With Windows Server 2016 was released for public (GA), many businesses are working on
migrating their services to the new offering. This post will walk you through
the steps needed to migrate Active Directory FSMO roles running on Windows
Server 2012 R2 to Windows Server 2016 Active Directory. The same steps are
valid for migrating from Windows Server 2012, Windows Server 2008 R2 and
Windows Server 2008.

In this setup,the Windows Server 2012 R2 domain controller is setup as a PDC. The Windows
Server 2016 machine has already been added to the existing domain.

Current domain and forest functional level of the domain is windows server 2012 R2.

So, let’s start
with the migrate process.

Install Active
Directory on windows server 2016

1) Log in to
windows server 2016 as domain administrator or enterprise administrator

2) Check the IP
address details and put the local host IP address as the primary DNS and
another AD server as secondary DNS. This is because after AD install, server
itself will act as DNS server

3) Run servermanager.exe
form PowerShell to open server manager (there is many ways to open it)Â

4) Then click
on Add Roles and Features

5)  It will open up the wizard, click next to continue

6)  In next window keep the default and click next

7)  Roles will be installed on same server, so leave the default selection and click next to
continue

8)  Under the server roles tick on Active Directory Domain Services, then it will
prompt with the features needs for the role. Click on add features. Then click
next to proceed

9) On the features windows keep the default and click next

10)  In next window, it will give brief description about AD DS, click next to
proceed

11) Then in next window it will give brief description about configuration and click on install
to start the role installation process.Â

12)  Once installation completed, click on promote this server to a domain controller
option

13)  It will open up the Active Directory Domain Service configuration wizard, leave the
option Add a domain controller to existing domain selected and click next.

14)  In next window define a DSRM password and click next

15)  In next window click on next to proceed

16)  In next windows, it asks from where to replicate domain information. You can select the
specific server or leave it default. Once done click next to proceed.Â

17)  Then it shows the paths for AD DS database, log files and SYSVOL folder. You can change
the paths or leave default. In demo, I will keep default and click next
to continue

18)  In next windows, it will explain about preparation options. Since this is first windows
server 2016 AD on the domain it will run forest and domain preparation task as part
of the configuration process. Click next to proceed.

19)  In next window, it will list down the options we selected. Click next to
proceed.Â

20) Then it will run prerequisite check, if all good click on install to
start the configuration process.

21)  Once the installation completes it will restart the server.Â

Migrate FSMO Roles to windows server 2016 AD I assume by now
you have idea what is FSMO roles. If not search my blog and you will find
article explaining those roles.Â

There are 2 ways to move the FSMO roles from one AD server to another. One is using GUI and
other one is using command line. I had already written articles about GUI
method before so I am going to use PowerShell this time to move FSMO roles. If
you like to use GUI mode search my blog and you will find articles on it.Â

1) Log in to windows server 2016 AD as enterprise administrator

2) Open up the Powershell as administrator. Then type netdom query fsmo. This will list down
the FSMO roles and its current owner.Â

3) In my demo, the windows server 2012 R2 DC server holds all 5 fsmo roles. Now to move fsmo
roles over, type Move-ADDirectoryServerOperationMasterRole -Identity
REBELTEST-PDC01 -OperationMasterRole SchemaMaster, DomainNamingMaster,
PDCEmulator, RIDMaster, InfrastructureMaster and press enter

In here
REBELTEST-PDC01 is the windows server 2016 DC. If FSMO roles are placed on
different servers, you can migrate each and every FSMO roles to different
servers.Â

4) Once its completed, type netdom query fsmo again and you can see now its windows
server 2016 DC is the new FSMO roles owner.Â

Uninstall AD role from windows server 2012 R2

Now we moved
FSMO roles but we still running system on windows 2012 R2 domain and forest
functional levels. In order to upgrade it, first we need to decommission AD
roles from existing windows server 2012 R2 servers.Â

1) Log in to
windows 2012 R2 domain server as enterprise administrator

2) Open the
PowerShell as administrator

3) Then type Uninstall-ADDSDomainController
-DemoteOperationMasterRole -RemoveApplicationPartition and press enter. It
will ask for local administrator password. provide new password for
local administrator and press enter.

4) Once its completed it will restart the server.

Upgrade the forest and domain functional levels to windows server 2016

Now we have the windows server 2012 R2 domain controllers demoted, next step is to upgrade
domain and forest functional levels.Â

1) Log in to
windows server 2016 DC as enterprise administrator

2) Open
PowerShell as administrator

3) Then type
Set-ADDomainMode –identity rebeladmin.net -DomainMode Windows2016Domain
to upgrade domain functional level to windows server 2016.  In here rebeladmin.net
is the domain name.Â

4) Then type Set-ADForestMode
-Identity rebeladmin.net -ForestMode Windows2016Forest to upgrade forest
functional level.

5) Once done
you can run Get-ADDomain | fl Name,DomainMode and Get-ADForest | fl
Name,ForestMode to confirm new domain and functional levelÂ

Note: If you find this article helpful, then you should not forget to comment and share it. This will encourage me and my team to write more good technical articles. Thanks !!!!!!