Although this blog is mosty centered arount VMware related topics I sometimes find myself presented with other challenges in the field. In this case I needed to upgrade a couple of Windows domain controllers to Windows Server 2019. However because the existing servers were bare metal and I had no way of accessing them remotely other than a KVM switch I decided to perform an in-place upgrade. When performing an in-place upgrade there are some things to be mindfull of.
Schema upgrades
When introducing a new domain controller in your environment the ‘Promote This Server To Domain Controller’ wizard will not only join a server to an existing domain, but also make sure the forest and domain schema’s are upgraded to support the OS version you are installing. If you decide to upgrade a domain controller instead, you need to perform the schema changes yourself. To do this, execute the following steps as a user which is a member of the Schema Admins, Enterprise Admins, and Domain Admins groups:
- Mount the Windows server installation media
- Open an elevated command prompt and go to the
support\adprep
directory of the installation media - Type:
adprep /forestprep
- Confirm you want to proceed by typing C and allow the process to finish
- Type:
adprep /domainprep
Once this is finished you are done upgrading the schema’s. You can check the schema version using this Powershell command: Get-ADObject (Get-ADRootDSE).schemaNamingContext -Property objectVersion
You can lookup what schema version is related to which OS version with this table.
Windows Server version | objectVersion value |
Windows Server 2000 | 13 |
Windows Server 2003 | 30 |
Windows Server 2003 R2 | 31 |
Windows Server 2008 | 44 |
Windows Server 2008 R2 | 47 |
Windows Server 2012 | 56 |
Windows Server 2012 R2 | 69 |
Windows Server 2016 | 87 |
Windows Server 2019 | 88 |
Migrate FRS to DFSR
If you upgraded from previous versions of Windows Server, chances are that the way SYSVOL information is replicated is handled by the file replication service (FSR). FSR has been around since the NT era and Microsoft decided to move away from that technology in favor of the more modern DFS Replication. Windows server 2016 RS3 and onwards won’t even ship with the FSR binaries anymore. So if you still find yourself using FSR in 2020 it is definitely time to switch as Microsoft requires you to use DFSR with Windows Server 2019.
The migration is a really straightforward process:
- If you haven’t installed the DFS Management tools already, install them using this Powershell one-liner:
Install-WindowsFeature RSAT-DFS-Mgmt-Con
- Run
dfsrmig /getglobalstate
to confirm the DFSR migration process has never been run before - Make sure your SYSVOL is in a consistent state across all domain controllers
- Log on to the domain controller which holds the PDC Emulator FSMO role with a user that is a member of the Domain Admins group
- Type:
dfsrmig /setglobalstate 1
. This will enter the first state of the migration: Prepared - Periodically run:
dfsrmig /getmigrationstate
to check the migration process. - When all domain controllers entered the prepared state, run
dfsrmig /setglobalstate 2
to proceed to the next step of the migration: Redirected - Periodically run:
dfsrmig /getmigrationstate
to check the migration process. - When all domain controllers entered the redirected state check the DFS Management utility and check if the replication group ‘Domain System Volume’ exists and all domain controllers are a member. Also check if the SYSVOL_DFSR folder (which is stored in the systemroot location by default) is in a consistent state before running the next command. This is important because all previous steps were easy to roll back.
- Type:
dfsrmig /setglobalstate 3
to proceed to the final step of the migration: Eliminated - Periodically run:
dfsrmig /getmigrationstate
to check the migration process.
When all domain controllers have finished and entered the eliminated phase you will find that all domain controllers will have the FRS service disabled an all SYSVOL replication is now handled by DFS. Of course this is a very brief summary of the steps involved in the upgrade. If you are looking for a more detailed explanation of the migration, this has been well documented by Microsoft (here and here for instance).
The actual upgrade
Well, this will be very anticlimactic. The upgrade of the Windows Server OS itself is a really straightforward process which has been streamlined for years. Simply mount your installation media, start the setup wizard and choose to keep all applications and settings.
The only thing I encountered after a succesfull upgrade is that some services like DHCP require an activation wizard to be run. Thankfully that is also very much a next-next-finish process.
If all domain controllers are at Server 2019 you can of course proceed to raise the forest and domain functional levels. Before you do this make sure to have a recent backup available in case you run into an issue.
Good luck with your upgrades!
0 Comments