Goal: Help all Windows Server users successfully migrate their Active Directory (AD) to new server machines.

Supported Operating Systems: Windows Server 2022/2019/2016/2012 R2/2008 R2/2008/2003, and so on.

How do I migrate Active Directory (AD) to another server?

Does anyone know how to move Active Directory to another Windows Server computer? For instance, I've purchased a new Windows Server 2022, and I want to migrate my AD from my old Windows Server 2016 to Server 2022. What steps should I follow?

Are you looking for a reliable way to migrate your Active Directory database from a Windows Server computer to a new server machine? Don't worry, and if you're new to server administration, fret not. On this page, we'll guide you through the entire process of successfully moving AD from one server to another. Let's dive into the detailed steps:

Of course, please provide the English content you would like translated, and I will promptly translate it into Chinese for you.

In this article, you'll learn:

  • What is Active Directory and why you need to migrate it to a new server
  • Method 1: Backup Active Directory and restore it to another server
  • Method 2: Use an Active Directory migration tool

Before we dive into how to migrate Active Directory to a new server, let's take a look at what Active Directory is and why a Windows Server user might want to move it from one server to another.

What is Active Directory, and why might it need to be migrated to a new server? Active Directory is a core component of the Microsoft Windows Server operating system, serving as a centralized directory service. Its primary function is to manage and store information about network resources such as user accounts, computers, printers, and shared folders, while providing authentication and authorization services for network users. Through Active Directory, administrators can easily control access permissions, enforce policies, and manage updates to various objects in the network. Reasons for migrating Active Directory to a new server may include: 1. **Hardware Upgrade**: The old server might have reached its hardware limitations, unable to meet performance demands or support newer versions of the operating system. Migrating to a new server can provide better hardware performance and a longer lifespan. 2. **Fault Tolerance and Redundancy**: Moving Active Directory functionality to another server can enhance availability and reliability, protecting against failures in the original server. 3. **Scaling and Planning**: As an organization grows, more domain controllers might be needed to distribute the load, providing faster replication and user login experiences. 4. **Resource Consolidation**: Following mergers or acquisitions, it might be necessary to merge different organizations' Active Directories or optimize existing infrastructure. 5. **Security Considerations**: Upgrading servers ensures adherence to the latest security best practices, reducing potential vulnerabilities. 6. **Software Updates**: New servers often run the latest operating system versions, supporting additional features and improved services to adapt to evolving technology environments. Migrating Active Directory requires careful planning and execution to maintain business continuity and minimize disruptions. This process involves steps like data migration, DNS updates, user configurations, and testing.

Active Directory stores information about network objects and enables administrators and users to find and use that information easily. Active Directory uses a structured data store as the foundation for logically organizing directory information.

- Provided by the Microsoft Overview of Active Directory Domain Services

Based on the description above, we can consider Active Directory as a database called AD that connects users to network resources to get things done. But what does Active Directory entail exactly? Let's find out:

    • Information objects, such as servers, volumes, printers, network users, and computer accounts – the shared resources. • A set of rules: The architecture defines the classes of objects and attributes contained in the directory. • Global directory: Information about each object in the directory. • Query and indexing mechanisms: Ensure that network users or applications can publish and locate objects and their attributes. • Replication service: Distributes directory data across the network.

When transitioning to a new server computer, one critical step is to transfer Active Directory to the new server. Below, we've compiled two methods that will guide you through successfully migrating your AD database to a new server on your own.

Both methods apply to moving Active Directory from one server to another, and they work with Windows Server 2022, 2019, 2016, 2012 R2, 2012, 2008 R2, 2008, and 2003, among other versions.

