How to migrate FSMO Roles from Windows Server 2003 to Windows Server 2012/2016

Although Server 2003 has been end of life and in mostly companies people already replaced with updated OS. Last year when i migrated my Servers to new 2012 i made check list and steps to perform all this process which is as under;

Pre-Migration

1)      Backup: Before migration we must test backup in case of any issue facing during or after migration. This backup must be tested in an isolated environment.

2)      Test AD Health: Health test is another component which needs to be done before performing actual migration. AD health can be checked via DCDIAG tool or AD Replication Tool. During this test, DNS functionality will also be tested.

3)      AD Inventory: Other thing to do before migration is need to document Forest and Domain Architecture, FSMO Roles, GC, DNS, IIS, File Server, any GPO, local policy or firewall settings.

4)      Identify Risks: Identify (legacy) applications that have dependency to AD. Further needs to ensure if those applications will work on new Operating System i.e 2012/2016 with new FFL/DFL (2016).

5)      Identify DES enabled accounts: These accounts would not work because DES encryption for Kerberos is disabled by default.

6)      Evaluate new features: Default Domain and DC policy differences, Schema version is updated, Powershell, Administrative Center, AD Recycle Bin, Hyper-V, FRS to DFSR, Advance firewall etc.

 

First install Windows Server 2012 and configure as Domain Controller of our current domain therefore all the FSMO Roles will be transferred to this server. FSMO roles consists of Relative ID (RID) Master, PDC Emulator, Infrastructure Master Role, Domain Naming Master role and Schema Master. Following are the steps to transfer FSMO roles;

a)       Relative ID Master – after logging in to new installed Server i.e Windows Server 2012/2016 with Domain Admin account open Active Directory Users and Computers. Right click on domain name i.e abc.com in left pane and click on Operations Masters from the menu. A new windows will be appeared having three tabs; RID, PDC and Infrastructure. On each tab displays the current Operations Master for that role. There is also a change button to enable the role transfer.

b)      On the first tab i.e RID click change button, it will prompt yes to transfer or no to cancel. We need to click on “Yes” to transfer the role to the current server. A message window will be appeared for successfully role transferred. Now we can see the current Server is the RID Operations Master. Similarly repeat the above steps for other two role i.e PDC Emulator and Infrastructure Master role to transfer the roles to our current Server which Windows Server 2012/2016.

c)       After transferring the above three roles to our current new installed Server the next step is to transfer remaining two roles also. For this open Active Directory Domains and Trusts and from left pane right click on Active Directory Domains and Trusts. Then click on Operations Masters from the menu and Operations Masters dialog will be opened. This windows is the same above we already worked on but here will transfer the Domain Naming Master role.  We will click on change button to transfer the role to the current Server and click ok to confirm.

d)      Now the last step of role transferring is Schema Master. This is bit different from above roles transferring. We need to logon to Windows Server 2003 SP2 Domain Controller by Admin Account. Click on run dialog box and type regsvr32 schmmgmt.dll and click ok. Actually we need to open MMC and add snap-in dialog i.e Active Directory Schema. In left pane of newly opened MMC window right click on Active Directory Schema. Now click change Domain Controller and specify the name of newly installed Operating System Windows Server 2012/2016 and click ok. Right click the Operations Masters and click change, confirm by clicking yes. Click ok on transfer of successful message box. After this step All five FSMO roles will be transferred to newly installed Server i.e Windows Server 2012/2016 

After transferring roles we have to do Testing and monitoring will on newly installed Domain Controller on Windows Server 2012/2016. After that our old Domain Controller (Windows Server 2003) will be properly demoted by the same command dcpromo i.e Active Directory Installation wizard.