In this tutorial I 'll show to you how to migrate Windows Server 2003 Active Directory to Windows Server 2016 AD. As you may know Windows Server 2003 support and updates ended back in July 2015 and many companies have already migrated, or they are planning to upgrade their Windows Servers 2003 Server(s) to Windows Server 2012R2 or to Windows Server 2016.
The Active Directory migration is an important and serious procedure, because as you may know an AD Server provides all the required Authentication services and security policies that affect all the users and computers on the network.
How to Migrate Active Directory Server 2003 to Active Directory Server 2016
Step 1. Install Windows Server 2016.
Step 2. Configure the IP Address in Server 2016.
Step 3. Join Windows Server 2016 to AD 2003 Domain.
Step 4. Login to Server 2016 with the Domain Administrator account.
Step 5. Raise the Domain & Forest Functional Levels on AD Server 2003.
Step 6. Add Active Directory Domain Services to Server 2016.
Step 7. Promote Server 2016 to Domain Controller.
Step 8. Transfer the Operation Masters Role to Server 2016.
Step 9. Change the Active Directory Domain Controller to Server 2016.
Step 10. Change the Domain Naming Master to Server 2016.
Step 11. Change the Schema Master to Server 2016.
Step 12. Verify that all FSMO Roles have transferred to Server 2016.
Step 13. Remove Server 2003 from Global Catalog.
Step 14. Change the Preferred DNS Address on Server 2003 to match Server's 2016 IP.
Step 15. Demote Server 2003 from Domain Controller.
Step 16. Change the Static IP Addresses on Server 2003 & Server 2016.
Step 17. Login to Active Directory 2016 from the Workstations.
Step 18. (Optional) Remove Server 2003 from the Domain & Network.
Step 1. Install Windows Server 2016.
Before proceeding to migrate an Active to Directory from Windows Server 2003 to Server 2016, you must first install Windows Server 2016 on a new machine which will then be promoted to Active Directory Server 2016. To perform that task, read the instructions in the following guide:
- How to install Windows Server 2016 (Step by Step).
Step 2. Configure the IP Addresses in Server 2016.
The next step is to configure the IP and the DNS Addresses on the new server, as follows:
1. The IP Address must belong to the same subnet as the existing domain.
2. The DNS address must be the same, as in the existing Domain.
Let's suppose for this example (guide), that:
a. The existing AD Server 2003 (which is also a DNS Server) for the domain "wintips.local", is named "Server2K3" and has the IP Address "192.168.1.10".
b. The new Server 2016 is named "Server2k16".
According to the above information, you can see at the table below, the current IP settings of Server 2003 and the IP settings that I have applied on the new Server 2016, before proceeding to the Active Directory Migration process.
| Windows Server 2003 OS | Windows Server 2016 OS | |
| Computer Name: | Server2K3 | Server2k16 |
| Domain Name: | WINTIPS.LOCAL | |
| Domains' NetBIOS Name: | WINTIPS | |
| IP Address (Static): | 192.168.1.10 | 192.168.1.20 |
| Subnet Mask: | 255.255.255.0 | 255.255.255.0 |
| Default Gateway: | 192.168.1.1 | 192.168.1.1 |
| Preferred DNS Server: | 192.168.1.10 | 192.168.1.10 |
Step 3. Join Windows Server 2016 to AD 2003 Domain.
After applying the necessary IP Settings, proceed to join the new Server 2016 on the existing 2003 domain.
1. Open the Server Manager (on Server 2016) and click Local Computer on the left pane.
2. Click on WORKGROUP
3. Click Change.
4. At 'Member of' section, choose Domain. Then type the domain name of the existing Domain (e.g. "WINTIPS.LOCAL" at this example), or the Domain's NETBIOS name (e.g. "WINTIPS" at this example) and click OK.
5. Type "Administrator" at the user name field and then type the password for the domain Administrator account. When done, click OK.
6. Click OK at the "Welcome to Domain" message, close all open windows and restart the computer.
Step 4. Login to Server 2016 with the Domain Administrator account.
After restarting your new Server 2016, press Ctrl+Alt+Del and login using the domain administrator account and password. To do that:
1. At login screen, click Other User
2. At user name, type: "DomainName\Administrator" (e.g. "wintips\Administrator").
3. Type the password for the domain administrator.
4. Press Enter to login.
5. Leave Windows to create a new user profile for the new account and proceed to the next step.
Step 5. Raise the Domain & Forest Functional Levels on AD Server 2003.
1. On Windows Server 2003, open Active Directory Users and Computers.
2. Right click on the Domain Name (e.g. "wintips.local") and choose Raise Domain Functional Level.
3. Using the drop down arrow, set the functional level to Windows Server 2003 and click Raise.
4. Hit OK at Raise Functional Level warning message.
5. When the 'Raise' is completed, click OK again at the information message.
6. Then, open Active Directory Domain and Trusts.
7. Right click at Active Directory Domain and Trusts and choose Raise Forest Functional Level.
8. Make sure that the Windows Server 2003 is selected and click Raise.
9. Click OK twice and proceed to the next step.
Step 6. Add Active Directory Domain Services to Server 2016 & Promote Server 2016 to Domain Controller
The next step is to add "Active Directory Services" to Server 2016 and to promote it as a Domain Controller.
