.With the new Windows Server 2016 domain controller up and running, and network endpoints reconfigured to use the new DNS server, it is time to begin deprovisioning the legacy domain controllers. Before you do, however, it is a good idea to transfer all of the FSMO roles to a Windows Server 2016 domain controller.
![Domain Domain](/uploads/1/2/5/5/125507810/949938809.png)
This used to be a really tedious task, but it has been made much easier thanks to PowerShell. So, from an administrative PowerShell window, enter this command:Move-ADDirectoryServerOperationMasterRole -Identity “” -OperationMasterRole 0,1,2,3,4In case you are wondering about the numbers at the end of the command,. You can see what this looks like in the figure below:With the roles transferred, you can begin demoting your old domain controllers. In older versions of Windows, this means running the DCPromo command.
In Windows Server 2012, you will have to use the Server Manager’s Remove Roles and Features Wizard to remove the Active Directory Domain Services. The first time that you try this, you will receive an error message like the one below. Notice however, that the error message gives you a link that you can use to demote the domain controller.
Once the domain controller has been demoted, you can remove the Active Directory Domain Services role.Once all of the legacy domain controllers have been removed, and the organization is running only Windows Server 2016 domain controllers, you can raise the forest and domain functional levels. Keep in mind that this means that you will not be able to add legacy domain controllers later on.To raise the functional level, open the Active Directory Domains and Trusts console, and then right click on your domain and select the Raise Domain Functional Level command, as shown below.
Once you have raised the domain functional level, right click on the Active Directory Domains and Trust container, and choose the Raise Forest Functional Level command to raise the forest functional level.Remember, every AD is differentUpgrading Active Directory forests can be a big job. Although I have walked you through a sample migration, it is important to keep in mind that every AD environment is different. There will likely be steps that are unique to your own environment that will have to be performed as a part of the planning and migration process. Author Brien PoseyBrien Posey is a freelance technology author and speaker with over two decades of IT experience.
Prior to going freelance, Brien was a CIO for a national chain of hospitals and healthcare facilities. He has also served as a network engineer for the United States Department of Defense at Fort Knox.
In addition, Brien has worked as a network administrator for some of the largest insurance companies in America. To date, Brien has received Microsoft’s MVP award numerous times in categories including Windows Server, IIS, Exchange Server, and File Systems / Storage. You can visit Brien’s Website at: www.brienposey.com.