How to Transfer Active Directory (AD) to Another Server

It is of utmost importance to transfer Active Directory to another server without any hiccups. After all, it guarantees the smooth functioning of your network infrastructure. It doesn’t matter if you are upgrading your hardware, improving the performance, or increasing the security, migrating AD to a new server requires careful planning and execution.

Two Methods:

1. Using Powershell
2. Using a Professional Software

In this step-by-step guide, we will provide you with instructions to move Active Directory to another server.

How to Transfer Active Directory to Another Server with Powershell

• Pre-migration Steps
• Step 1: Prepare the New Server
• Step 2: Promote the New Server to Domain Controller
• Step 3: Transfer FSMO Roles
• Step 4: Update DNS Settings
• Step 5: Update DHCP Settings (if applicable)
• Step 6: Validate and Test
• Step 7: Decommission the Old Server

Pre-migration Steps

Before you begin to transfer active directory to another server, it’s essential to prepare for any concerns and issues that may arise afterward.

1. Perform a comprehensive inventory of your existing Active Directory environment. Check domain controllers, user accounts, groups, policies, and DNS settings.
2. Check the Active Directory version you are moving to. Then, ensure that the source and target servers must meet the necessary hardware and software requirements for that particular version.
3. Take backups of your existing Active Directory database, system state, and critical configuration settings.

I. Preparing the New Server

Install the Active Directory Domain Services (AD DS) role on the new server:
Install-WindowsFeature AD-Domain-Services -IncludeManagementTools

II. Promote the New Server to Domain Controller

Once your preparation is complete, you can start setting up the new server. The first step is to promote the new server to a domain controller:
Install-ADDSDomainController `
-NoGlobalCatalog:$false `
-CreateDnsDelegation:$false `
-CriticalReplicationOnly:$false `
-DatabasePath “C:\Windows\NTDS” `
-DomainName “yourdomain.com” `
-InstallDns:$true `
-LogPath “C:\Windows\NTDS” `
-NoRebootOnCompletion:$false `
-SiteName “Default-First-Site-Name” `
-SysvolPath “C:\Windows\SYSVOL” `
-Force:$true

III. Transfer FSMO Roles

Here, we will transfer the FSMO roles to the new domain controller.

1. Firstly, verify the current status of the FSMO roles.

Get-ADDomain | Select-Object InfrastructureMaster, RIDMaster, PDCEmulator
Get-ADForest | Select-Object DomainNamingMaster, SchemaMaster

2. Now, we will transfer the FSMO roles from the old domain controller to the new one.

Move-ADDirectoryServerOperationMasterRole `
-Identity “NewServer” `
-OperationMasterRole SchemaMaster, DomainNamingMaster, PDCEmulator, RIDMaster, InfrastructureMaster

3. You can verify the role transfer by using the following command.

Get-ADDomain | Select-Object InfrastructureMaster, RIDMaster, PDCEmulator
Get-ADForest | Select-Object DomainNamingMaster, SchemaMaster

IV. Update DNS Settings

Now, we will update the DNS settings for the new server and clients:
Set-DnsClientServerAddress `
-InterfaceAlias “Ethernet” `
-ServerAddresses (“NewServerIP”, “OldServerIP”, “AlternateDNS”)

V. Update DHCP Settings (if applicable)

If it is applicable in your case, do not forget to migrate DHCP settings to the new server:
Import-DhcpServer -File “C:\dhcpconfig.xml” -BackupPath “C:\dhcpbackup”

VI. Validate and Test

Test the new domain controller to ensure proper functionality:
Test-ComputerSecureChannel -Repair
Test-ADServiceAccount “ServiceAccountName”
Test-ADDSDomainController -DomainController “NewServer” -Scope Forest

VII. Decommission the Old Server

Once everything is done, demote the old domain controller with the following command:
Uninstall-ADDSDomainController -LocalAdministratorPassword (ConvertTo-SecureString -AsPlainText “Password” -Force) -ForceRemoval -DemoteOperationMasterRole
Do note that you should verify each step before executing them in Powershell. Only if you understand what you are doing will the process to transfer active directory to another server be successful.

You may also be interested in: How to Move Computers from One Domain to Another

How to Migrate Active Directory to Another Server using ADM

Active Directory Migrator offers a GUI to transfer AD to new server in a reliable manner. It can move AD users, printers, computers, groups, and contacts. In fact, you can migrate one or more Active Directory domains and forests at one time. Another advantage of ADM is that it offers migration of various objects and properties between servers even if the servers are disconnected or isolated.

Pre-Migration Checks:

The image below shows the pre-migration checks:

Step-by-Step Process to Transfer Active Directory from One Server to Another

I. Download, install, run, and activate the AD migrator tool on your Windows system.

Download for Windows Purchase Now

II. Enter administrator in both User ID and Password on the login screen to continue. After login, you can change them for future attempts.

III. After logging in, click on the Register Domain Controller button to register the domains.

IV. Provide the Domain Name and IP Address of the source domain. Then, click on Save & Continue button.

V. In the next window, add another domain name and IP address of the destination domain. Then, click on Save & Continue button.

VI. Click on Source Domain and provide credentials for the domain. Click on Save & Validate to validate the credentials and permissions.

VII. After that, hit the Active Directory tab and click on Fetch Active Directory Objects to fetch the AD objects of the Source domain.

VIII. Now, click on the destination domain and enter the credentials. Click on Save & Continue to validate the credentials and permissions.

IX. Then, go to the Active Directory tab and click on the Fetch Active Directory Objects button to fetch the AD objects of the destination domain.

X. Next step is to open the Migration section and click on the Create Migration Scenario.
XI. Here, provide a name and select source and destination domains from the list of all added Active Directory domains.

XII. Now, click on Create Task to select the objects you want to migrate from one Active Directory to another.

XIII. It is time to map the objects from Source to Destination by clicking on the three dots (…) icons on the right side of the screen.

XIV. In this step, you can choose whether you want to Merge or Create (replicate) the Active Directory data. Then, click on the Select button.

XV. Finally, click Start to transfer Active Directory to another server successfully.

Active Directory & the Need to Migrate it to New Server?

Active Directory (AD) is a network resource management and organization directory service created by Microsoft. It stores information about objects such as users, computers, groups, and network resources. It plays a vital role in ensuring network security, performing access management, and streamlining administrative tasks in a Windows-based environment.
Reasons to Move Active Directory to a New Server:

• A growing network often demands a better software infrastructure. After all, you need to handle the growing capacity and performance of the network.
• If the existing server is experiencing performance issues, it is better to move Active Directory to a new server.
• If the existing server is outdated and vulnerable to security issues, then it is best to move it to a new server with up-to-date security features.
• When an organization expands from the early stages, more users, resources, and locations need to be accommodated.
• Other reasons include a disaster recovery plan, restructuring network architecture, and upgrading to a new version of the Windows server.

Conclusion

In order to transfer Active Directory to another server, you not only need careful planning but also require meticulous execution. It is especially the case if you are using Powershell or other manual techniques. By following the step-by-step guide outlined above, you can ensure a smooth migration with minimal downtime. You can either use Powershell commands to migrate Active Directory or use a professional tool to move the AD objects. The choice is yours.