Method 1: Back up Active Directory and restore it to another server

    • Tool: PowerShell
    • Difficulty Level: High

Assuming you have two computers running Windows Server and need to migrate the Active Directory database from one server to another, here's a manual process you can follow: 1. **Backup Active Directory**: - On the source server, use `nssm.exe` (Non-Signature Service Manager) or the built-in `ntdsutil` tool to create a full backup of Active Directory. - Run `ntdsutil`, then choose `activate instance ntds`, followed by `files`, and then `backup` to initiate the backup process. - Specify the backup location and ensure the backup is successful. 2. **Configure the target server**: - Ensure the target server has the same or a higher version of the operating system as the source server and that the Active Directory Domain Services role is installed. - Join the target server to the same domain as the source server but do not promote it to a domain controller yet. 3. **Transfer the SYSVOL folder**: - Use Robocopy or Xcopy to copy the SYSVOL folder from the source server to the corresponding location on the target server. - For example: `Robocopy \\SourceServer\sysvol \\TargetServer\sysvol /MIR` 4. **Transfer NTDS settings**: - Copy the `NTDS` folder (usually located at `%SystemRoot%\NTDS`) from the source server to the same location on the target server. 5. **Restore the Active Directory database**: - On the target server, use the `ntdsutil` tool, select `activate instance ntds`, then `files`, and choose `restore`. - Import the backup created in Step 1. 6. **Configure DNS**: - If the source server is also a DNS server, ensure the same DNS settings are configured on the target server. - In the DNS Manager, copy the DNS zones from the source server to the target server. 7. **Promote the target server to a domain controller**: - Promote the target server to an additional domain controller using the `dcpromo` command or through the "Server Manager." - During the process, choose the option to "Restore from a copy of an existing domain" and specify the source server's name. 8. **Verify the migration**: - Afterward, verify that all services are running correctly, user and group permissions are accurate, and DNS resolution is functioning properly. 9. **Transfer roles and features**: - Move any other server roles and services to the target server as needed. - Use `ServerManagerCmd.exe` or the "Server Manager" for the transfer. 10. **Decommission the source server**: - Once everything is working as expected, safely remove the source server from the network and, if necessary, demote or uninstall Active Directory. Please note that this is a basic guide, and the actual process may vary depending on your environment. Always plan thoroughly and make backups before performing any operations.

Step 1: Introduce a new domain controller and seize the FSMO roles to the target server as the new domain.

To move FSMO roles, you can refer to this Microsoft Community post for assistance: Transfer or seize FSMO roles in AD DS.

Step 2: Raise the forest and domain functional levels to Windows Server 2008 R2.

Open PowerShell, and then enter each of the following commands one at a time, pressing Enter after each:

    • Hostname
    • netdom query FSMO

Add a new domain controller to the forest root domain.

Step 3: Log on to the destination server computer as a member of the local Administrators group, and join the server to the existing domain.

Step 4: Restart the Windows Server, and then log on to the server as an Enterprise Administrator.

Then assign the server a static IP address.

Step 5: Right-click the Start button and select Windows PowerShell (Admin).

6. Type Install-WindowsFeature –Name AD-Domain-Services -IncludeManagementTools in PowerShell, and press Enter.

Installing the Active Directory Domain Services role on the given server

This will install the Active Directory Domain Services role on the designated server.

Step 7. Type each of the following syntax commands one line at a time in PowerShell, pressing Enter after each. This will configure the new server as an additional domain controller:

    • Install-ADDSDomainController
    • -CreateDnsDelegation:$false
    • -InstallDns:$true
    • -DomainName "rebeladmin.net"
    • -SiteName "Default-First-Site-Name"
    • -ReplicationSourceDC "DC08.rebeladmin.net"
    • -DatabasePath "C:\Windows\NTDS"
    • -LogPath "C:\Windows\NTDS"
    • -SysvolPath "C:\Windows\SYSVOL"
    • -Force:$true
    This is a PowerShell command to install a new Domain Controller in an existing domain. Here's the English translation:
    • Install-ADDSDomainController
    • -CreateDnsDelegation:$false (Do not create a DNS delegation)
    • -InstallDns:$true (Install DNS Server role)
    • -DomainName "rebeladmin.net" (The name of the domain)
    • -SiteName "Default-First-Site-Name" (The site name, usually the default site)
    • -ReplicationSourceDC "DC08.rebeladmin.net" (The domain controller to replicate from)
    • -DatabasePath "C:\Windows\NTDS" (Path for the Active Directory database)
    • -LogPath "C:\Windows\NTDS" (Path for the Active Directory logs)
    • -SysvolPath "C:\Windows\SYSVOL" (Path for the Sysvol folder)
    • -Force:$true (Override any existing settings or prompts without confirmation)

