I'm considering an upgrade of our Domain Controller from Windows Server 2016 to Windows Server 2022. However, I've heard mixed opinions, especially regarding the risks involved. One of my former bosses warned me that it could tombstone our entire Active Directory. Has anyone successfully done this upgrade and what experiences can you share?
5 Answers
While in-place upgrades can technically work if done correctly, they're definitely risky. I've seen issues with replication and timestamp problems after failed upgrades. Generally, it's better to build fresh DCs to avoid potential chaos.
Every admin I've talked to advises against in-place upgrades for DCs. It's just too risky and often leads to complications down the line. Just build a new server and promote it instead!
Exactly. I’ve made the mistake of trying IPUs in critical environments before, and they’ve caused a lot of unnecessary headaches.
Look, in-place upgrades on DCs are supported, but they're also fraught with danger. I’ve seen successful upgrades, but the potential headaches from things going wrong are massive. It's almost always easier to set up a new one and migrate the roles.
Yes! I’ve consistently done it this way. This method keeps things smoother and avoids a lot of potential pitfalls.
In-place upgrades (IPUs) on Domain Controllers aren't the best idea because they can retain outdated security settings, like old TLS cipher suites. If this is your only DC, I'd recommend adding a new one and demoting the old one instead of risking IPU.
I totally agree. I've done many upgrades, but I would never try it with a DC. The risks are just too high, and issues can crop up that aren't easy to resolve.
I've done plenty of upgrades and generally recommend building a new DC instead of performing an in-place upgrade. It's a simple process: just promote a new server, transfer FSMO roles, and then you can safely remove the old one. Way less headache!
That's exactly what I’d do. It simplifies the process and mitigates risk.
Totally agree. It's just not worth the risk when the setup of new DCs is so straightforward.