locked
Help migrating website RRS feed

  • Question

  • User35682789 posted

    Hello,

    I try to migrate a website i didn't create.

    It's a C# website. it was on Windows 2008 Server with IIS, i try to put i on Windows 2019.

    It seems to work but i have an issue. I'm not a dev :)

    i have this code : 

    if (Thread.CurrentPrincipal.IsInRole(@"SOME_AD_GROUP") || Thread.CurrentPrincipal.IsInRole(@"SOME_OTHER_AD_GROUP"))
            {
    
                
            }
            else
            {
                Response.Redirect("/NonAutorise.aspx");
    
            }

    it's working on the old server, on the new, it 's not, i have no error, but it think i'm not in the AD group (i am in !) and i have an unauthorized access.

    i would like to know how it works ? Maybe it needs me to install something ? i was thinking on AD admin features, but i haven't it on the old server.

    Thank you in advance :)

    Johan

    Tuesday, July 28, 2020 3:29 PM

Answers

  • User35682789 posted

    Hello,

    Thank you for your answer, it's really detailled, but it does not fit my needs. my old server didn't have any AD role, so my new one must not have it.

    This morning (here, it's morning :) ) i saw that i have windows authentication disabled in IIS, it solved my issue 

    Maybe it will help someone someday :)

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, July 29, 2020 6:09 AM

All replies

  • User1535942433 posted

    Hi Johan1983,

    Accroding to your description,as far as I think,you could migrate AD roles and features to the new server.

    You could do this list:

    1.Log in to the Server 2019 as a member of local administrators group. 

    2. Add server to the existing domain as member.

    3.After restart, log in to the server as Enterprise Administrator

    4. Assign static IP address to the server

    5.Launch the PowerShell Console as an Administrator

    6. Before the configuration process, we need to install the AD DS Role in the given server. In order to do that we can use Following command. 

    Install-WindowsFeature –Name AD-Domain-Services -IncludeManagementTools

    7.Configure the new server as additional domain controller.

    Install-ADDSDomainController
    -CreateDnsDelegation:$false
    -NoGlobalCatalog:$true
    -InstallDns:$true
    -DomainName "therebeladmin.com"
    -SiteName "Default-First-Site-Name"
    -ReplicationSourceDC "REBEL-DC2012.therebeladmin.com"
    -DatabasePath "C:\Windows\NTDS"
    -LogPath "C:\Windows\NTDS"
    -NoRebootOnCompletion:$true
    -SysvolPath "C:\Windows\SYSVOL"
    -Force:$true

    Once execute the command it will ask for SafeModeAdministrator Password. Please use complex password to proceed. This will be used for DSRM.

    8.After configuration completed, restart the system and log back in as administrator to check the AD DS status. 

    Get-Service adws,kdc,netlogon,dns

    Will confirm the status of the AD DS service. 

    Get-ADDomainController -Filter * |  Format-Table Name, IPv4Address, Site

    Will list down the domain controllers along with the IP address and Sites it belongs to.

    9.Migrate all five FSMO roles to the New domain controller using following command,

    Move-ADDirectoryServerOperationMasterRole -Identity REBEL-DC2019 -OperationMasterRole SchemaMaster, DomainNamingMaster, PDCEmulator, RIDMaster, InfrastructureMaster

    In above the REBEL-DC2019 is domain controller running with windows server 2019. 

    Once its completed, we can verify the new FSMO role holder using 

    Netdom query fsmo

    10.The new step of the process is to decommission the old windows domain controller which running with windows server 2012 R2. To do that execute the following command as enterprise administrator from the relevant DC. 

    Uninstall-ADDSDomainController -DemoteOperationMasterRole -RemoveApplicationPartition

    After execute the command it will ask to define password for the local administrator account.

    Once its completed it will be a member server of the therebeladmin.com domain.

    11.Next step is to raise the domain and forest functional level to windows server 2019. To do that can use the following commands.

    To upgrade domain functional levels

    Set-ADDomainMode –identity therebeladmin.com -DomainMode Windows2016Domain

    To upgrade forest function levels

    Set-ADForestMode -Identity therebeladmin.com -ForestMode Windows2016Forest

    [su_note]With windows server 2019, there is no domain or forest functional level called windows2019. It is still 2016. [/su_note]

    Now we have completed the migration from AD DS 2012R2 to AD DS 2019. Same steps apply when migrate from windows server 2008, Windows server 2008 R2, Windows server 2012 & Windows server 2016.

    12.After the migration completes, we still need to verify if its completes successfully. 

    Get-ADDomain | fl Name,DomainMode

    This command will show the current Domain functional level of the domain after the migration. 

    Get-ADForest | fl Name,ForestMode

    Above command will show the current forest functional level of the domain. 

    Best regards,

    Yijing Sun

    Wednesday, July 29, 2020 5:22 AM
  • User35682789 posted

    Hello,

    Thank you for your answer, it's really detailled, but it does not fit my needs. my old server didn't have any AD role, so my new one must not have it.

    This morning (here, it's morning :) ) i saw that i have windows authentication disabled in IIS, it solved my issue 

    Maybe it will help someone someday :)

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, July 29, 2020 6:09 AM