22/11/2022 10:24 Step-by-Step Guide to Migrate from Active Directory 2012 R2 to Active Directory 2019 (PowerShell Guide) - Technical

echnical Blog | REB…

ARCHIVE CONTACT US PRIVACY POLICY

Premiere Pro Try Now

by adobe.com

Skip Ad
00:34 / 00:46
0:07

Learn about Active Directory and Various Azure Services

Step-by-Step Guide to Migrate from Active Search this website

Directory 2012 R2 to Active Directory 2019

(PowerShell Guide) ABOUT ME

Last Updated on January 28, 2019 by Dishan M. Francis

Windows server 2019 was available for public (GA) from early oct
2018. In past i have written many articles about domain migrations
by covering different Active Directory versions. So, it is time me to
write about AD 2019 migrations. In this demo I am going to
demonstrate how to migrate from Active Directory 2012 R2 to Active
Directory 2019. The same procedure is going to apply for any AD
version from Windows Server 2008.   

Migration itself is very straight forward task. But there are other
things you need to consider before you do an AD migration. In below
I am Dishan Francis. I’m a
I listed a checklist you can use in many occasions.
Azure/Identity Consultant at
Microsoft. I’m a dedicated and
• Evaluate business requirement for active directory migration  enthusiastic information
technology expert who enjoys
• Perform Audit on Existing Active Directory Infrastructure professional recognition and
Confidentialité - Conditions

accreditation from several

https://www.rebeladmin.com/2019/01/step-step-guide-migrate-active-directory-2012-r2-active-directory-2019-powershell-guide/ 1/13
22/11/2022 10:25 Step-by-Step Guide to Migrate from Active Directory 2012 R2 to Active Directory 2019 (PowerShell Guide) - Technical Blog | REB…

• Provide Plan for implementation Process respected institutions. I am

ARCHIVE CONTACT US this blog
maintaining PRIVACY POLICY
for last 7
• Prepare Physical / Virtual resources for Domain Controller years. This includes more than
400 articles already. These are
mainly about Microsoft Active
• Install Windows server 2019 Standard / Datacenter
Directory Service and Azure
Active Directory Service. I also
• Patch Servers with latest Windows Updates
blog about different Azure
services. If you need further help
• Assign Dedicate IP address to Domain Controller
on subject matters, feel free to
contact me on
• Install AD DS Role [email protected]. Also to get
latest updates, follow me on
• Migrate Application and Server Roles from the Existing Domain twitter @rebeladm
Controllers.
MASTERING ACTIVE DIRECTORY, THIRD
• Migrate FSMO roles to new Domain Controllers EDITION

• Add New Domain controllers to the Existing Monitoring system

• Add New Domain controllers to the Existing DR Solution

• Decommission old domain controllers 

• Raise the Domain and Forest Functional level

• On Going Maintenance 

I am glad to announce the

release of my new book
“Mastering Active Directory –
3rd Edition”. It is available for
purchase worldwide now For
more info….

As per the above figure therebeladmin.com domain has two domain

controllers.  In here, the FSMO role holder is running windows
server 2012 R2. Domain and forest functional level currently
operating at Windows server 2012 R2. A new domain controller with
Windows server 2019 will be introduce and it will be the new FSMO
role holder for the domain. once FSMO role migration completed,
Domain controller running windows server 2012 R2 will be Confidentialité - Conditions

https://www.rebeladmin.com/2019/01/step-step-guide-migrate-active-directory-2012-r2-active-directory-2019-powershell-guide/ 2/13
22/11/2022 10:25 Step-by-Step Guide to Migrate from Active Directory 2012 R2 to Active Directory 2019 (PowerShell Guide) - Technical Blog | REB…

decommissioned. After that forest and domain function level will

ARCHIVE CONTACT US PRIVACY POLICY
raised to the windows server 2019. 
In the demonstration, REBEL-DC2012 is the domain controller with
windows server 2012 R2 and REBEL-DC2016 is the domain controller
with windows server 2019. 

