Collections
Deploying Active Directory
Administration
DC Upgrade Methods

DC Upgrade Methods

There are a few preferred methods to upgrading/replacing an organizations domain controller(s):

Build and Migrate

  1. Build and add the new DC(s) to the existing domain.
  2. Update all infrastructure to use the new DC(s) as their primary DNS server(s).
  3. Update all LDAP-enabled services to use the new DC(s).
  4. Migrate all FSMO roles to the new DC(s).
  5. Demote and remove the old DC(s).

Build and Swap Out

  1. Build and add the new DC(s) to the existing domain.
  2. Systematically shuffle the DC(s) IP addresses around so the new DC(s) end up inheriting the old DC(s) IP addresses.
  3. Update any remaining equipment that is LDAP-tied to the FQDN of the old DCs (rather than the IP address or the root FQDN (ex. ad.example.com).
  4. Migrate all FSMO roles to the new DC(s).
  5. Demote and remove the old DC(s).

Decommission and Replace

  1. Migrate FSMO roles, demote and decommission one DC.
  2. Build and add the new DC using the same IP address and possibly same hostname (if preferred).
  3. Migrate FSMO roles, demote and decommission the next DC.
  4. Build and add the new DC using the same IP address and possibly same hostname (if preferred).
  5. Rinse and repeat the above process.
DC DecommissioningMigrate Azure AD Connect