In this post we are are going to upgrade Domain Controller from “Server 2016” to “Server 2019”, this is also known as in-place Upgrade. There are few Pre-requisites. You will need to run adprep /forestprep and adprep /domainprep manually. Adprep /forestprep needs to be run only once in the forest. Adprep /domainprep needs to be run once in each domain in which you have domain controllers that you are upgrading to Windows Server 2016.
As Windows Server 2022 is also out now, in-place upgrade from server 2016 to Server 2022 is also possible if you are interested doing that.
If you try to run in-place upgrade process without running adprep tool you will get following error as shown in the image:
Active Directory on this domain controller does not contain Windows Server 2019 ADPREP /FORESTPREP updates.
Before starting upgrade, lets verify current OS Version, open Windows + run and type “Winver”, this will show current OS version and build:
Verify Current AD Schema
Verify current AD schema by running Powershell (in elevated mode) and run following command:
Get-ADObject (Get-ADRootDSE).schemaNamingContext -Property objectVersion
You can see objectversion is showing as 87, which means we have “Windows Server 2016” schema, here is more information on various schema numbers:
AD version | objectVersion |
Windows Server 2000 | 13 |
Windows Server 2003 | 30 |
Windows Server 2003 R2 | 31 |
Windows Server 2008 | 44 |
Windows Server 2008 R2 | 47 |
Windows Server 2012 | 56 |
Windows Server 2012 R2 | 69 |
Windows Server 2016 | 87 |
Windows Server 2019 | 88 |
Copy the Windows Server 2019 source to “c:\Server 2019”, this source contains the adprep utility under support\adprep folder:
Open command prompt (in elevated mode) and navigate to location c:\Server 2019\support\adprep. Run Command “adprep.exe /forestprep“
Type C and press Enter to continue with upgrade of Schema. This will upgrade current schema version from 87 to 88.
This process creates 2 log files under c:\windows\debug\adprep\logs\yyyymmddhhmmss with name ADPrep.log & ldif.log.
ADPrep.log will show you successful upgrade of Schema.
ldif.log will show you attributes which has been extended to schema such as ms-PKI-DPAPIMasterKeys, ms-PKI-RoamingTimeStamp and others.
Run “Adprep.exe /domainprep” to update the domain-wide information
Lets begin with Windows Server 2019 in-place Upgrade process by navigating to c:\Server 2019. Right click setup.exe and select “Run as Administrator“.
Next page will show the information whether to update , lets select “Not right now” and click on Next.
Select Image “Windows Server 2019 Datacenter (Desktop Experience)” as our current Operating System is Server 2016 Datacenter (Desktop Experience).
Under “Applicable notices and license terms”, click “Accept” to continue
Under “Choose what to keep” page, select “keep personal files and apps” to retain all files and applications and click “Next”
Under “Ready to Install” page, click on “Install” to begin the in-place upgrade process.
This process will first extract binaries under hidden folder “c:\$WINDOWS.~BT“.
Once extracted, system will reboot and server upgrade process will initiate.
Once upgrade process is completed, you can login to Domain Controller. Open Windows + R and run “Winver” to show OS version. This will show OS version as 1809 (ie Server 2019) and build version as 17763.xx
The only other thing I’ve stumbled across on in-place upgrade of a DC from 2016 to 2019 is ensuring FRS was migrated to DFSR prior to upgrade.
Great step by step but it still wont update my server.
Great step-by-step guide. Try this at home or on a test DC before deploying to the production enterprise servers. You also may want to take a Full Backup of the DC just incase something goes wrong you can restore from backup.
Anyone tried doing this on Azure? I have a DC running Win2016 its my last DC and doing the suggested new build method seems like a pain.
Anyone tried doing this on Azure? I have a DC running Win2016 its my last DC and doing the suggested new build method seems like a pain.
Thank you so much for this mate!
Nice and good elaborated explaination. I Followed this for upgrading 2012R2 DC to 2019 DC. It worked, but I got one problem: the DNS MMC would not load with this error: “mmc could not create the snap-in: DNS {xxxxxxxxxxxx}”
Trying to solve this error following several web-page advices did not succeed. SFC /scannow did report several errors it could not solve. SFC /scannow before the upgrade didn’t give any errors. I reverted the DC back to before the upgrade. I have two DC’s, I was trying to upgrade DC2 while DC1 was active. Now I stopped the first one and retried to upgrade the second one. It gave exactly the same result.
I have abandoned to try to upgrade but have created a new 2019 DC and added to the domain. No problem.
It helped me, concise and crisp. Thank you!!
Fantastic step by step quide to the update! Thank you!
Thanks David
Adprep.exe /forestprep
Adprep.exe /domainprep
was key command. Fantastic explanation just migrated winserv2012r2 to winserv2016. Thanks.