[su_note]When you introduce new domain controllers to the

existing infrastructure it is recommended to introduce to the forest
root level first and then go to the domain tree levels.[/su_note]

Automate
more.
Deliver
faster.
Always
improve.
Start your free trial

1. Log in to the Server 2019 as a member of local administrators

group. 
2. Add server to the existing domain as member

3. After restart, log in to the server as Enterprise Administrator

4. Assign static IP address to the server
5. Launch the PowerShell Console as an Administrator
Confidentialité - Conditions

https://www.rebeladmin.com/2019/01/step-step-guide-migrate-active-directory-2012-r2-active-directory-2019-powershell-guide/ 3/13
22/11/2022 10:25 Step-by-Step Guide to Migrate from Active Directory 2012 R2 to Active Directory 2019 (PowerShell Guide) - Technical Blog | REB…

6. Before the configuration process, we need to install the AD DS

ARCHIVE CONTACT US PRIVACY POLICY
Role in the given server. In order to do that we can use Following
command. 

Install-WindowsFeature –Name AD-Domain-Services -

IncludeManagementTools

7. Configure the new server as additional domain controller.

Install-ADDSDomainController
-CreateDnsDelegation:$false
-NoGlobalCatalog:$true
-InstallDns:$true
-DomainName "therebeladmin.com"
-SiteName "Default-First-Site-Name"
-ReplicationSourceDC "REBEL-DC2012.therebeladmin.com"
-DatabasePath "C:\Windows\NTDS"
-LogPath "C:\Windows\NTDS"
-NoRebootOnCompletion:$true
-SysvolPath "C:\Windows\SYSVOL"
-Force:$true

Confidentialité - Conditions

https://www.rebeladmin.com/2019/01/step-step-guide-migrate-active-directory-2012-r2-active-directory-2019-powershell-guide/ 4/13
22/11/2022 10:25 Step-by-Step Guide to Migrate from Active Directory 2012 R2 to Active Directory 2019 (PowerShell Guide) - Technical Blog | REB…

ARCHIVE CONTACT US PRIVACY POLICY

There are no line breaks for the command and I have listed it as
above to allow readers to identify on the parameters clearly.

Argument Description

Install-ADDSDomainController This cmdlet will install the

domain controller in active
directory infrastructure.

-NoGlobalCatalog If you do not need to create the

domain controller as global
catalog server, this parameter
can use. By default, system will
enable global catalog feature.

-SiteName This Parameter can use to

define the active directory site
name.  the default value is
Default-First-Site-Name

-DomainName This parameter defines the

FQDN for the active directory
domain.

-ReplicationSourceDC Using this parameter can

define the active directory
replication source. By default, it
will use any available domain
controller. But if need we can
be specific.

Once execute the command it will ask for SafeModeAdministrator

Password. Please use complex password to proceed. This will be
used for DSRM.

8. After configuration completed, restart the system and log back in

as administrator to check the AD DS status. 

Get-Service adws,kdc,netlogon,dns

Confidentialité - Conditions

https://www.rebeladmin.com/2019/01/step-step-guide-migrate-active-directory-2012-r2-active-directory-2019-powershell-guide/ 5/13
22/11/2022 10:25 Step-by-Step Guide to Migrate from Active Directory 2012 R2 to Active Directory 2019 (PowerShell Guide) - Technical Blog | REB…

ARCHIVE CONTACT US PRIVACY POLICY

Will confirm the status of the AD DS service. 

Get-ADDomainController -Filter * |  Format-Table Name,

IPv4Address, Site

Will list down the domain controllers along with the IP address and
Sites it belongs to.

9. Migrate all five FSMO roles to the New domain controller using
following command,

Move-ADDirectoryServerOperationMasterRole -Identity REBEL-

DC2019 -OperationMasterRole SchemaMaster,
DomainNamingMaster, PDCEmulator, RIDMaster,
InfrastructureMaster

In above the REBEL-DC2019 is domain controller running with

windows server 2019. 