There are no line breaks in that command. So what does this syntax mean? Let's take a look:

Grammar Content Description
Install-ADDSDomainController This cmdlet installs a domain controller within the Active Directory infrastructure.
-CreateDnsDelegation This parameter defines whether to create a DNS delegation that refers to the AD Integrated DNS.
-InstallDns This parameter specifies whether to install the DNS role along with the Active Directory Domain Controller. For new forests, it is set to $true by default.
-DomainName This parameter defines the fully qualified domain name (FQDN) of the Active Directory domain.
-SiteName This parameter is used to define the name of the Active Directory site. The default value is Default-First-Site-Name.
-ReplicationSourceDC This parameter defines the Active Directory replication source. By default, it uses any available domain controller, but a specific source can be specified if needed.
-DatabasePath This parameter is used to define the folder path where the Active Directory database file (Ntds.dit) will be stored.
-LogPath The log path specifies where the domain log files will be saved.
-SysvolPath This is used to define the path for the SYSVOL folder. The default location is C:\Windows.
-Force This parameter forces the command execution, ignoring warnings. For instance, warnings about best practices and recommendations are usually overridden.

If prompted for a SafeModeAdministrator Password, type a new, complex password.

Then, restart the Server system and log in as an administrator.

Open PowerShell again and type Get-Service adws,kdc,netlogon,dns followed by Enter to verify the status of AD DS.

Check AD DS status

Step 10: Type Get-ADDomainController -Filter * | Format-Table Name, IPv4Address, Site in PowerShell, and then press Enter.

Type Move-ADDirectoryServerOperationMasterRole -Identity REBEL-DC2019 -OperationMasterRole SchemaMaster, DomainNamingMaster, PDCEmulator, RIDMaster, InfrastructureMaster in PowerShell and press Enter to migrate all FSMO roles to the new domain controller.

Note: Replace REBEL_DC2019 with the name of your running new Windows Server.

Migrate all FSMO roles to the new domain controller

Step 12: Type Netdom query fsmo at the PowerShell prompt to verify the new FSMO role holders.

Verify the new FSMO role holder

Step 13: Type Uninstall-ADDSDomainController -DemoteOperationMasterRole -RemoveApplicationPartition to demote the legacy Windows domain controller.

Remove the old Windows domain controller

Step 14. Type Set-ADDomainMode –Identity therebeladmin.com -DomainMode Windows2016Domain in PowerShell, and press Enter to upgrade the domain functional level.

Step 15: Type Set-ADForestMode -Identity rebeladmin.com -ForestMode Windows2016Forest in PowerShell and press Enter to upgrade the forest functional level.

Finish the AD transfer to the new server

Wait for the process to complete. When it's done, the AD server migration is complete. To verify that it worked, type each of the following commands in PowerShell, pressing Enter after each one:

    • Get-ADDomain | fl Name,DomainMode
    • Get-ADForest | fl Name,ForestMode
    These are PowerShell commands used to retrieve information about an Active Directory (AD) domain and forest. The Get-ADDomain command displays the name and domain mode of the AD domain, while the Get-ADForest command shows the name and forest mode of the AD forest. The fl parameter is used to format the output as a list.

Check if the AD transfer is complete

As shown, if you see this result, it means that you have successfully migrated Active Directory to the new server machine.

Method 2: Use the Active Directory Migration Tool

Aside from the manual methods mentioned above, you can also try using Active Directory Migration Tool. For instance, you can accomplish this task with the Todo PCTrans Technician tool, which features "PC to PC file transfer."

PCTrans Technician Tool

Trustpilot
 

Your smart Windows server file transfer software.

Unlimited file transfers between servers.
Transfer programs and apps without reinstalling.
Move accounts and settings to a new server computer.
Data rescue and find product keys for installed programs.

  Download Free

100% Secure

  Buy Now

30-Day Money-Back Guarantee

Here's the complete process for easily moving an Active Directory database from one server to another:

Note that during this process, you will be transferring only the AD database folder between the server computers.

