Active Directory migration

5 min read

(For more resources related to this topic, see here.)

Getting ready

The following prerequisites have to be met before we can introduce the first Windows Server 2012 Domain Controller into the existing Active Directory domain:

  • In order to add a Windows Server 2012 Domain Controller, the Forest Functional Level (FFL) must be Windows Server 2003.

  • ADPREP is part of the domain controller process and the schema will get upgraded during this process. So the account must have the Schema and Enterprise admins privileges to install the first Windows Server 2012 Domain Controller.

  • If there is a firewall between the new server and the existing domain controllers, make sure all the RPC high ports are open between these servers. The domain controller installation and replication can be controlled by a static or a range of RPC ports by modifying the registry on the domain controllers.

  • The new Windows 2012 server’s primary DNS IP address must be the IP address of an existing domain controller.

  • The new server must be able to access the existing Active Directory domain and controllers by NetBIOS and Fully Qualified Domain Name (FQDN).

  • If the new domain controller will be in a new site or in a new subnet, make sure to update the Active Directory Sites and Services with this information.

In Windows Server 2012, domain controllers can be remotely deployed by using the Server Manager. The following recipe provides the step-by-step instructions on how to deploy a domain controller in an existing Active Directory environment.

How to do it…

  1. Install and configure a Windows Server 2012.

  2. Join the new Windows Server 2012 to the existing Active Directory domain.

  3. Open Server Manager. Navigate to the All Servers group in the left-hand side pane.

  4. From the Server Name box, right-click on the appropriate server and select the Add Roles and Features option. You can also select Add Roles and Features from the Manage menu in the command bar. If the correct server is not listed here, you can manually add it from the Manage tab on the top right-hand side and select Add Server.

  5. Click on Next on the Welcome window.

  6. In the Select Installation Type window, select Role based or Feature based installation. Click on Next.

  7. In the Select destination server window, select Select a server from the server pool option and the correct server from the Server Pool box. Click on Next.

  8. On the Select server roles window, select Active Directory Domain Services. You will see a pop-up window to confirm the installation of Group Policy Management Tool. It is not required to install the administrative tools on a domain controller. However, this tool is required for the Group Policy Object management and administration. Click on Next.

  9. Click on Next in the Select features window.

  10. Click on Next on the Active Directory Domain Services window.

  11. In the Confirm Installation Selections window, select the Restart the destination server automatically if required option. In the pop-up window click on Yes to confirm the restart option and click on Install. This will begin the installation process.

  12. You will see the progress on the installation window itself. This window can be closed without interrupting the installation process. You can get the status update from the notification section in the command bar as shown in the following screenshot:

  13. The Post-deployment Configuration option needs to be completed after the Active Directory Domain Services role installation. This process will promote the new server as a domain controller.

  14. From the notification window, select Promote this server to a domain controller hyperlink.

  15. From the Deployment Configuration window, you should be able to:

    • Install a new forest

    • Install a new child domain

    • Add an additional domain controller for an existing domain

    • Specify alternative credentials for the domain controller promotion, and so on

  16. Since our goal is to install an additional domain controller to an existing domain, select the Add a domain controller to an existing domain option. Click on Next.

  17. In the Domain Controller Options window, you will see the following options:

    • Domain Name System (DNS) server

    • Global Catalog (GC)

    • Read only Domain controller (RODC)

    • Site name:

    • Type the Directory Service Restore Mode (DSRM) password

  18. Select Domain Name System (DNS) server and Global Catalog (GC) checkboxes and provide the Directory Services Restore Mode (DSRM) password. Click on Next.

  19. Click on Next on the DNS Options window.

  20. In the Additional Options window you will see the following options:

    • Install from media

    • Replicate from

  21. Accept the default options unless you have technical reasons to modify these. Click on Next.

  22. In the Paths window, you can specify the AD Database, Log, and SYSVOL locations. Select the appropriate locations and then click on Next.

    Review the Microsoft Infrastructure Planning and Design (IPD) guides for best practices recommendations. For performance improvements, it is recommended to place database, log, and so on in separate drives.

  23. Click on Next on the Preparation Options window. During this process the Active Directory Schema and Domain Preparation will happen in the background.

  24. You should be able to review the selected option on the next screen. You can export these settings and configurations to a PowerShell script by clicking on the View Script option in the bottom-right corner of the screen. This script can be used for future domain controller deployments.

  25. Click on Next to continue with the installation.

  26. The prerequisite checking process will happen in the background. You will see the result in the Prerequisites Check window. This is a new enhancement in Windows Server 2012. Review the result and click on Install.

  27. The progress of the domain controller promotion will display on the Installation window.

  28. The following warning message will be displayed on the destination server before it restarts the server:

You can review the %systemroot%debugdcpromo.log and %SystemRoot%debugnetsetup.log log files to get more information about DCPROMO and domain join-related issues.


Thus we learned the details of how to do Active Directory migration and its prerequisites, schema upgrade procedure, verification of the schema version, and installation of the Windows Server 2012 Domain Controller in the existing Windows Server 2008 and Server 2008 R2 domain.

Resources for Article :

Further resources on this subject:


Please enter your comment!
Please enter your name here