Migrate to Server 2025 Domain Controller

Server 2025 Domain Controller KB ID 0001884

Problem

If you would like to add a new Windows Server 2025 domain controller to an existing domain here is the procedure.

Solution: Server 2025 Domain Controller

Server 2025 Pre Requisites

2025 Hardware Requirements

  • Processor: 1.4 GHz 64-bit processor (or faster) with support for security features.
  • RAM: Minimum of 512 MB (2 GB for Server with Desktop Experience installation).
  • Disk Space: Minimum of 32 GB or more, depending on the server installation options.
  • Network Adapter: Ethernet adapter capable of at least gigabit throughput.

Software Requirements

  • Operating System: Windows Server 2025 (evaluation version or full licensed version).
  • Static IP Address: Assign a static IP address to the server before promoting it to a domain controller.
  • DNS: The server should point to itself for DNS or to another DNS server that is already part of the Active Directory.

User Permissions

  • You must be a member of the Administrators group on the server where you are installing the AD DS role.

Minimum Required Functional Levels for Windows Server 2025

Note: These are estimated based on the previous versions of Window Server.

Forest Functional Level:

  • The minimum forest functional level required for Windows Server 2025 is expected to be Windows Server 2016.
  • This means all domain controllers within the forest must be running at least Windows Server 2016.

Domain Functional Level:

  • The minimum domain functional level required for Windows Server 2025 is expected to be Windows Server 2016.
  • This ensures that all domain controllers within the domain are running at least Windows Server 2016.

Additionally: Ensure your third party applications also support Windows Server 2025, e.g. AV, MDR, Endpoint protection, and backup solutions.

Server 2025 Domain Controller AD Services Role Installation

At this point I’m assuming your 2025 server is fully updated and added to the domain as a member server. Server Manager > Manage > Add Roles and Features.

You can tick ‘Skip by default’ if you wish > Next >  Next > Next > Tick ‘Active Directory Domain Services’ > Add Features (as shown) > Next.

Next >  Next > Next > Install > When complete click ‘Close’.

Server 2025 Domain Controller: Promote to DC

Once the role is installed, you need to actually promote the server so that it is a domain controller > From within Server Manager you will see you now have a waring triangle at the top of the screen, click it and you will get the option to ‘promote this server to a domain controller‘.

It will automatically assume that you want to promote it to be a Dc in the domain that you are in, ensure that the credentials used have the appropriate rights > Next > Check the Site is correct And enter a new DSRM password > Next > At the warning about ‘A delegation for this DNS server cannot be created…“*

Note: In case you are worried about this error, see the following article for peace of mind.
Windows – A Delegation For This DNS Server Cannot Be Created

Next > Next > Next,

Next > Next > Once the pre-requisite checks have passed > Install.

If you look in Active Directory Users and Computers > In the Domain Controller OU there, will be your new Domain Controller.

That’s the new Server 2025 Domain Controller successfully added as a new domain controller. Rember at this point if you are retiring any old Domain Controllers take a look at the following list of things to thing about.

Retiring a Domain Controller Checklist

  • DNS: Is the retiring domain controller specified in one of your DHCP scopes or been manually specified on servers/endpoints. Offenders are network printers, VMware ESX servers (or vCenters), Non Windows devices, Hardware appliances.
  • DHCP: Is the retiring domain controller Hosing a DHCP scope? Or involved in a HA DHCP scope, If so this will need migrating.
  • LDAP/Kerberos/AAA: Are there any devices that look to the IP/Name of the retiring domain controller that are providing authentication services e.g. RSA Appliances, Firewalls authenticating remote access, Door entry or security systems that lookup AD users. Note This includes IAS/NPS
  • MFA: Do you have an MFA system that required Active Directory? If so does that need migrating.
  • Email: Modens Microsoft Exchange does not care (as long as DNS works.) But older versions needed to look at a specific domain controller, and any third part email applications may need to do the same.
  • Third Party Applications: This is a bit of a catch all but in most cases, (especially in SMB environments) Other programs/applications/services sometimes get installed on domain controllers make sure you know what apps are on the old DC before retiring e.g. Printer auditing software, third party password and AD Management tools, Management consoles for other solutions, Agent software for monitoring AD users.
  • Backups: These days less of an issue, but if you backup solution had an Active Directory element, ensure that post migration id continues to function normally.

For the demotion and role removal procedure, please see the video (above).

Related Articles, References, Credits, or External Links

Migrate DHCP Scope

Windows: Migrate DHCP HA

Migrate NPS Server

3 thoughts on “Migrate to Server 2025 Domain Controller

  1. How you can rename the “Server Name” back to the old one afer migration ?
    Eg from “Lan-2025” to “Lan-2016”

    Thank you

Leave a Reply

Your email address will not be published. Required fields are marked *