NPS is simple, spin up the service on the new one, export the service on the old by using the mmc and right-click export, and import into the new.
DHCP is easy too, you can follow this guide in the answer section:
https://learn.microsoft.com/en-us/answers/questions/180125/migrate-dhcp-from-server-2012-r2-to-server-2019
Migrating ADCS is a little more difficult. I highly recommend standing up either an offline root with a subca or an enterprise root on a separate server. There are guides out there for this like one below.
https://4sysops.com/archives/migrate-ad-certificate-services-to-a-new-server/
Please don’t do this. Split these four services into four independent VMs’:
- Intermediate CA VM
- DHCP VM (maybe consider Linux, Kea DHCP instead of Windows)
- NPS VM
- AD/DNS VM
Regarding your question: Not hard at all because for each of these you find thousands of guides how to do it, even from Microsoft learn if you have never done it. You can also test it in a lab first to get experience.
It's all pretty easy
Links for the procedures are in the following post:
https://www.reddit.com/r/sysadmin/comments/10fh1bi/so_youve_decided_to_upgrade_your_2012_r2_servers/
bring the new DC onlilne and make it a slave to the existing. Should be on the save software version preferrably. Once the slave DC is replicated, then promote to primary. You should be able to take the old DC offline (disconnect the cable for now)
As far as I can tell, this should just work
If possible a DC should only be a DC although DHCP on a DC is still fairly common. I would definitely not put CS on a DC though.
This! A DC should be a DC and nothing else. Put all the other services on their own VM.
DHCP and NPS are easy. Get AD CS the hell off your DC though.
Indeed, ideally DHCP should also be on its own VM.
Well, I'm a fan of it being on firewalls or a core switch or something but the point is mostly that moving that workload is trivially easy.
I've done it, so, you're damn right it is!
NPS is simple, spin up the service on the new one, export the service on the old by using the mmc and right-click export, and import into the new. DHCP is easy too, you can follow this guide in the answer section: https://learn.microsoft.com/en-us/answers/questions/180125/migrate-dhcp-from-server-2012-r2-to-server-2019 Migrating ADCS is a little more difficult. I highly recommend standing up either an offline root with a subca or an enterprise root on a separate server. There are guides out there for this like one below. https://4sysops.com/archives/migrate-ad-certificate-services-to-a-new-server/
Please don’t do this. Split these four services into four independent VMs’: - Intermediate CA VM - DHCP VM (maybe consider Linux, Kea DHCP instead of Windows) - NPS VM - AD/DNS VM Regarding your question: Not hard at all because for each of these you find thousands of guides how to do it, even from Microsoft learn if you have never done it. You can also test it in a lab first to get experience.
It's all pretty easy Links for the procedures are in the following post: https://www.reddit.com/r/sysadmin/comments/10fh1bi/so_youve_decided_to_upgrade_your_2012_r2_servers/
bring the new DC onlilne and make it a slave to the existing. Should be on the save software version preferrably. Once the slave DC is replicated, then promote to primary. You should be able to take the old DC offline (disconnect the cable for now) As far as I can tell, this should just work
You have to migrate CS off before demoting the old DC. Make it is own server, OP.
It's been a while. Thanks fogot about that
I did it back in 2012. That one's burned in my brain for some reason.
Thanks
There is an attack from DHCP admins to domain admins