1. Open the Server Manager on the new server 2016.
2. Click Add roles and features.
3. Click Next at the "Before you begin" information window.
4. Make sure that the Role-based or feature-based installation is selected and click Next.
5. At destination server, click Next again (the default selection here is the new server 2016 machine).
6. Click Active Directory Domain Services and then click Add Features.
7. When done, click Next again to proceed.
8. Click Next at the Features and at AD DS (Active Directory Domain Services) screen.
9. Check to Restart the destination server automatically if required and then click Yes at the pop up message.
10. Finally click Install to add the selected roles and features to your new server.
11. Once the feature installation is completed, don't close this window and continue to the next step.
Step 7. Promote Server 2016 to Domain Controller.
After installing the AD services on Server 2016:
1. Click Promote this server to a domain controller.
2. At the Deployment Configuration screen, apply the following settings and then click Next:
1. Select Add a domain controller to an existing domain.
2. Make sure that the existing domain name is already selected. (If not, press the Select button and choose the proper domain.)
3. At Domain Controller Options:
1. Leave the default settings as is (with the DNS server and the Global Catalog selected).
2. Type the Domain Administrator password for the 'Directory Services Restore Mode'.
3. Click Next.
4. At DNS Options, click Next .
5. At Additional Options screen, select to replicate from the old active directory server 2003 (e.g. "server2k3.wintips.local") and click Next.
6. Leave the default paths for the Database, Log Files and SYSVOL folders and click Next.
7. Click Next again at Preparation Options and at Review Options screens.
8. When the 'Prerequisites Check' is completed successfully, click the Install button.
9. The installation process, should take some time to complete. So be patient until the server restarts* and then proceed to the next step.
* Note: After Server 2016 restarts, if you go to your old server 2003 at Active Directory Users and Computers -> Domain Controllers, you should see that the new server 2016 is already listed as a domain controller.
Step 8. Transfer the Operation Masters Role to Server 2016.
1. On Server 2016: open Server Manager.
2. From Tools menu, select Active Directory Users and Computers.
3. Right click on the domain name and choose Operations Masters.
4. At RID tab, click Change.
5. Click Yes to transfer the operations master role.
6. Click OK to the message that informs you that the operations masters' role was successfully transferred.
7. Then select the PDC tab and click Change.
8. Click Yes again to transfer the role and then click OK.
9. Then select the Infrastructure tab and click Change.
10. Click Yes again to transfer the role and then click OK.
11. Make sure that the operations masters' role is transferred to the new server in all tabs (RID & PDC & Infrastructure) and then click Close.
Step 9. Change the Active Directory Domain Controller to Server 2016.
1. From Tools menu in 'Server Manager' select Active Directory Domains and Trusts.
2. Right click on 'Active Directory Domains and Trusts' and select Change Active Directory Domain Controller.
3. Make sure that the Current Directory Server is the new Server 2016 (e.g. the "server2k16.wintips.local") and click OK. *
* Notice. If the current directory server is the old server 2003 (e.g. the "server2k3.wintips.local"), then:
1. Select (Change to:) This Domain Controller or AD LDS instance.
2. Choose the new server 2016 from the list and click OK.
3. Click Yes to apply changes and then click OK.
Step 10. Change the Domain Naming Master to Server 2016.
1. Open Active Directory Domains and Trusts.
2. Right click on 'Active Directory Domains and Trusts' and select Operations Master.
3. Click Change and to transfer the domain naming master role to the new Server 2016.
4. Click Yes to transfer the role, then click OK and then Close the window.
Step 11. Change the Schema Master to Server 2016.
1. On the new Server 2016: open Command Prompt as Administrator.
2. Type the following command the click Enter:
- regsvr32 schmmgmt.dll
3. Click OK at "DllRegisterServer in schmmgmt.dll succeeded" message.
4. Then type mmc and press Enter.
5. At MMC console click File and select Add/Remove Snap in…
6. Select Active Directory Schema on the left, click Add and then click OK.
7. Now in MMC console, right click on 'Active Directory Schema' and choose Change Active Directory Domain Controller.
8. At 'Change Directory Server' window:
1. Select (Change to:) This Domain Controller or AD LDS instance.
2. Choose the new server 2016 from the list (e.g. the "server2k16.wintips.local") and click OK.
3. Click Yes to apply changes and then click OK
9. Click OK at the warning message: "Active Directory Schema snap-in is not connected to the schema operations master…".
10. Right click again at 'Active Directory Schema' and choose Operations Master.
11. Click Change to transfer the Schema Master role to the new server 2016,
12. Click Yes, then click OK and then Close the window.
13. Finally, close the MMC console (without saving any changes) and continue to the next step.
Step 12. Verify that all FSMO Roles have transferred to Server 2016.
1. On the new Server 2016: open Command Prompt as Administrator.
2. Type the following command and press Enter:
- netdom query fsmo
3. Verify that all the FSMO roles have transferred to your new Server 2016 (e.g. to "Server2k16.wintips.local")
4. If all the FSMO (Flexible Single Master Operation) roles have been transferred to Server 2016, then you have successfully upgraded your Server 2003 Active Directory to Server 2016 Active Directory. A few more steps and are you ready to go…
Step 13. Remove the Server 2003 from Global Catalog.
1. On Server 2016: open Active Directory Users and Computers.
2. Double click at your domain (e.g. "wintips.local") and click Domain Controllers.
3. Right click at your old server (e.g. "Server2k3") and choose Properties.
4. Click NTDS Settings.
5. Uncheck the Global Catalog checkbox and click OK twice to close all windows.
6. Wait a few minutes to replicate the new configuration to the old server 2003 and proceed to the next step.
Step 14. Change the Preferred DNS Address on Server 2003 to match Server's 2016 IP.
1. On Server 2003: Open Network and Sharing Center.
2. Right click on Local Area Connection and click Properties.
3. Double click on Internet Protocol TCP/IP.
4. Change the Preferred DNS server address to match the Server's 2016 IP Address.
5. Change the Alternate DNS server address to Server's 2003 IP Address.
6. Click OK and close all windows.
Step 15. Demote Server 2003 from Domain Controller.
Now let's remove the Active Directory services from Server 2003.
1. On your old Server 2003 open Command Prompt.
2. Type the following command and press Enter.
- dcpromo
3. Press Next at Welcome to Active Directory Installation Wizard.
4. Click Next to remove the Active Directory from the old server.
5. Type a new password for the local administrator account and click Next.
6. Click Next again to remove the Active directory from the old server 2003.
7. Be patient until Active Directory transfers the remain data to the new server 2016.
8. When the operation is completed click Finish.
9. Restart the computer.
10. After the restart, login to server 2003 using the local Administrator account.
Step 16. Change the Static IP Address on Server 2003 & Server 2016.
Until now, you have successfully upgraded your Active Directory Server 2003 to Server 2016 and you have removed the AD services from your old Server 2003.
But, before trying to login from the network workstations to the new Active Directory Domain 2016, you must change the IP Addresses to both servers, in order to match the already configured DNS settings on your network.
In fact, you have to assign the IP address of Server 2003 in Server 2016 and vice versa (or to assign a new IP address in Server2003). To do that:
1. Temporarily, disconnect the Server 2003 from the network (remove the LAN cable)
2. Apply the following IP Address changes to both Servers:
- At Server 2003 side:
- a. Change the current IP address (e.g. "192.168.1.10") to match the Server's 2016 IP address (e.g. "192.168.1.20") or assign a new (available) IP Address.
- At Server 2016 side:
- a. Change the current IP address (e.g. "192.168.1.20") to old Server's 2003 IP Address (e.g. "192.168.1.10")
- b. Set as Preferred DNS Server the same IP address (e.g. "192.168.1.10")
- c. (Optional): If your old domain controller (server 2003) acting also as a WINS server, then click the Advanced button and at WINS tab type the same IP Address (e.g. 192.168.1.10)
* For your help, in the table below you can see the IP configuration that I have applied for this example.
| Windows Server 2003 AD | Windows Server 2016 (New) | |
| Computer Name | Server2K3 | Server2k16 |
| Domain Name | WINTIPS.LOCAL | |
| Domains' NetBIOS Name | WINTIPS | |
| IP Address | 192.168.1.20 | 192.168.1.10 |
| Subnet | 255.255.255.0 | 255.255.255.0 |
| Gateway | 192.168.1.1 | 192.168.1.1 |
| Preferred DNS Server | 192.168.1.10 | 192.168.1.10 |
| 192.168.1.20 |
3. Finally to apply changes, from Server 2016 machine, open Command Prompt As Administrator and run the following commands in order:
- ipconfig /flushdns
- ipconfig /registerdns
- dcdiag /fix
4. Reconnect the Server 2003 on the network (re-attach the LAN cable).
5. Reboot both Servers.
Step 17. Login to Active Directory 2016 from the Workstations.
1. Power-on (or reboot) the network workstations and see if you can login to the new Active Directory Server 2016.
2. If you can login and all looks good, then you have finished with the Active Directory upgrade/migration.
Step 18. (Optional) Remove Server 2003 from Domain & Network.
The last step, is to remove the old Server 2003 from the Network (if you want). But, before doing that, make sure that you have transferred any other data that you may need (e.g. files, databases, etc.) to another computer (or to the new server). *
* Suggestion before removing the Server 2003 from network: Shut down the old server 2003 and leave it powered off for as long as it takes to ensure that all its information has transferred to the new server.
To remove Server 2003 from the Domain & the Network:
1. Right click on My Computer and select Properties.
2. At Computer Name tab, click Change.
3. Select Workgroup, type the workgroup name and click OK.
4. Close all open windows and restart the computer.
5. Disconnect Server 2003 from network.
That’s it! Let me know if this guide has helped you by leaving your comment about your experience. Please like and share this guide to help others.