343+ step easy to follow Step-by-Step Server migration checklist

The ICT Guy
server migration checklist
Contents show

This article is always in progress, please check back for more content regularly

This Server migration checklist is for you if –

  • This guide assumes you aren’t attempting a P2V or V2V using Disk2VHD and that you are moving either Physical to Physical or Virtual to Virtual. For a P2V using Disk2VHD guide click here.
  • You are wanting to migrate your existing server but aren’t sure exactly how to do this
  • You are part way through a migration and need help with a particular step
  • You want to learn how to migrate a server before you attempt one
  • Your manager has asked you to perform a server migration but you don’t want to look incompetent and say you don’t know how

Physical Build

  • Server serial number and details put on Servers record
  • Warranty activated
  • Backdoor Admin account created with secure password and notes in documentation
  • Powered by UPS not direct to Mains and UPS Battery confirmed OK
  • Power Chute installed from here and configured for shutdown when 25% remaining

Firmware / BIOS

  • ILO IP Address set and Documented
  • ILO Administrator password set to a secure password and documented
  • System BIOS updated to latest available
  • System BIOS Password set
  • System Drivers/firmware updated to latest available

RAID Setup System

  • RAID 1 Group configured
  • RAID 1 Group named system
  • Disk cache enabled
  • Battery backup confirmed working if present

RAID Setup Data

  • RAID 1 Group configured
  • RAID 1 Group named system
  • Disk cache enabled
  • Battery backup confirmed working if present

OS Install and Settings

  • Windows Server 2019 Installed using guide here
  • Hostname set accordingly
  • IP Address set
  • Firewall enabled and required ports opened and recorded
  • Remote Desktop Enabled
  • NIC Teaming Configured for Dynamic
  • IE Enhanced Security Configuration set to off for Administrators
  • Time zone set correctly
  • Power policy set to High Performance
  • APC Software Installed and Configured
  • IP Address set
  • Teamviewer installed and added to account using standard password

Roles and Features Installed

Backup

  • Veeam installed and fully updated
  • USB Repository Setup and set to use rotated disks
  • NAS Repository Setup
  • USB Backup job created to include all servers and scheduled for 6PM Daily. Weekly Active Full on Saturdays
  • Secure password encryption enabled for USB job
  • NAS Backup job created to include all servers and scheduled for 6PM Daily, Weekly Active Full on Saturdays with secure password encryption
  • Secure password encryption enabled for NAS job
  • Daily Configuration backups to NAS
  • Secure password encryption enabled for Configuration backups
  • Email alerts configured to Backup Register per job for successful backups and all alerts to main site contact including warning and fails.

Windows Updates

  • Windows Updates set to receive updates for other Microsoft Products
  • Windows Updates ran and fully up to date

Activation

  • Windows Activated using MAK Key

Hyper-V Configuration

Virtual Switch

  • New virtual switch created using Teamed NIC Multiplexor Driver and named LAN and Management OS allowed access
  • Virtual Hard Disk Location set to D:\Hyper-V
  • Virtual Machines Location set to D:\Hyper-V
  • Storage Migrations set to max 2
  • Enhanced Session Mode Policy set to allow sessions mode

Virtuals Build – Main DC (Server1)

Hyper-V Settings

  • New Virtual Machine created and named Server1
  • Generation set to Generation 2
  • Memory set to 8192MB
  • Processor set to 4 cores
  • iSCIS 0 with 127Gb System Dynamically Expanding VHDX attached
  • iSCIS 1 with 1024Gb Data Dynamically Expanding VHDX attached
  • iSCIS 2 with DVD Drive attached and Latest Server 2019 ISO
  • Network Adaptor set to LAN
  • Time Synchronization turned off on Integration Services
  • Checkpoints set to Standard
  • Power on settings set to Auto Power on after 120 Seconds
  • Power off settings set to Shutdown

