Upgrade Server 2016 Domain Controller to 2019 Server Core
Now that Server 2019 has been released I wanted to upgrade my lab's domain controllers from Server 2016 to Server 2019 Core
Now that Server 2019 has been released I wanted to upgrade my lab's domain controllers from Server 2016 to Server 2019 Core. I wanted to do the non-desktop experience version because of the limited resources on my lab hardware.
I have 2 domain controllers named DC1
and DC2
that are only domain controllers with no other purpose or software, so I removed them from the domain.
Here are the steps I took. They will be the same if you are updating/removing from a full desktop experience version of windows. Except for assigning IP's.
-
Get the IP addresses of your domain controllers. I'm going to assume you know how to do that so I'm not going into detail. If you have IPv6 on your network, be sure to get that as well.
-
Replace the first domain controller,
DC1
-
Verify all domain roles are on the other domain controller
DC2
- Open the
Active Directory Users and Computers
management console - Right click your domain.
- Click
Change Domain Controller
. - Select the domain controller you're not upgrading.
- Click OK
- Right click your domain again.
- Click
Operations Masters
- Go through each tab and verify
Operations Master
is on the domain controller you're not updating,DC2
- If it is on the one you are doing,
DC1
, clickChange
, thenYes
thenOk
. - Once you've verified that all the roles are on a domain controller other than the one you're updating, click
Close
.
- Open the
-
Demote the domain controller to a member server.
- Open
Server Manager
- If you are running
Server Manager
on something other than the server being demoted and haven't managed it before, connect to the remote server.- Click
Add other servers to manage
- In the
Name
field, put in the name of the domain controller you want to demote - Click
Find Now
- Click your server,
DC1
- Click the arrow pointing to the left
- Click
Ok
- Click
- If you are running
- Remove the
Active Directory Domain Services
role- Click
Manage
in the upper right of server manager - Click
Remove Roles and Features
- On the
Before You Begin
page, click next. This step may not apply to you if you have previously checked theSkip this page by default
. - In the
Select destination server
make sure the server you are demoting,DC1
, is selected - Click Next
- Uncheck
Active Directory Domain Services
- Click
Remove Features
on the box that pops up asking about Removing features that require Active Directory Domain Services - When the box pops up about demoting the domain controller, click
Demote this domain controller
- Click
Change
to set the credentials to demote the controller. This should be a domain admin. - Click
Next
- Check the
Proceed with removal
box - Click
Next
- Leave
Remove DNS Delegation
checked and clickNext
- Put in a new administrator password.
- On the
Review Options
page I recommend verifying that the correct server is being demoted. It's in the upper right corner. - Click
Demote
- It'll take a bit.
- If your on the server it'll reboot. If your running server manager remotely click
Close
and close theServer Manager
.
- Click
- Open
-
Remove the old domain controller from the domain
- Shutdown the old domain controller
- Open
Active Directory Users and Computers
- Expand your domain
- Click
Computers
- Right click your old domain controller
DC1
- Click
Delete
- If it comes up and says that it contains other objects, click
Yes
to delete it
-
Install Server 2019 Core. There's generally not much of a need for the full-blown Desktop Experience on a domain controller. I also only give my DC's 2gig of ram and a single CPU core since it's a lab, so the lower resource requirements make that possible.
Note: I'm not going to walk you through the install of 2019, it's pretty easy and straight forward with plenty of other guides. Don't worry about anything other than the install part and getting to the first command prompt, we'll go through all the config stuff in a minute. -
Now that you're at the command prompt right after logging in to your 2019 server for the first time, we need to set it's IP, DNS, join it to the domain, and rename it to the same name as your old DC. If you're using Server Core, follow these, otherwise there are many guides out there on about how to do these steps.
- Type in
sconfig
and pressenter
. - Set the IPv4 Address and DNS.
- Type
8
andenter
forNetwork Adapter Settings
. - Type the network adapter number (if a single NIC, press
1
) andenter
. - Type
1
andenter
for theSet Network Adapter Address
- Type
S
forStatic
and pressenter
- Put in the IP address of the domain controller you're replacing
DC1
. For example,192.168.0.253
. And pressenter
. - Put in the subnet mask for your network. For example,
255.255.255.0
. And pressenter
. - Put in the IP address of the gateway for your network. For example,
192.168.0.1
and pressenter
. - Type
2
andenter
forSet DNS Servers
. - Type the IP address of the domain controller you're not updating
DC2
. For example,192.168.0.254
. And pressenter
. - Click
Ok
on the box that pops up sayingPrimary DNS server was set
. - Type
127.0.0.1
for the alternate DNS server and pressenter
. - Click
Ok
on the box that pops up sayingSecondary DNS server was set
. - Type
4
and pressenter
toReturn to the Main Menu
.