Once its completed, we can verify the new FSMO role holder using 

Netdom query fsmo

Confidentialité - Conditions

https://www.rebeladmin.com/2019/01/step-step-guide-migrate-active-directory-2012-r2-active-directory-2019-powershell-guide/ 6/13
22/11/2022 10:25 Step-by-Step Guide to Migrate from Active Directory 2012 R2 to Active Directory 2019 (PowerShell Guide) - Technical Blog | REB…

ARCHIVE CONTACT US PRIVACY POLICY

10. The new step of the process is to decommission the old windows
domain controller which running with windows server 2012 R2. To
do that execute the following command as enterprise administrator
from the relevant DC. 

Uninstall-ADDSDomainController -DemoteOperationMasterRole -
RemoveApplicationPartition

After execute the command it will ask to define password for the
local administrator account.

Once its completed it will be a member server of the

therebeladmin.com domain.

11. Next step is to raise the domain and forest functional level to
windows server 2019. To do that can use the following commands.

To upgrade domain functional levels

Set-ADDomainMode –identity therebeladmin.com -DomainMode

Windows2016Domain

To upgrade forest function levels

Set-ADForestMode -Identity therebeladmin.com -ForestMode

Windows2016Forest

Confidentialité - Conditions

https://www.rebeladmin.com/2019/01/step-step-guide-migrate-active-directory-2012-r2-active-directory-2019-powershell-guide/ 7/13
22/11/2022 10:25 Step-by-Step Guide to Migrate from Active Directory 2012 R2 to Active Directory 2019 (PowerShell Guide) - Technical Blog | REB…

ARCHIVE CONTACT US PRIVACY POLICY

[su_note]With windows server 2019, there is no domain or forest

functional level called windows2019. It is still 2016. [/su_note]

Now we have completed the migration from AD DS 2012R2 to AD DS

2019. Same steps apply when migrate from windows server 2008,
Windows server 2008 R2, Windows server 2012 & Windows server
2016.

12. After the migration completes, we still need to verify if its

completes successfully. 

Get-ADDomain | fl Name,DomainMode

This command will show the current Domain functional level of the
domain after the migration. 

Get-ADForest | fl Name,ForestMode

Above command will show the current forest functional level of the
domain. 

This marks the end of this blog post. Hope this was useful. If you
have any questions feel free to contact me on [email protected]
also follow me on twitter @rebeladm to get updates about new blog
posts.

Comments
Confidentialité - Conditions

https://www.rebeladmin.com/2019/01/step-step-guide-migrate-active-directory-2012-r2-active-directory-2019-powershell-guide/ 8/13
22/11/2022 10:25 Step-by-Step Guide to Migrate from Active Directory 2012 R2 to Active Directory 2019 (PowerShell Guide) - Technical Blog | REB…

Vicky says
ARCHIVE CONTACT US PRIVACY POLICY
December 11, 2019 at 3:10 pm

Hi Dishan, Thanks a lot for the article. We are in the process

of upgrading from Win 2008 R2 DCs to Win 2019 DCs.
Following your advice of doing the Forest first.
Can we Upgrade the schema first of the Forest and then
promote the 2019 server to DC ?

Reply

Murali says
July 17, 2020 at 6:07 am

Nice Article, Thank you very much.

Reply

Giuliano says
August 14, 2020 at 4:09 pm

Very useful, thanks!

Reply

Tippu Nadaf says

September 4, 2020 at 2:24 pm

This is very useful article much appreciate your work.

Reply

Eshwar says
September 24, 2020 at 8:56 pm

Thank you so much for this detailed Blog post. It helped me

immensely in planning and executing my upgrade from WS
Confidentialité - Conditions

https://www.rebeladmin.com/2019/01/step-step-guide-migrate-active-directory-2012-r2-active-directory-2019-powershell-guide/ 9/13
22/11/2022 10:25 Step-by-Step Guide to Migrate from Active Directory 2012 R2 to Active Directory 2019 (PowerShell Guide) - Technical Blog | REB…

2012 to 2019. Thanks to your post, the process went as

ARCHIVE CONTACT US PRIVACY POLICY
smoothly as could have been expected.

