Shulou(Shulou.com)06/03 Report--

Recently, due to the need to migrate domain control from 2008R2 to 2016. Did the following test, now share for everyone's reference, if there is a wrong setting, welcome to correct. Based on this test, the domain controller was successfully migrated and upgraded.

Name:

AD

GC

DC

DNS

DHCP

Command used:

netdom query fsmo

ping

dcdiag

dcpromo

mmc

Regsvr32

Run-cmd-dcdiag on the domain server before upgrading the domain control.

Use the dcdiag command to view domain-controlled information and make sure that preferably all tests are in pass status.

View the level of current domain functionality, forest functionality.

View Primary DNS, Secondary DNS

view the DHCP

The test links are as follows:

1, DHCP server is not used.

2. Only one domain control server was built (2008R2), and no test auxiliary control was built.

Building a Server (2016).

4, 2016 The server does not add a domain, and the domain addition action is completed directly by upgrading to a domain controller.

5, ping two servers.

6, adjust DNS primary, secondary (this step is not tested).

1. Test server version information

a,2008R2

b,2016

2. Build 2008R2 domain controller. This step was not documented due to upgrade testing.

3. The client tests the current domain with the command netdom query fsmo. The terminal computer will prompt no netdom command, please import Baidu by yourself, or use other server-side tests.

4. A group policy was randomly enabled for testing.

officially began

5. In 2016 Services, Server Manager--Administration--Add Roles and Features

6."Before starting," this interface prompts some preparation functions in the early stage.

The administrator password is strong.

set static IP

Windows server has been patched with the latest security updates.

If all is done, click "Next" to continue.

7."Installation type". Because it is adding new roles and functions, select "Role-based or function-based installation" and click "Next" to continue.

8,"Server Selection", select the server where the role is installed, because the test did not add anything else, so the default selection is only one server. Click "Next" to continue.

9."Select server role". Based on the list of roles listed, check the role to be used. This test is AD domain service. The function required to add Active Directory domain service pops up. Click "Add function" to return to the option role service. Click "Next" to continue.

10, select function, on demand. Click "Next" to continue.

11,"Active Directory Domain Services," this page mainly prompts two considerations

Prevent single exceptions and deploy at least two domain controllers in production

DNS will be installed synchronously

Click "Next" to continue.

12,"Confirm installation of selections," identifies information to be installed. Click "Next" to continue. Wait for system installation to complete.

13, installation complete, prompt "configuration required." Successfully installed on WIN-2016."

Click on the blue words "Promote this server to domain controller" in this interface.

14, Deployment Configuration, select Deployment Action.

a,"Add domain controller to existing domain": Add a domain controller to the existing forest\domain

b,"Add new domain to existing forest": Add another domain name to the forest

c, Add New Forest: Create a forest

Select the first option because it is to migrate an existing domain control

Specify domain information for this operation: Enter domain name manually

Provide the credentials required to perform this operation: Enter in the format Install domain\user. This account needs to be in three groups: Enterprise Admins, Domain Admins and Schema Admins. This information is queried in Domain Users and Computers--users.

Click "Next" to continue.

15, Domain Controller Options, Domain Name System (DNS) Server and Global Catalog are checked by default.

If login-only, select Read Only Domain Controller (RODC)

Make a Directory Services Restore Mode (DSRM) password, type it and click Next to continue.

16,"DNS Options", this option will report "Cannot create delegation for this DNS server", because it is an intranet, do not care. Click "Next" to continue.

17,"Other options," select the domain controller from which to copy the information, click "Next" to continue.

18,"Path", select the location where AD DS database, log file and SYSVOL folder are stored, click "Next" to continue.

19."Prepare options." If the voucher provided above is not in the specified permission group, an exception message will be prompted here. Click "Next" to continue installation.

20,"View Options," carefully check whether the previous option was selected incorrectly. Click "Next" to continue.

21, Prerequisite Checks, must ensure that "All prerequisite checks passed successfully, click Install to begin installation" is displayed. Click "Install" to install the domain controller configuration.

22, the installation process. It will restart automatically after installation.

23. After the restart is completed, two domain controllers can be seen in "Users and Computers"--Domain Names--"Domain Controllers" in the 2016 and 2008 R2 servers.

The following is the migration process

24, 2008R2 server registers dll Regsvr32 c:\windows\system32\schmmgmt.dll, if this item is not registered, AD schema will not be displayed.

25, enter mmc in operation, open the console.

26, Console, Files--Add/Remove Snap-ins.

27, add Active Directory schema, users and computers, domains, and trust relationships to the Selected Snap-in.

28, close the Save Console.

29. Right-click the console you just saved and select Run as Administrator. If not selected, connection errors will occur when connecting to other domain controllers later.

30. In the console, right-click on the user and computer-select "Change Domain Controller."

31. Select the domain controller to be transferred. This controller needs to be online. Click OK.

32, at this time the user and the computer behind the display has been pointed to the new domain control host. Right-click on the domain name and select "Operations Host."

33. This interface shows that the information of operating host can be transferred to other servers. Click "Change".

Three items "RID,""PDC" and "Infrastructure" are transferred here.

Confirm transmission

Message successfully sent

34, right-click AD schema and select Change Active Directory Domain Controller.

Also select the host to be migrated.

prompt information

35. Right-click the architecture and select "Operation Host" to transfer AD architecture in the same way.

36, and finally migrate AD domains and trust relationships in the same way.

37. Check the servers where the five characters are currently located. Check client domain deregistration, domain addition, folder permissions, and other settings.

38. Group policy information.

The following uninstall original 2008R2 domain features

39, enter "dcpromo" in 2008 Server, Run. Click OK.

40. Domain Services Installation Wizard prompt information. This message indicates that you are already an AD domain controller, and the wizard unloads domain services. Click "Next."

41, the wizard prompts that this server is GC, and other GC servers are required in the system.

42, Delete Domain, check if it is the last domain controller in the domain. Otherwise, go straight to the next step.

43, Delete Domain, Check Server.

44,"Administrator password", after entering the administrator password will be reset to this password. Click "Next" to continue.

45,"Summary," lists the results of this operation. Click "Next" to continue.

46, indicating that unloading is underway.

47, unloading complete. The system will restart.

48, check domain controller information.

49, check the five domain roles again, check the domain, add domain, check the folder permissions.

Prompt Domain, Forest Functional Level

50, 2016 Register dll Regsvr32 c:\windows\system32\schmmgmt.dll

51, open the console, add schema, users and computers, domains and trust relationships.

52. After saving, run the console with administrator privileges, right-click the domain name and select "Upgrade domain function level."

53, currently 2008R2, can be selected as 2012, 2012R2, 2016 three kinds.

54, select the appropriate functional level. Pay attention to warning messages. Click "Upgrade."

55, same way to upgrade forest functional level for domains and trust relationships

Before domain functional level upgrade

upgraded

Before Forest Functional Level Upgrade

upgraded

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.