- Type
- Join it to the domain and set the computer name.
- Type
1
andenter
forDomain/Workgroup
. - Type
D
forDomain
andenter
. - Type your domain. For example,
domain.lab
. And pressenter
. - Type in a valid domain admin user. For example,
domain\edward
. And pressenter
. - A block box will pop up asking for the password of the user you just put in. Put it in there and press
enter
and the box will go away after a couple of seconds. - A dialog will come up asking if you want to change the computer name. Click
Yes
. - Type the name of the domain controller we are updating,
DC1
. - Type in a valid domain admin user. For example,
domain\edward
. And pressenter
. - A block box will pop up asking for the password of the user you just put in. Put it in there and press
enter
. - A dialog will come up saying you need to restart your computer to apply the changes. Click
Yes
.
- Type
- If you IPv6 set the IPv6 address, if you're doing a core install follow these, otherwise use the network properties
- Log back in to your server.
- Type
powershell
and pressenter
. - Get a list of the network adapters by typing
get-netadapter
and pressenter
. - Next to the adapter you want to assign the address to is an
ifIndex
column, you'll need that number in the next command. - Assign the address by typing
New-NetIPAddress -IPAddress "<ipv6 address>" -PrefixLength <ipv6 address prefix length> -ifIndex <interface index from previous step>
. - Log off by typing
logoff
and pressenter
.
- Type in
-
Install
DNS
and promote to a domain controller.-
Open
Note: If you were using the `Server Manager` on your old domain controller, you will find that `Server Manager` is not on Server 2019 `Core`. You'll need to run it remotely. To connect to the new domain controller, follow the steps above in the `Demote the domain controller` section near the top. Note 2: If you need to install `Server Manager` on a Windows 10 desktop, there are other guides for that as well. Maybe I'll do a blog post on that. It's easy.Server Manager
a computer attached to the domain of your new domain controller. -
Click
Manage
. -
Click
Add Roles and Features
. -
On the
Before You Begin
page, click next. This step may not apply to you if you have previously checked theSkip this page by default
. -
In the
Installation Type
screen, leaveRole-based or feature-based installation
selected and clickNext
. -
In the
Select destination server
make sure the server you are replacing,DC1
, is selected. -
Click Next.
-
Check
Active Directory Domain Services
-
Leave the
Include management tools (if applicable) checked
and clickAdd Features
-
Check
Note: Even though I had static IPv4 and IPv6 addresses, it still popped up and said there were none found. I ignored it and clicked `continue`.DNS Server
. -
Click
Next
to go to theSelect Features
page. -
Click
Next
on theActive Directory Domain Services
page. -
Click
Next
on theDNS Server
page. -
Check the
Restart the destination server automatically if required
box. -
Click
Install
. -
This will take a bit.
-
Click
Close
when it's done. -
If the server didn't reboot, reboot it.
-
Log in.
-
At the command line, type
powershell
and press enter. -
Type
Install-ADDSDomainController -DomainName <your domain>
-
It'll ask for a safe mode password, go ahead and put one in there and press enter.
-
It'll ask for the password again as a confirmation, type the same one and press enter.
-
It'll then ask
Do you want to continue with this operation
. PressY
thenenter
. -
The server will reboot and you're done.
-
-
-
Upgrade the second server
- Guess what, it's identical to the first one, just reverse the server your replacing/upgrading/promoting and move the roles to the server we just updated. That should be all there is to it.
Reminders:
- Remove the forwarders from the DNS servers on your upgraded domain controllers or you will have slow query times (default timeout is 3 seconds) as they forward the requests to each other in an endless loop before giving up and querying the root server.
Notes:
- The server manager stopped working when trying to promote the second server. I suspect it has something to do with DNS. So instead of using Server Manager I used powershell and changed the promote to domain controller steps to use powershell instead.
- Instead of using Server Manager to add the DNS/Active Directory Domain Services roles you could use powershell. I believe the command would be something like
Add-WindowsFeature AD-DomainServices
andAdd-WindowsFeature DNS
then reboot, then runInstall-ADDSDomainController
- I spent more time writing this up than I did doing the actual upgrade of both servers. It's pretty quick and easy.
- Upgrading the domain controllers appeared to also update the
domain functional level
without needing to do it manually.