The one problem I ran into was that after making my 2019
machine the Domain Controller, it required network
reconfiguration: I had to make it take over DHCP and DNS
from the 2012 machine. This also meant that I had to have
the 2019 machine take over the Static IP of the 2012 machine
(so that DNS traffic in the network would come to it now).
Without that the decommissioning step would abort because
the 2012 machine couldn’t find another Domain Controller
on the network (so it wouldn’t downgrade itself).

Thanks again and keep up the good work!

Reply

Leave a Reply
Your email address will not be published. Required fields are marked
*

Comment

Name *

Email *

Website

Confidentialité - Conditions

https://www.rebeladmin.com/2019/01/step-step-guide-migrate-active-directory-2012-r2-active-directory-2019-powershell-guide/ 10/13
22/11/2022 10:25 Step-by-Step Guide to Migrate from Active Directory 2012 R2 to Active Directory 2019 (PowerShell Guide) - Technical Blog | REB…

Save my name, email, and website in this browser for the next time
ARCHIVE CONTACT US PRIVACY POLICY
I comment.

POST COMMENT

TOP 100 MICROSOFT

AZURE BLOGS

Rebeladmin.com is
listed among Top
100 Microsoft
Azure Blogs in
2022. For more
info….

MVP FOR LAST 7 YEARS

I am glad to
announce that I
have been awarded
with MVP award by
Microsoft for 7th
consecutive time.
For more info….

Confidentialité - Conditions

https://www.rebeladmin.com/2019/01/step-step-guide-migrate-active-directory-2012-r2-active-directory-2019-powershell-guide/ 11/13
22/11/2022 10:25 Step-by-Step Guide to Migrate from Active Directory 2012 R2 to Active Directory 2019 (PowerShell Guide) - Technical Blog | REB…

ARCHIVE CONTACT US PRIVACY POLICY

Empower
collaboration.
Increase
productivity.
Start your free trial

RECENT POSTS ABOUT REBELADMIN.COM

Step-by-Step Guide : Automate Rebeladmin Technical Blog contain more than

JML(Joiners/Movers/Leavers) process with 400 articles. The site is older than 7 years and
Microsoft Entra lifecycle workflows been updated regularly. In here you will find
articles about Active Directory, Azure Active
Microsoft Defender for Identity Part 05 – MDI
Directory, Azure Networking, Cyber Security,
Sensor installation
Microsoft Intune and many more Azure

Microsoft Defender for Identity Part 04 – Services.

Network Requirements
SOCIAL MEDIA
Step-by-Step guide to Azure Bastion IP-Based
Connection

Microsoft Defender for Identity Part 03 – TAGS

Collect Windows Events
AAD active direcotry Active directory
Active Directory Domain Service AD AD objects

AD replication Azure Azure Active

Directory Azure Active Directory
Domain Service Azure Active Directory
Confidentialité - Conditions

https://www.rebeladmin.com/2019/01/step-step-guide-migrate-active-directory-2012-r2-active-directory-2019-powershell-guide/ 12/13
22/11/2022 10:25 Step-by-Step Guide to Migrate from Active Directory 2012 R2 to Active Directory 2019 (PowerShell Guide) - Technical Blog | REB…

Domain Services
ARCHIVE
Azure AD Azure
CONTACT US
AD connect
PRIVACY POLICY
Azure AD Domain Service Azure Conditional Access Azure
Domain Service Azure Domain Services Azure
HighAvailability Azure IaaS Azure Information Protection

Azure Loadbalancer Azure Networking Azure

PowerShell Azure Region Azure Virtual Machine

Azure Virtual Network azure vm Azure VNet

Conditional Access Conditional Access Policies Data
Protection DC DNS Domain Controller Domain
Service Domain Services FSMO GPO group policies
Group Policy Microsoft PowerShell Replication
Security SSO

Archive Contact us Privacy Policy

Confidentialité - Conditions

https://www.rebeladmin.com/2019/01/step-step-guide-migrate-active-directory-2012-r2-active-directory-2019-powershell-guide/ 13/13