Active Directory: High Level Steps to Upgrade

Here are the high- level steps which you can use to upgrade the Active Directory. 

https://blufiles.storage.live.com/y1pTUNUkSYvl1-NCGk5ZCP9cdg5fVyfk6wZubHX2ztnIuAQOYbv9im1TetCpHJ51gwkGpEWlQ3iH7g/AD_Upgrade_WiKi.png?psid=1

Steps :

Preparation (When migrating from W2003/W2008)

In current days there are different situations where you will face upgrade scenarios, e.g. Windows Server 2003 R2 to Windows Server 2016 or later.

Because FRS (File Replication Service) is deprecated since Windows Server 2012 R2, there is an additional step you need to do and to take care of.

Possible State Outputs:

• -Proceeded: FRS
• -Prepared: FRS
• -Redirected: DFS-R - primary used for SYSVOL replication. In this state you are still able to switch back to FRS.
• -eliminated: DFS-R - SYSVOL replication is now completely switched to DFS-R.  

b. Upgrade SYSVOL replication service

Before you start, you have to make sure the AD replication is running fine without any errors.

After EVERY performed step you have to wait until the upgrade information is replicated through your entire forest!

With the help of the command "dfsrmig /getglobalstate" you´ll notice when the replication has finished.

dfsrmig /setglobalstate 0

All Domain-Controllers in the Domain will be put into the "Proceeded"-State.

SYSVOL Data will be replicated.

dfsrmig /setGlobalState 1

All Domain-Controllers in the Domain will be put in the "Prepared"-State.

An additional Folder %SystemRoot%\SYSVOL_DFRS is now available and will be replicated through DFS-R.

In this current state, FRS is still primary and the domain controllers do not reply to any service requests regarding the SYSVOL_DFSR Volume.

dfsrmig /setGlobalState 2

In this state DFS-R Replication (SYSVOL_DFSR) will be primary. This Share will now start to reply to service requests for SYSVOL.

FRS-Service is continuing replicating its SYSVOL-Folder.

dfsrmig /setGlobalState 3

In this state the DFS-Replication will become permanent. The FRS SYSVOL Share will be deleted and the FRS Service will be stopped.

Further Information / Reference:

• /de-de/windows-server/administration/windows-commands/dfsrmig
• https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Streamlined-Migration-of-FRS-to-DFSR-SYSVOL/ba-p/425405

1. Schema upgrade

Upgrade the schema using the correct version of OS – Adprep

Reference

 http://technet.microsoft.com/en-us/library/dd464018(WS.10).aspx

Note - Windows Server 2008 R2 includes a 32-bit version and a 64-bit version of Adprep.exe. The 64-bit version runs by default. If you want to run one of the Adprep.exe commands on a 32-bit computer, use the 32-bit version of Adprep.exe. It is called Adprep32.exe. In Windows 2008 R2, it is located in the \Support\Adprep folder.

You can ignore the following message. However, if you are planning to install RODC later, you need to perform ADPREP/RODCPREP first. First Windows 2008 DC cannot be a Read Only Domain Controller (RODC).

https://blufiles.storage.live.com/y1p7p82mCP2wnprMDlR_FF-hZeYsYEmvnh0wfacBWq_laSteupBjJfqoYefCIFWioPOYVAQBZSWMO4/ADPREP.png?psid=1

2. Verify the schema version

Note - You can verify the schema version using dsquery * cn=schema,cn=configuration,dc=sivarajan,dc=com -scope base -attr objectVersion command. The following table lists the Active Directory Schema and the corresponding Object Version:

Active Directory	Object Version
Windows 2000	13
Windows 2003	30
Windows 2003 R2	31
Windows 2008	44
Windows 2008 R2	47
Windows 8 Beta	52
Windows 2012	56
Windows 2012 R2	69
Windows 2016	87
Windows 2019	88

***ObjectVersion 39 - Please refer http://blogs.technet.com/b/askds/archive/2011/07/15/friday-mail-sack-peevish-nediquette-edition.aspx 

3. Add new server

Install new server with a correct version of OS and join this server to the existing domain..

4. Promote server to DC

Perform DCPRMO on this server and select Additional Domain Controller for an existing Domain option.

  Beginning with Windows Server 2012, you can install AD DS using Windows PowerShell the Install-ADDSDomainController command.

Reference

•  http://technet.microsoft.com/en-us/library/cc753720(WS.10).aspx 
•  http://technet.microsoft.com/en-us/library/hh472162#BKMK_PS

 Note - If you are using Active Directory Integrated (ADI) DNS, it will get replicated as part of the Active Directory replication. 

5. Transfer FSMO off decomissioned servers

If you are planning to decommission the old servers, you need to transfer FSMO roles, DHCP, etc to the new server.

Note - You can identify the FSMO role DC information using Netdom /Query FSMO command.

 References

• FSMO - http://support.microsoft.com/kb/324801
• DHCP - http://support.microsoft.com/kb/962355/en-us

6. Remove old dc

You can remove (demote) a domain controller using DCPROMO command and again, since WS2012 also possible with PowerShell.

References

• http://technet.microsoft.com/en-us/library/cc740017(WS.10).aspx
• http://technet.microsoft.com/en-us/library/hh472163#BKMK_RemovePS 

Other Languages

This article is available in other languages:

• Active Directory: Passaggi fondamentali per l'upgrade di Active Directory (it-IT)
• Active Directory: Mise a jour d'Active Directory - Étapes sommaire (fr-FR)
• Active Directory: Active Directory Upgrade - pasos de nivel altos (es-ES)
• Active Directory: Active Directory Upgrade - Procedimentos de Alto Nível (PT-BR)