Although this blog is mosty centered arount VMware related topics I sometimes find myself presented with other challenges in the field. In this case I needed to upgrade a couple of Windows domain controllers to Windows Server 2019. However because the existing servers were bare metal and I had no way of accessing them remotely other than a KVM switch I decided to perform an in-place upgrade. When performing an in-place upgrade there are some things to be mindfull of.

Schema upgrades

When introducing a new domain controller in your environment the ‘Promote This Server To Domain Controller’ wizard will not only join a server to an existing domain, but also make sure the forest and domain schema’s are upgraded to support the OS version you are installing. If you decide to upgrade a domain controller instead, you need to perform the schema changes yourself. To do this, execute the following steps as a user which is a member of the Schema Admins, Enterprise Admins, and Domain Admins groups:

  1. Mount the Windows server installation media
  2. Open an elevated command prompt and go to the support\adprep directory of the installation media
  3. Type: adprep /forestprep
  4. Confirm you want to proceed by typing C and allow the process to finish
  5. Type: adprep /domainprep

Once this is finished you are done upgrading the schema’s. You can check the schema version using this Powershell command: Get-ADObject (Get-ADRootDSE).schemaNamingContext -Property objectVersion

You can lookup what schema version is related to which OS version with this table.

Windows Server versionobjectVersion value
Windows Server 200013
Windows Server 200330
Windows Server 2003 R231
Windows Server 200844
Windows Server 2008 R247
Windows Server 201256
Windows Server 2012 R269
Windows Server 201687
Windows Server 201988

Migrate FRS to DFSR

If you upgraded from previous versions of Windows Server, chances are that the way SYSVOL information is replicated is handled by the file replication service (FSR). FSR has been around since the NT era and Microsoft decided to move away from that technology in favor of the more modern DFS Replication. Windows server 2016 RS3 and onwards won’t even ship with the FSR binaries anymore. So if you still find yourself using FSR in 2020 it is definitely time to switch as Microsoft requires you to use DFSR with Windows Server 2019.

The migration is a really straightforward process:

  1. If you haven’t installed the DFS Management tools already, install them using this Powershell one-liner: Install-WindowsFeature RSAT-DFS-Mgmt-Con
  2. Run dfsrmig /getglobalstate to confirm the DFSR migration process has never been run before
  3. Make sure your SYSVOL is in a consistent state across all domain controllers
  4. Log on to the domain controller which holds the PDC Emulator FSMO role with a user that is a member of the Domain Admins group
  5. Type: dfsrmig /setglobalstate 1. This will enter the first state of the migration: Prepared
  6. Periodically run: dfsrmig /getmigrationstate to check the migration process.
  7. When all domain controllers entered the prepared state, run dfsrmig /setglobalstate 2 to proceed to the next step of the migration: Redirected
  8. Periodically run: dfsrmig /getmigrationstate to check the migration process.
  9. When all domain controllers entered the redirected state check the DFS Management utility and check if the replication group ‘Domain System Volume’ exists and all domain controllers are a member. Also check if the SYSVOL_DFSR folder (which is stored in the systemroot location by default) is in a consistent state before running the next command. This is important because all previous steps were easy to roll back.
  10. Type: dfsrmig /setglobalstate 3 to proceed to the final step of the migration: Eliminated
  11. Periodically run: dfsrmig /getmigrationstate to check the migration process.

When all domain controllers have finished and entered the eliminated phase you will find that all domain controllers will have the FRS service disabled an all SYSVOL replication is now handled by DFS. Of course this is a very brief summary of the steps involved in the upgrade. If you are looking for a more detailed explanation of the migration, this has been well documented by Microsoft (here and here for instance).

The actual upgrade

Well, this will be very anticlimactic. The upgrade of the Windows Server OS itself is a really straightforward process which has been streamlined for years. Simply mount your installation media, start the setup wizard and choose to keep all applications and settings.

The only thing I encountered after a succesfull upgrade is that some services like DHCP require an activation wizard to be run. Thankfully that is also very much a next-next-finish process.

If all domain controllers are at Server 2019 you can of course proceed to raise the forest and domain functional levels. Before you do this make sure to have a recent backup available in case you run into an issue.

Good luck with your upgrades!

Rudolf Kleijwegt

I am an experienced IT professional with over 20 years of hands-on experience designing, deploying, and maintaining IT infrastructure in both enterprise and service provider environments. My skills span across Linux and Windows and a multitude of server applications, allowing me to excel in a wide range of IT roles. Currently, my primary focus is on Software Defined DataCenter and DevOps. I am passionate about staying up to date with the latest trends in the industry to achieve superior outcomes.


Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *