Last post Jul 29, 2020 06:09 AM by Johan1983
Jul 28, 2020 03:29 PM|Johan1983|LINK
I try to migrate a website i didn't create.
It's a C# website. it was on Windows 2008 Server with IIS, i try to put i on Windows 2019.
It seems to work but i have an issue. I'm not a dev :)
i have this code :
if (Thread.CurrentPrincipal.IsInRole(@"SOME_AD_GROUP") || Thread.CurrentPrincipal.IsInRole(@"SOME_OTHER_AD_GROUP"))
it's working on the old server, on the new, it 's not, i have no error, but it think i'm not in the AD group (i am in !) and i have an unauthorized access.
i would like to know how it works ? Maybe it needs me to install something ? i was thinking on AD admin features, but i haven't it on the old server.
Thank you in advance :)
Jul 29, 2020 05:22 AM|yij sun|LINK
Accroding to your description,as far as I think,you could migrate AD roles and features to the new server.
You could do this list:
1.Log in to the Server 2019 as a member of local administrators group.
2. Add server to the existing domain as member.
3.After restart, log in to the server as Enterprise Administrator
4. Assign static IP address to the server
5.Launch the PowerShell Console as an Administrator
6. Before the configuration process, we need to install the AD DS Role in the given server. In order to do that we can use Following command.
Install-WindowsFeature –Name AD-Domain-Services -IncludeManagementTools
7.Configure the new server as additional domain controller.
Once execute the command it will ask for SafeModeAdministrator Password. Please use complex password to proceed. This will be used for DSRM.
8.After configuration completed, restart the system and log back in as administrator to check the AD DS status.
Will confirm the status of the AD DS service.
Get-ADDomainController -Filter * | Format-Table Name, IPv4Address, Site
Will list down the domain controllers along with the IP address and Sites it belongs to.
9.Migrate all five FSMO roles to the New domain controller using following command,
Move-ADDirectoryServerOperationMasterRole -Identity REBEL-DC2019 -OperationMasterRole SchemaMaster, DomainNamingMaster, PDCEmulator, RIDMaster, InfrastructureMaster
In above the REBEL-DC2019 is domain controller running with windows server 2019.
Once its completed, we can verify the new FSMO role holder using
Netdom query fsmo
10.The new step of the process is to decommission the old windows domain controller which running with windows server 2012 R2. To do that execute the following command as enterprise administrator from the relevant DC.
Uninstall-ADDSDomainController -DemoteOperationMasterRole -RemoveApplicationPartition
After execute the command it will ask to define password for the local administrator account.
Once its completed it will be a member server of the therebeladmin.com domain.
11.Next step is to raise the domain and forest functional level to windows server 2019. To do that can use the following commands.
To upgrade domain functional levels
Set-ADDomainMode –identity therebeladmin.com -DomainMode Windows2016Domain
To upgrade forest function levels
Set-ADForestMode -Identity therebeladmin.com -ForestMode Windows2016Forest
[su_note]With windows server 2019, there is no domain or forest functional level called windows2019. It is still 2016. [/su_note]
Now we have completed the migration from AD DS 2012R2 to AD DS 2019. Same steps apply when migrate from windows server 2008, Windows server 2008 R2, Windows server 2012 & Windows server 2016.
12.After the migration completes, we still need to verify if its completes successfully.
Get-ADDomain | fl Name,DomainMode
This command will show the current Domain functional level of the domain after the migration.
Get-ADForest | fl Name,ForestMode
Above command will show the current forest functional level of the domain.
Jul 29, 2020 06:09 AM|Johan1983|LINK
Thank you for your answer, it's really detailled, but it does not fit my needs. my old server didn't have any AD role, so my new one must not have it.
This morning (here, it's morning :) ) i saw that i have windows authentication disabled in IIS, it solved my issue
Maybe it will help someone someday :)