Hi folks,  this is a very quick post where I will explain the steps to upgrade Active Directory from 2012 R2 to 2019. 

If you are still running 2012 R2 you will be missing out on some of the features to integrate your on-prem AD into Azure Active Directory so its definitely a requirement to take advantage of Azure AD.

The biggest things which upgrading to 2019 will bring to the table are:

• Privileged Access Management
• Enables Azure Active Directory join for Windows 10 devices
• Connecting domain-joined devices to Azure AD for Windows 10 devices
• Enables Microsoft Passport for Work
• Deprecation of FRS and 2003 Functional levels

To view more information on this then you can find more information here – https://docs.microsoft.com/en-us/windows-server/identity/whats-new-active-directory-domain-services

Upgrade the Schema

OK so lets begin the process. The first step in upgrading Active Directory is to upgrade the schema in preparation for the upgrade.  You need to upgrade the schema on the forest and the domain which you are upgrading.

The first one that needs to be done is the Forest.  So you need to log onto a Domain Controller that is a member of the Forest and run the following command:

adprep /forestprep

You need to confirm by typing C and then the process will begin

What is happening here is that .ldf files are being imported into the Active Directory database.  These are basically changes to the database which support the new features. If you are interested you can open up these files and see what they contain.

Next we need to run the domain prep which is pretty much the same thing, but just applies to the domain specific domain controllers.

The command to run is:

adprep /domainprep

Upgrade the Operating System

Now that we have done the prep work we can begin the upgrade process.  For this post I will be performing an in place upgrade since its just one domain controller on my lab.

However, in a production environment I would highly recommend building new Active Directory Controllers and then decommissioning your legacy domain controllers.

I won’t bore you with the whole upgrade bit its pretty much a next next next job

After the install has completed then log onto one of the upgrade domain controllers and run dcdiag.  DCDiag is a tool used to check Active Directory and make sure that everything is working OK. If there are any problems then they need to be looked at and investigated before proceeding any further.

Upgrade Forest Functional Level

Now that we have upgraded our Domain Controllers to Server 2019 we need to upgrade the Active Directory level to 2016 to fully take advantage of the new features.

Note that EVERY domain controller in your Forest has to be upgraded to 2016 before this can be done.

Open up Active Directory Domains and Trusts, and select “Raise Forest Functional Level”

Select “Windows Server 2016” from the drop down box. Note there isn’t one for 2019 as there are no new major features for AD in 2019.  Press OK to continue.

You should receive this message saying that the functional level was raised successfully.

Upgrade Domain Functional Level

To upgrade the domain functional level open up Active Directory Users and Computers (dsa.msc) and select “Raise domain functional level”

Select “Windows Server 2016” from the drop down box. Note there isn’t one for 2019 as there are no new major features for AD in 2019.

You will receive a message saying that it is not reversible, which is kind of true. I presume you have backed up your AD before doing so? If not go do it now before pressing that OK button  

If everything has gone to plan you should see this message saying the that the domain functional level was upgraded successfully.

Congrats you are now ready to do some Azure AD Integration and Azure domain joining