The purpose of this document is to demonstrate the proper migration of AD DS (Active Directory Domain Services) from an existing Domain Controller to a new server. This follows many case scenarios where you need to move the AD DS services to different hardware or a virtual machine. This also works in an environment that has more than one domain controller. To simplify this guide, we are going to migrate a Domain Controller that has all four FSMO roles on a single server to a Virtual Machine.
This also works when migrating a DC from Server 2008R2. Sometimes I prefer migrating the roles instead of upgrading an existing server.
Test the Existing Server
The first step I always take when making any major changes to a DC or a critical role in a domain environment, is running DCDIAG. The first DCDIAG I run is with the tag /test:dns. This will make sure you are not having any DNS related issues. Most problems in a domain environment are somehow related to DNS as the root of the problem. Make sure you open your command prompt with elevated privileges. I normally output the commands to a text file in the Documents folder to keep track of my progress. Like this:
For demonstration purposes, the output will remain in the command prompt:
The test should either provide a simple passed test or failed test. Since there are so many possibilities of failures I will not get into detail about those.
The second test is just DCDIAG without any tags at the end. This test will yield similar pass / failed results for quite a few different tests. Do NOT proceed any further until all the tests pass. You will have to do a little work cleaning up the errors and make sure EVERY test passes. Otherwise, you can end up with a huge mess on your hands later down the road. Most of the time when there are failures, you will not immediately discover anything wrong with your domain environment. You will end up with countless number of “strange” issues down the road.
Recent Comments