OS Settings

  • Windows Server 2019 Installed using guide here
  • Hostname set to accordingly dependant on if this is a migration or fresh install
  • Firewall enabled and required ports opened and recorded
  • Remote Desktop Enabled
  • IE Enhanced Security Configuration set to off for Administrators
  • Time zone set correctly
  • Power policy set to High Performance
  • Shadow copies enabled for all Hard Disks
  • Data disk set to online
  • Data disk Initialized with MBR and set to Drive Letter D
  • Standard Data disk permissions amended to remove “Users:Full Control
  • IP Address set
  • TeamViewer installed and added to account using standard password
  • New server joined to existing domain

Roles and Features Installed

  • Active Directory Domain Services
  • DNS
  • DHCP
  • Print Services
  • Data Deduplication
  • File Server
  • DFS Namespaces
  • Storage Services
  • .Net 3.5
  • BitLocker Drive Encryption
  • BitLocker Network Unlock

Windows Updates

  • Windows Updates set to receive updates for other Microsoft Products
  • Windows Updates ran and fully up to date

Activation

  • Windows Activated using KMS key via AD Volume Activation Management
  • Office 2016/19 KMS keys installed using Office Host Activation pack
  • Key Management Service In Firewall rule enabled

Migration Scenario

Data

  • Data moved from old server using robocopy to preserve permissions and folder structure

File Shares

  • Files shared backed up from old server using regedit to export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares
  • Exported reg file examined in text editor to remove Printers, NETLOGON, SYSVOL and any other shares not required. This must be done in two locations for the share and the security
  • Files shared restored onto new server from old server by merging the exported reg file from the old server
  • Server rebooted and files shares compared old to new
  • File shares removed from old server using Computer Management / Shared

DFS Shares

  • Note down DFS Shares and included folders/shared
  • Re-Create DFS Shares using DFS Management
  • Adjust shared to include new Intake years for students if required

File Replication Service

  • Migrate FRS to DFS using guide here

DHCP

  • DHCP backed up on old server and service stopped and disabled
  • DHCP Service on new server stopped
  • C:\Windows\System32\dchp\backup folder moved to new server in same location
  • DHCP Service on new server started
  • DHCP backup restored
  • Scope activated and Server Authorized in AD
  • ipconfig /release && ipconfig /renew ran on two machines and confirmed IP Address allocated
  • DNS Address records updated (if IP of DC is to change)
  • Domain suffix records updated (if domain name is changing)
  • DHCP / DNS Dynamic Updates enabled with a standard user account (dnsupdates and a complex password only needs to be a member of Domain Users)

Printers

  • Unused Drivers removed from the old server
  • Unused Ports removed from the old server
  • Printer settings exported from old server and transferred to new server
  • Printer settings file imported to the new server
  • Event Viewer checked for import errors and any missing printers manually installed
  • Test Page printed to each printer
  • Staff security group added to root of Print server security to be able to manage documents
  • Photocopier scans directories updated and new location shortcut pushed out to users

Active Directory

  • New server promoted to domain controller
  • DCDiag ran and results examined for any errors
  • All FSMO Roles transferred to new Server using guide here
  • DCDiag ran and results examined for any errors
  • Old server demoted to Domain Member using guide here
  • DCDiag ran and results examined for any errors
  • Old server hostname appended with -OLD and moved to be a member of a Workgroup only
  • IP Address settings removed from old server
  • IP Settings of old server applied to new server
  • Active Directory Account for old Server Deleted (Including any subtree objects)
  • Old Server removed from Active Directory Sites and Services, Default First Site Name
  • Any traces of the old server name removed from DHCP
  • Any traces of the old server name removed from DNS
  • A pre rename standard checkpoint taken on the new server for if the next step does not work
  • New server renamed using the guide here
  • Revert back to Checkpoint if this doesn’t work
  • DCDiag ran and results examined for any errors

Group Policy

  • Latest Windows and Chrome ADMX and ADML files imported
  • Group Policy Management opened and GPO’s readable and editable
  • Server names update in all GPO’s if using a different hostname
  • GDPR GPOs imported
  • BitLocker GPOs imported
  • Office 2019 GPOs imported
  • WSUS Server Policies configured to point to new server2 and set to check in and install daily
dns server migration checklist

DNS

  • Reverse Lookup Zones setup for all the IP Scope
  • Forwards confirmed correct
  • Nameserver records on each Forward and Reverse Lookup Zones checked that they point to the current DC
  • DNS Scavening setup on all Forward and Reverse Lookup Zones set to one day less than DHCP Lease Time

New Install Scenario

Active Directory

  • New server promoted to domain controller
  • DCDiag ran and results examined for any errors
  • Standard OU Setup created using New Server Setup Script (Contact me for a copy)
  • New users created and moved to correct OU’s
  • Home directories with My Documents method created for all users and permission checked

Group Policy

  • Latest ADMX and ADML files imported
  • Standard GPO Setup created using New Server Setup Script (Contact me for a copy)
  • Hostnames updates in all GPOs if not using Server1 as the hostname
  • GDPR GPOs imported
  • BitLocker GPOs imported
  • Office 2019 GPOs imported
  • WSUS Server Policies configured to point to new server2 and set to check in and install daily

DNS

  • Reverse Lookup Zones setup for all the IP Scopes
  • Forwards confirmed correct
  • Nameserver records on each Forward and Reverse Lookup Zones checked that they point to the current DC
  • DNS Scavenging setup on all Forward and Reverse Lookup Zones set to one day less than DHCP Lease Time

DHCP

  • New Scope created and named accordingly
  • Start IP address and End ip address set
  • No exclusion or days set unless required
  • Lease time set to 8 days
  • Router and Domain names set correctly
  • Scope activated and Server Authorized in AD
  • DHCP / DNS Dynamic Updates enabled with a standard user account (dnsupdates and complex password only needs to be a member of Domain Users)
  • ipconfig /release && ipconfig /renew ran on one wired machines and one wireless machine and confirmed IP Address allocated

Printers

  • Latest drives for all site printers installed onto Print Management
  • IP Ports setup for each printer on site created on Print Management
  • Printer objects created, shared out and listed in the directory
  • Test Page printed to each printer
  • Staff security group added to root of Print server security to be able to manage documents

Virtuals Build – Services (Server2)

Hyper-V Settings

  • New Virtual Machine created and named Server2
  • Generation set to Generation 2
  • Memory set to 8192MB
  • Processor set to 4 cores
  • iSCIS 0 with 127Gb System Dynamically Expanding VHDX attached
  • iSCIS 1 with 500Gb WSUS Dynamically Expanding VHDX attached
  • iSCIS 2 with 250Gb MDT Dynamically Expanding VHDX attached
  • iSCIS 3 with DVD Drive attached and Latest Server 2019 ISO
  • Network Adaptor set to LAN
  • Time Synchronization turned off on Integration Services
  • Checkpoints set to Standard
  • Power on settings set to Auto Power on after 300 Seconds
  • Power off settings set to Shutdown

OS Settings

  • Hostname set to server2
  • Firewall enabled and required ports opended and recorded
  • Remote Desktop Enabled
  • IE Enhanced Security Configuration set to off for Administrators
  • Timezone set correctly
  • Power policy set to High Performance
  • Shadown copies enabled for all Hard Disks
  • WSUS disk set to online
  • WSUS disk Initialized with MBR and set to Drive Letter D
  • MDT disk set to online
  • MDT disk Initialized with MBR and set to Drive Letter E
  • IP Address set
  • Teamviewer installed and added to account using standard password
  • New server joined to existing domain

Roles and Features Installed

Windows Updates

  • Windows Updates set to receive updates for other Microsoft Products
  • Windows Updates ran and fully up to date

Activation

  • Windows Activated using MAK Key

Microsoft Deployment Toolkit, ADK and ADKWinPEAddons

NOTE: For a full MDT Minimal touch setup see the guide here

  • MicrosoftDeploymentToolkit_x64.msi, adksetup.exe and adkwinpesetup.exe installed with standard settings
  • MDT Admin user created in AD for use for imaging
  • New MDT Deployment share created on MDT Disk
  • MDT Platforms Supported x86 unticked
  • Standard Rule set imported from here and updated to reflect site
  • Bootstrap rules imported from here and updated to reflect site
  • Windows PE – Untick Create a lite touch ISO image to save creation time
  • Latest OS ISO from VLSC Imported and all but Edu WIM removed
  • All site applications imported
  • New Task Sequence 0001 created and Applications added in
  • New Task Sequence 0002 created for In Place Upgrades created
  • Dot Net 3.5 and IE Packages imported from SXS of Win10 ISO
  • Right clicked and Updated Deployment Share to generate Boot WIM

Windows Deployment Services

  • DHCP Updated to include option 66 to point to server2
  • Server Activated
  • MDT LiteTouch WIM imported into Boot Images

Windows Server Update Services

  • WSUS Prerequisites installed from here
  • Initial Synchronization ran
  • Auto Synchronization rules to to sync over night
  • All products that are installed on site ticked in Products and Classifications, no drivers or server OS’s selected
  • All classifications except Drivers and Drive Sets selected
  • Automatic Approvals set to auto approve all except Upgrades
  • Email notifications setup for Backup Register to send reports at 10AM daily

Virtuals Build – Filtering (If using USSGateway)

Hyper-V Settings

  • New Virtual Machine created and named USSGateway
  • Admin account created with secure password
  • Web GUI password set to a secure password
  • Generation set to Generation 2
  • Memory set to 8192MB
  • Processor set to 4 cores
  • iSCIS 0 with 127Gb System Dynamically Expanding VHDX attached
  • iSCIS 2 with DVD Drive attached and USSGateway ISO download from here and mounted
  • Network Adaptor set to LAN
  • Time Synchronization turned off on Integration Services
  • Checkpoints set to Standard
  • Power on settings set to Auto Power on after 180 Seconds
  • Power off settings set to Shutdown
  • Joined to the domain and keys generated
  • AD connector tool installed and configured
  • Student user filtering tested pc and mobile device
  • Staff user filtering tested pc and mobile device
  • Admin Staff user filtering tested pc and mobile device

Final steps

  • Site contact informed job is complete
  • Site contact informed of any new password or changed passwords
  • Site tidied of any rubbish / cups etc
  • Keys / fobs etc handed back to site
  • Old equipment stored for disposal

Found priceless insights in this blog? Support the author’s creativity – buy them a coffee!

Tags:

More

Clear Print Queues

Efficient Printer Management with PowerShell: An Efficient Solution to Clear Print Queues

The ICT Guy 0
Enhancing Data Security with BitLocker Automation

Effortlessly Enhancing Data Security with BitLocker Automation

The ICT Guy 0
Copying Active Directory Group membership with PowerShell

Copying Active Directory Group membership with PowerShell

The ICT Guy 0

You may have missed

2024 02 21 11 00 43 voice vlan and 1 more page Personal Microsoft​ Edge

Ruckus auto voice VLAN config

The ICT Guy 0
Identifying MFA-Enabled Domains

Email Security Analysis: A PowerShell Approach to Identifying MFA-Enabled Domains

The ICT Guy 0
convert unleashed to cloud

Convert ruckus unleashed to cloud in simple easy to follow steps

The ICT Guy 0
Sophos System Protection Service

FIXED: Sophos System Protection Service (SSPService.exe) has high RAM Usage when using Splashtop

The ICT Guy 0
Office 365 Distribution Group Management

Automating Office 365 Distribution Group Management with PowerShell

The ICT Guy 0