I'm looking to transfer Active Directory roles from our old Windows Server 2016 domain controllers to new Windows Server 2022 virtual machines. I've set up the new VMs with AD role installed but haven't promoted them to domain controllers yet. From my understanding, the process involves promoting the new VMs, using PowerShell to transfer the FSMO roles, and eventually decommissioning the old servers. I want to make sure I'm not missing any critical steps or best practices, especially since this is a rare activity for us. Any advice would be greatly appreciated!
3 Answers
To minimize disruptions, consider this approach: create a temporary virtual machine for your new AD, transfer the master roles to it, and then remove the old DCs after cleaning them out of AD and DNS. After that, set up two new servers with the same names and IPs as the old DCs, promote them, and import DHCP settings.
Regarding your plan to change the IP addresses on the old DCs: it's okay to do that, but I suggest leaving the old DCs running for a few days after pointing clients to the new DCs. This way, you can monitor which devices still try to connect to the old DCs and address those later. Plus, it's a good time to transition to DHCP reservations to prevent future IP issues.
When transferring the FSMO roles, remember you only need to move them once since they can only be held by one DC at a time. If DHCP is on your current DCs, make sure to move those scopes as well. It's also a good time to run Pingcastle to check for potential issues in your environment.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures