Libre-Data

Give your system the freedom it deserves

Windows

Migrate Domain Controller – 2016 to 2025

Introduction

Migrate domain controller is a crucial task in maintaining a secure, stable, and modern IT infrastructure. Whether you’re upgrading hardware, moving to a newer OS, or aligning with best practices, transitioning from Windows Server 2016 to Windows Server 2025 ensures access to the latest features and long-term support.

In this guide, we’ll walk through the process of migrating Active Directory Domain Services and DHCP from an existing domain controller to a new one — with zero downtime and full data integrity.

Environment Setup

HostnameOS VersionIP Address
Old Serverlbdc1Windows Server 201610.0.0.1
New Serverlbdc2Windows Server 202510.0.0.2
  • Root Domain Name: libre-bytes.local
  • NET Bios Domain Name: libre-bytes

Step 1: Install Active Directory Role on New Server

On the Windows Server 2025, open Server Manager.

Go to Manage > Add Roles and Features.

Select Active Directory Domain Services and proceed through the wizard.

After installation, click “Promote this server to a domain controller.”

Choose “Add a domain controller to an existing domain.”

Now set a DSRM password.

Complete the wizard. The server will restart and join the domain as a secondary domain controller.

Step 2: Confirm Replication Between Domain Controllers

Once the new domain controller restarts, wait for about 5 minutes then do the following:

Open Command Prompt and run:

repadmin /syncall
repadmin /replsum

Ensure all replication tests pass (no errors or failures).

At this point, both servers are functioning in a redundant failover configuration.

Step 3: Transfer FSMO Roles to the New Server

To make the new server (lbdc2) the primary domain controller:

Check current FSMO role ownership:

netdom query fsmo

Transfer all FSMO roles:

Move-ADDirectoryServerOperationMasterRole -Identity "new-server" -OperationMasterRole 0,1,2,3,4

Now check again to see if the new server is the master:

netdom query fsmo

Step 4: Transfer DNS and DHCP Roles (if applicable)

Before demoting the old domain controller:

  • Migrate the DHCP server if it’s running on lbdc1.
  • Update DNS settings:
    • Point DHCP-supplied DNS to the new server (10.0.0.2).
    • Manually update devices with static IPs such as:
      • Printers
      • Wi-Fi controllers
      • Other Ssrvers
      • NAS devices

Step 5: Demote Old Domain Controller

Before demotion:

  • Shut down the old DC temporarily and observe the environment.
  • Ensure all services and authentication continue to function normally.

To demote:

Log in to the old server

Click “Demote this domain controller.”

Leave “Force the removal of this domain controller” unchecked.

Set a local administrator password when prompted.

Complete the wizard. The server will restart as a standard domain-joined machine.

After demotion, run the following command on new DC:

Get-ADDomainController -Filter *

Ensure the old DC no longer appears.

Open Active Directory Sites and Services.

Navigate to Default-First-Site-Name and remove the old domain controller object (lbdc1).

More Useful commands

If the servers aren’t Syncing, run a force Sync on both servers:

repadmin /syncall /AdeP

Conclusion

You’ve successfully migrated your domain controller from Windows Server 2016 to 2025, ensuring minimal disruption and full continuity of services.

If this guide helped you or you have questions, feel free to leave a comment!

Need help with Microsoft Exchange Server? Check this.

Leave a Reply

Your email address will not be published. Required fields are marked *

You Missed

Docker

How to Install Portainer on Debian Server

Proxmox

How to Shrink a Proxmox LVM Disk Safely

Docker Linux

Why Poste.io is the right choice

Docker Linux

The Easiest Way to Install Nextcloud on Portainer