Upgrading Active Directory - Server Tutorial

- [Instructor] Active Directory Domain Services is one of the Windows Server roles that evolves at least slightly with each new version of Windows Server. The Active Directory Domain Services Schema is the design of the database that defines what types of objects are stored, what properties are maintained for each object, and how these different objects or classes relate to each other. If you're a beginner to databases consider a simple database application, like Access. When you create a database in Access you create tables for each type of information or class of object that you want to track, computers, operating systems, users, and so forth. In each table you have a list of fields or properties that describe each record or object in the table. Perhaps for a computer your defining properties are the name of the computer, the location, or various configuration details. If your environment were to grow and become more diverse you're going to need to track more things. You're going to need more tables, you're going to need to add or redefine fields within those tables, and you may need to redraw relationships between them. This kind of change needs to happen when you introduce a new version of Windows Server as a domain controller in an Active Directory domain. You can make those changes manually before adding a Windows 2019 server as a domain controller in a previous version, say 2016 Server domain. The AD prep application is on the Windows Server 2019 disk. If I was to just browse out to the install media inside the support folder here is adprep for Active Directory prep. And inside that folder is the adprep application. But it's not necessary to run that separately. It's understood that this kind of upgrade needs to happen. Promoting a Windows 2019 server to domain controller will run this elevation for you. Let me go ahead and close this and let's take a look at our Windows 2016 server domain controller. Here we have our domain controller, you can see that Active Directory Domain Services is installed and that this is a Windows Server 2016 Datacenter edition server. It's been configured in a virtual machine with eight GIG of RAM that's dynamically expanding. So you'll see the installed memory fluctuate a little bit as we go through this process. I'm going to first open PowerShell and take a look at the functional level of Active Directory on this server. I can do that with the Get-AdObject commandlet. And specifically what I want to look for is going to be pulled from the Get-AdRootDSE commandlet. And there's a specific property inside those results that I want to pull. And that is the schemaNamingContext. And I'm going to get even more specific than that as I look up a specific property of that object, the objectVersion. And when we take a look at the results we can see that our Active Directory Schema is of the objectVersion 87. I'm going to leave this screen right here, so we can come back and compare later. Let's switch back over to our Windows 2019 server. We can see that this server has already been joined to the domain, so let me go ahead and add the Active Directory Domain Services role. From the Dashboard, Add roles and features, we've seen this Wizard before. As we get to the list of roles I'm going to select Active Directory Domain Services. There are several prerequisites and tools that need to be added, I'm going to accept all of them. And then I will go ahead and just progress to the point where it starts the installation. Now Windows Server 2019 seems to install things a little quicker than previous versions, but it still takes a while, so we're going to fast-forward through this progress bar and get to the next stage. All right, here we are. And now I'm going to follow this link to Promote this server to a domain controller. Remember, this is a Windows 2019 server, becoming a domain controller alongside an existing Windows Server 2016 domain. So when I choose to promote the first screen is probably the most important. This is where I specify that I am adding a domain controller to an existing domain. I need to specify the domain and I need to make sure that the credentials provided here, the currently logged on user, or I could change it, this is a user account that has the permissions and rights necessary to create a new domain controller in our Active Directory environment. And that is all correct, so I'm going to go ahead and move forward. I'll specify a password here. And accept defaults the rest of the way through. No DNS delegation is available, that's fine, that was to be expected. Here I'm prompted to select which domain controller I want to replicate my information from, so I'll go ahead and choose the Windows 2016 domain controller. Next, the paths are fine. The Preparation Options, this is where it's telling me that it's going to have to perform the following Active Directory preparation. This forest and schema preparation. And then adding and modifying objects within the domain to fit the new schema. This is where I'm being told that that will be done for me. So Next. Review the options, let it do the Prerequisite Check. And it's just reminding me of the old legacy NT 4 security concerns, as well as pointing out that the DNS delegation can't happen. Both of those were expected and not really errors as far as I'm concerned. And everything passed. So let me go ahead and click Install. Notice that when I do the first thing that shows up up here in the Progress was updating the forest and updating the domain. That was the AD prep being done for us. Once this installation is complete and the server is rebooting I'm going to switch back over to the 2016 server and let's check that version again. Okay, now that the reboot of our new domain controller is complete here we are back on our Windows 2016 server. Remember, previously we found that our schema was objectVersion 87. I'm going to take advantage of the command memory in PowerShell and use the up arrow, so that I don't have to type out that big, long command again. When I run that again we can see that the objectVersion has changed. It doesn't appear to have changed by a lot, but we can see that the Active Directory preparation built into configuring the role on a new server was able to complete on its own. In theory you can perform an in-place upgrade on a Windows 2012 RT or a Windows 2016 domain controller, so long as you stop and restart some services. But I've had mixed results in my testing. It's best practice to go ahead and bring up a new server and you've seen just how easy it is to perform this upgrade on Active Directory.