 Hey folks, it's Ned Pyle here again talking about end of support and their migration strategies again 2008 support either is about to happen or has just happened if you're watching this video and what you need now Besides your options to pick things up and move them to Azure or to add extended security updates to 2008 and keep trekking along is really your true long-term strategy of how do I get off of this old platform which is no longer in support, but more importantly isn't containing a lot of the functionality and safety that came from a later platform like 2012 even much less 2016 or 2019 So I'm going to go through a demo now and talk about how I can migrate domain controllers and DNS servers in the smoothest possible fashion so that your users and applications See little to no Interruption whatsoever And you're not forced to reconfigure anything. I'll also be talking about your best favorite thing FRS to DFSR migration as part of this process. So let's get into this demo So having performed my 2008 2008 R2 server Domain controller and file server inventories I think I'm ready to go ahead and do the actual migration and get my 2008 DCs Replaced in a separate demo. Of course, I'll show you a storage migration service for file servers So let's get rolling here I'm inside of server manager and I have What I need to do first really is is add in my my proposed new 4DCs that I'm going to use to replace my existing 2008 DCs. I've got four 2019 servers here That's going to add to management and that way I can start running DC promotion on those machines. I could also do this with PowerShell I could batch up the whole thing. I could, you know, make this much more automated and much more Hands-off but for the purposes of demonstration, let's just do these things There's sort of piecemeal So I'm one of these 2019 DCs. I'm going to add the active directory domain services role and Promote it and if you've been in the world of 2008 for a long time You're realizing now that you don't see me running DC promo That tool is long gone. If you moved on to the world of 2012 2016 2019 You're now using the server manager tool or PowerShell and I'm going to add this role. It's a you know, it won't be It'll take a little bit of time. So I'm going to time compress it here for the demo There's that little option there promote this server to the record or this is the DC promo process that you are familiar with from the past We go ahead and give some domain admin credentials This is my migrator account that I've been using for various demos and I'm adding this Regular member server this 2019 server to the domain and I'm going to try and co-locate these things with wherever they might be with their existing DC So you saw from my inventory that I had several sites now I can put in a DSRM, you know recovery password for these DCs and I will be forced now because I've used sites correctly to specify a site So this particular DC I'm going to put into the headquarters site and click next and click next and it's putting the You know notice this piece here domain prep forest prep you if you were 2008 Domain admin you used to do those things separately using the 80 prep tool That is all included now as part of the deployment process So one thing to be careful about also is that when you first promote your first DC 2012 or later DC into your environment. The first thing it's going to do is prep your schema and domain So here we go. I'm going to time compress this installation just to save us a little bit of time You see I was upgrading forest adding in the DC It will replicate All those things take as long as it takes for the environment and this server has now restarted Just jump on to this box and sort of see how things went All right, let's go ahead and run the event viewer That'll give us an idea of how healthy the DC is right now after promotion and if it's truly ready to go I mean don't forget when you DC promo a box. It's going to continue to inbound replicate Take a look here in the directory services event log. It is calling itself a DC Now let's go back to the story of the Vismo roles remember I had to look at those during inventory and look at them again because I don't know if somebody's best with them in the meantime, I Need to move these roles so as I promote up these DCs. I'm going to use PowerShell to move The various Vismo roles onto my new domain controllers as I deploy them so I can start Getting rid of my old DCs So in this particular case, I'm taking The PDC emulator role and putting it on to my brand new 2019 DCO to server And do the same thing for other roles as I see fit and need to and put a schema master on here. I Could put these all together separate them with commas and do this all in one command if I wanted this PowerShell is pretty cool I'm not going to do that though Now I've started to add my DCs I've got my 2019 DCs up and I've been doing a few in the background here cooking show style We need to get rid of my old 2008 So now we're back to the classic DC promo tool that you know and love So this piece here, I will use the legacy tool on the 2008 domain controllers and start getting rid of them So obviously if we're done this before this look very familiar, but maybe you never demoted a DC before Go ahead and give it some local admin creds Just gonna need once it stops being part of the domain and tell it to go ahead and do its work And we're going to come back to this having it let it reboot and finished rather than making you watch that in the demo And we'll see now That this machine is a member machine and we want to do is take a look at its IP information real quick Okay, that IP information Is what was being used for DNS? So our clients are pointing still to this server probably for DNS information and There's a problem with that right. I mean the server is not a DC anymore. It's not a DNS Server anymore either so we can do two things we could change every client and member server in the company or We can just go take over these IP addresses and put them on our new servers, which I think is a much better solution So this machine is part of the domain I'm gonna go ahead and rename it now so that nobody ever connects to this box by its old name anymore Just by mistake and that way it's still around. It might still have some data on it for some reason But it is effectively unreachable by IP or name ever again and on my new DCO to I'm gonna give it the IP address of my old DCO to and that way all my DNS clients and Applications using anything by IP address just won't know that anything happened and they're happy and back in business, which is really nice So rather than changing thousands of clients I'm changing a handful of DCs and if you want to get really fancy and we have a nice document on this somewhere You can even go through and specify an alternate computer name and give it to the you know my DCO to 2019 server here The old server name of DCO to so we'll answer for both Maybe I'm not gonna do that right now So what else can we do here? Let's take a look at My site information when I demoted that old DCO to you might not know this It's computer object is still hanging out there in sites I'm gonna a little clean up here and get rid of old DCs from the topology and Now that I've gone all the way that you know, I've made all my DCs 2019 now I have the ability to raise the forest and domain functional levels to their maximum Which is the 2016 FFL DFL and start unlocking features I didn't have back when I was a 2008 environment It's not just to get new DCs when you want to get new functionality So for example, I can enable the recycle bin now something which 2008 didn't have and instead of relying on System state backups for the deletion of objects users groups computers I now have an actual recycle bin inside of active directories This is just one example of you know a good reason to have gotten on it 2019 Not just because 2008 support ended. So I'm gonna create a user here. This is a Marcus Sinovich He's my user And he's a really important person of Microsoft probably heard of him I'm gonna use one of the big rigs over in Azure It does a lot of talks and I'm gonna create his user account because I work over on the help desk And then Accidentally after he's been using his account. I deleted his account. So now Mark can't log in anymore In the past, this would be a big fire drill, right? You go off and find your backups do a non-authoritator for store Hopefully that all works. It's a big yikes and starting in 2019. I Enabled the recycle bin and now I can just right-click and restore and put mark right back into his Spot with his password with all the group memberships with all his attribute metadata And he'll be able to just log right back in and maybe he didn't even notice anything happened And we'll make sure that we update his special title for everybody knows how important mark is So this is just a great example of you know, some not just the you know The hard work you're doing to get migrated isn't just to keep being supported on Windows server On the later version, it's your you're missing functionality when you run 2008 tons of security pieces Tons of features tons of options that make your environment run better more smoothly Give your users new abilities. And so the migration and upgrade process shouldn't just be a chore Every 10 years of getting supported It should also be a way for you to start unlocking and bringing value into the environment that you just didn't have on your 10-year-old 2008 OS So that was the process of how you would migrate your domain controllers your DNS Your sysfall and make sure that you are no longer on 2008 But instead on a nice comprehensive modernized platform like say server 2019. I hope you've enjoyed this This URL will give you more information on how to do these types of migrations and of course if you have any questions