Moving your Primary Domain Controller (PDC) to a new server requires careful planning to avoid service disruptions. The process involves more than just installing the Active Directory (AD) role and restoring a backup. Key considerations include FSMO roles, DNS configuration, and replication health.

• Verify AD health with dcdiag /v and repadmin /replsummary
• Document current FSMO role holders using netdom query fsmo
• Ensure the new server meets system requirements for Windows Server
• Create a full system backup of the existing DC

First, install Windows Server on the new hardware and configure basic networking:

# PowerShell: Install AD DS role
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools

# Promote to domain controller
Import-Module ADDSDeployment
Install-ADDSDomainController 
    -DomainName "yourdomain.local" 
    -InstallDns:$true 
    -NoGlobalCatalog:$false 
    -SiteName "Default-First-Site-Name" 
    -DatabasePath "C:\Windows\NTDS" 
    -LogPath "C:\Windows\NTDS" 
    -SysvolPath "C:\Windows\SYSVOL" 
    -Force:$true

After the new DC is operational, transfer all FSMO roles:

# Transfer Schema Master
Move-ADDirectoryServerOperationMasterRole 
    -Identity "NEW-DC" 
    -OperationMasterRole SchemaMaster

# Transfer remaining roles
$roles = @("RIDMaster","PDCEmulator","InfrastructureMaster","DomainNamingMaster")
Move-ADDirectoryServerOperationMasterRole 
    -Identity "NEW-DC" 
    -OperationMasterRole $roles

• Update DNS records to point to the new DC
• Verify replication with repadmin /showrepl
• Demote the old DC using Uninstall-ADDSDomainController
• Update DHCP options if applicable

Issue: DNS resolution failures after migration
Fix: Ensure all clients update their DNS settings and flush DNS cache with ipconfig /flushdns

Issue: Replication errors
Fix: Check firewall rules and run repadmin /syncall /AdeP to force replication

When moving your Primary Domain Controller (PDC) to new hardware, it's not just about restoring an AD backup. The process requires careful planning to maintain domain functionality and prevent authentication issues. The key steps include:

# Basic migration workflow:
1. Prepare new server (Windows Server 2019/2022 recommended)
2. Install AD DS role
3. Transfer FSMO roles
4. Demote old DC
5. Update DNS and DHCP settings

Before beginning the migration, verify these critical items:

• Current AD health status (run 'dcdiag /v')
• FSMO role holders (use 'netdom query fsmo')
• System state backup of existing DC
• IP configuration and DNS settings

On the new server, install Active Directory Domain Services:

# PowerShell AD DS installation:
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
Import-Module ADDSDeployment
Install-ADDSDomainController 
    -DomainName "yourdomain.local" 
    -InstallDns:$true 
    -Credential (Get-Credential) 
    -Force:$true

After the new DC is operational, transfer all five FSMO roles:

# Transfer Schema Master (run in AD PowerShell):
Move-ADDirectoryServerOperationMasterRole 
    -Identity "NEW-DC" 
    -OperationMasterRole SchemaMaster

# For all roles at once:
Move-ADDirectoryServerOperationMasterRole 
    -Identity "NEW-DC" 
    -OperationMasterRole 0,1,2,3,4

Complete these essential configuration updates:

1. Update DHCP scope options with new DC IP
2. Reconfigure any applications using LDAP binds
3. Verify DNS replication and SRV records
4. Run 'repadmin /replsummary' to check replication health

For large environments, consider this partial automation script:

# DC Migration Helper Script
$newDC = "DC02"
$oldDC = "DC01"

# Verify connectivity
Test-NetConnection -ComputerName $oldDC -Port 389

# Capture current roles
$roles = Get-ADDomainController -Identity $oldDC | 
    Select-Object -ExpandProperty OperationMasterRoles

# Transfer roles
foreach ($role in $roles) {
    Move-ADDirectoryServerOperationMasterRole 
        -Identity $newDC 
        -OperationMasterRole $role 
        -Force
}

# Verify transfer
Get-ADDomainController -Identity $newDC | 
    Select-Object Name, OperationMasterRoles