How to Upgrade Windows Server of a Domain Controller

 In this post I will show you how to upgrade a Domain Controller to a newer version of windows server.

Upgrading a Domain Controller requires a well-planned approach to ensure minimal disruption to your Active Directory environment. Below are two common methods, depending on the gap between your current and target versions of Windows Server.

Method 1: In-place Upgrade

(Recommended for minor version gaps, e.g., Windows Server 2016 to 2019)

1. Prepare the Forest and Domain:
   
   • Mount the Windows Server installation ISO on the target server.
   • Navigate to Support > Adprep in the ISO.
   • Run the following commands in Command Prompt:
     

     adprep.exe /forestprep{codeBox}

     When prompted, type C to confirm and press Enter.
   • Then repeat with the following command:
     

     adprep.exe /domainprep{codeBox}



2. Perform the Upgrade:
   
   • Proceed with the standard upgrade process using the Windows Server installer.

Method 2: Migration to a New Domain Controller

(Recommended for significant version gaps, e.g., Windows Server 2008 to 2022)

1. Install AD DS Role on the New Server:
   
   • Add the Active Directory Domain Services role using Server Manager.
2. Promote the New Server to a Domain Controller:
   
   • Use the AD DS configuration wizard to promote the new server.
3. Transfer FSMO Roles to the New Domain Controller:
   
• Use the following PowerShell command:
  

  Move-ADDirectoryServerOperationMasterRole -Identity <NewServerName> -OperationMasterRole 0,1,2,3,4{codeBox}

• If the PowerShell command fails, use the Ntdsutil tool to transfer FSMO roles. Refer to How to Transfer FSMO Roles Using Ntdsutil article for detailed instructions.
4. Migrate DHCP Configuration (if applicable):
   
   • Export DHCP configuration from the old server (PowerShell command):
     

     Export-DhcpServer -ComputerName <OldServerName> -File "C:\DhcpConfig.xml" -Leases{codeBox}

   • Import the configuration to the new server (PowerShell command):
     

     Import-DhcpServer -ComputerName <NewServerName> -File "C:\DhcpConfig.xml" -Leases{codeBox}

5. Verify Replication and Functionality:
   
   • Verify AD Replication by running the following:
     

     Repadmin /replsummary{codeBox}

   • Confirm DNS zones replicated properly in DNS Manager.
   • Open DHCP Manager and verify that all DHCP scopes are present.
6. Demote the Old Domain Controller:
   
   • In Server Manager on the old server, remove the AD DS role and follow the prompts to demote the server.
   • Then shut down or disconnect the old server.
7. Rename and Assign IP Address (optional):
   
   • Rename the new server to match the old server’s name if necessary using the following PowerShell command:
     

     Rename-Computer -NewName "<NewName>" -Restart{codeBox}

   • Assign the old server’s IP to the new server.
8. Final Verification:
   Run the following command to verify the domain controller's health:
   

   dcdiag{codeBox}

When upgrading domain controllers, always back up critical configurations and test the process in a lab environment first. If you experience any issues with FSMO role transfer, use the detailed steps provided for "Ntdsutil". This ensures a smooth transition with minimal disruption to your Active Directory services.