Step 1. Launch Todo PCTrans on both computers. Choose “PC to PC” to proceed.

Transferring files from one server to another - Step 1

Step 2: Choose the direction of the transfer – to the new or old computer.

"New" - Transfer files from the old server to the current new server.

"Old" - Transfer files from the current old server to the new one.

Transfer direction

Step 3: Enter the account password or verification code of the destination computer to connect to it from this computer. You can open Connect Verification from the upper-right corner of the main PC-to-PC screen on the destination computer.

Transfer files from one computer to another – Step 2

Step 4. Click “File” > “Transfer,” and check all the files you want to transfer to another server computer. Then click “Transfer” to migrate your selected data.

Transferring files from one PC to another - Step 3

Step 5: Wait until the transfer process is completed. PCTrans will migrate your files at a fast speed, which won't take too long.

Transfer files from one PC to another - Step 4

Then, you can restart the target Windows Server computer and log on as an administrator.

Additional tips for migrating between servers

In addition to moving Active Directory from one server to another, you may have much else to migrate, such as user data, user accounts, domain accounts and settings, applications, and so on.

How to completely transfer Sever data to another Server? Please refer to the following:

#1. Migrate user data and accounts to the new server

With Todo PCTrans's Account Settings Transfer feature, you can migrate all of your user data and accounts to a new server with just a few clicks.

Please provide the English content you want translated, and I'll translate it into Chinese for you as soon as possible.

  Buy Now

30-day Money-back Guarantee

Step 1: Install and launch Todo PCTrans on both computers. On the source computer, choose “PC to PC” to proceed.

Transfer files from one laptop to another - Step 1

Step 2: Choose whether you're the old or new computer.

Select Transfer Direction choose transfer direction

Please make sure that both computers are on the same local area network. Connect via IP address or manually add the target computer, enter the login account and password of the target computer, and click "Connect" to establish the connection.

Transferring Files from One Laptop to Another - Step 2

Step 3. Under “Accounts,” specify the user accounts and settings you want to transfer.

Transfer files from one laptop to another - Step 3

Step 4: Enter the source computer's user account and password, and then choose which user-account settings, data, and so on, you want to migrate.

Transfer files from one laptop to another - Step 1

Step 5: Select it and click “Transfer” to start transferring your user accounts and settings.

Transfer files from one laptop to another - Step 5

#2. Migrate critical applications to the new server

In addition to server data, files, and accounts, you may also need to migrate some critical applications to the new server, such as Windows Server Manager, SQL setups, Exchange, Quickbooks, Office, Adobe, and so on.

With the help of a reliable Windows Server file transfer software, you can easily manage and accomplish this task. Here's how:

Step 1: Run Todo PCTrans on Both Computers

On the Source computer, continue to the “PC to PC” option on the Todo PCTrans main screen.

Select the "PC to PC Transfer" mode select pc to pc transfer mode

Step 2: Choose the transfer direction – from the old computer or the new one

"New" - transfers all data from an old computer to the current new one, remotely.

"Old" - Transfers all data from your current old device to the new computer.

Select transfer direction

Step 3: Connect the two computers

1. Select the IP address or device name of the target computer, then click "Connect."

2. Type the target computer's login password, then click OK to confirm.

If the target PC is not listed, you can also click Add PC to manually connect to it by entering its IP address or device name.

Connect two computers

Step 4: Select the applications, programs, and software to transfer to the target computer

1. You get to choose and pick what you want to transfer from your current computer to the target one.

2. After selecting the apps and data you want to transfer, click on “Transfer” to start the process.

Transfer apps from one PC to another

Migrating AD from one server to a new one is a complex task that requires care and patience.

This tutorial page explains what Active Directory is and why it's so important for server administrators to migrate AD to a new server.

We also introduced two methods that help successfully migrate Active Directory to new servers with Windows Server 2022/2019/2016/2012/2008/2003, etc.

熊心,this process can be a bit involved, so make sure to be careful and patient when typing out the command lines in PowerShell.