How-To Migrate Active Directory from 2008 (FRS) to 2019 (DFRS)

Reading Time: 3 minutes

When you have to migrate an Active Directory domain that use FRS for NETLOGON and SYSVOL replication you have to follow the following steps:

  1. Install the Active Directory Domain Services Role on the new DC
    Add Role and Feature

    Add Role and Features 2

    Add Role and Features 3
    Go on till the end of the wizard
  2. Be sure that the domain functional level is setted to at least Windows Server 2008.
    Get-ADDomain | fl Name,DomainModeor open Domain.msc
  3. You must ensure that the built-in Administrator group has the “Manage Auditing and Security Log” user right on all your domain controller.
    Open a cmd and run
    GPRESULT.EXE /H secpol.htm then open the file secpol.htm with your preferred browser
    correct security policy
  4. Esure AD replication is working correctly
    repadmin /showrepland
    repadmin /syncall
  5. Ensure SYSVOL is shared
    Dcdiag /e /test:sysvolcheck /test:advertising All the Domain Controllers must pass all the sysvolchecks and advertising. Don’t do ahead if you have failed results.
  6. Migrate from FRS to DFRS
  7. Promote the Server to Domain Controller
    Promote to Domain Controller
    Follow the wizard and remember to note down the DSRM (Directory Services Restore Mode password).

    At the end of this task your DC is added to the existing domain.

Migrate from FRS to DFRS

Follow the following 3 steps for a correct migration
  • Migrate to Prepared State (In this step both FRS and DFRS will replicate their own SYSVOL, but the FRS is the one that mount both SYSVOL and NETLOGON.
    As an elevated domain admin, on an existing DC run the:
    Dfsrmig /setglobalstate 1
    Migrate to Prepared State
    To monitor use:
    Dfsrmig /getmigrationstate
    getmigrationstate
    When everything is ready you shoul see something as follow
    Prepared State Succeeded
  • Migrate to Redirected State (In this step both FRS and DFSR are replicating their own individual copies of SYSVOL, but the DFSR copy mounts the SYSVOL and Netlogon shares)
    Dfsrmig /setglobalstate 2
    Migrate to Redirected State
    Monitor the state using
    Dfsrmig /getmigrationstate
    Migrate to Redirected Stat Succeeded
  • Migrate to Eliminated State (In this state DFSR is replicating SYSVOL and FRS is removed. Unlike the Prepared and Redirected states, there is no way to go backwards from this step – once executed, FRS is permanently stopped and cannot be configured again)
    Dfsrmig /setglobalstate 3
    Migrate to Eliminated State
    Monitor the state using
    Dfsrmig /getmigrationstate
    Migrate to Eliminated State Succeeded
    This complete your FRS to DFRS migration.

Check Out koodzo.com!