DC Upgrade Suggestions

Hi, i was looking for some suggestions for my organization? We currently have a dc thats running server 2012 r2 and we only use it for vpn and domain joining new desktops and laptops. We dont use any GPIO as of now but we might in the future as our entire staff is remote everywhere. whatbwould be a good upgrade path? i was thinking of server 2019 or newer? Also if there is a better alternative since we dont use GPIO for now?


Windows Server 2022 is available, so why not skip right over the 2019.

We’re already using Win server 2022 on production-level VMs without any issue.

If your entire staff is remote and you’re not using any GPO one might think there is something wrong. Have you a MDM solution in place for your endpoints?

Why don’t use Intune with AAD to Join and safely enforce compliance policies on your workstations while avoiding having to join the endpoints to your on-prem DC?

Of course it always depends on your environment and your case should be evaluated. This is where a company like us (MSP) comes into place and does consulting. I’d suggest you to talk to an expert who can help you find the best solution for your use case.

If you are not using GPO, and not going to use it (or willing to handle it through a client), simple domain controller like Zentyal would work.

As far as upgrading, I don’t think you can go directly from 2012R2 to 2022, I think you will need to upgrade through 2016 or 2019 first. This would be for an in place upgrade. When I went from 2008r2 I had to stop at 2012r2 and then to 2016. This is something I need to solve this summer for my computers, I’m hoping to get money for a virtualization system, but may not get anything. I’ll inplace up to 2022 if I get nothing. If you do inplace, make certian to install the Server Backup tool and do a “full metal” backup. I’ve had to restore one of my servers from a drive failure, and it works perfectly.

Also I don’t think your key will work for an upgraded version. It’s been so long using KMS to authentic that I don’t remember what happens with “normal” product keys. You should check on this before proceeding. If you need to buy a new key, I’d go straight to a fresh 2022 install on a new computer and use the migration tools to migrate the domain over to the new computer.

cool, thanks! Ill look that up

I forgot to mention that there is a free community version and a paid version. I’ve done a little work with the community version as a standalone DC server in my home lab rack, just DHCP and DNS really, never have joined a computer to it and not joined it to an existing AD. Seems to be reasonable well thought out. Only thing that took me a bunch of time was finding where I made IP reservations (Windows term). This is under network → objects then you make a group and add the MAC and IP for each member. But there is also an area in DHCP where it appears you can add these members, it doesn’t work from there.

If you go this way, they have online web page user guide, or you can buy the PDF or printed version of the certification book. I have the printed book, I’m hoping that a little of the money goes back to the project (since I’m using the community version).

I’ll just anecdotally add that I’ve had reasonable results in using GPOs within a single-DC Zentyal Community AD environment, administered using MS’s Remote Server Administration Tools from another Windows box joined to the Domain. (RSAT)

Multi-DC GPO syncing can also be achieved with some rsync intervention, although I haven’t tried that myself.

Thanks, I haven’t messed with GPO yet, but I’ll have to load up a VM at some point and play around. Especially the way Microsoft is pushing everything to Azure which doesn’t work for me.

Great thanks! This will help for sure, since we are not a Microsoft shop except for our super old server 2012 R2…lol this would make things way easier for me and my team cause our work force is scattered over the globe. Many thanks!!

Yeah that sounds cool, cause I dont think our work environment really needs GPIO cause of the geographic location of everyone. We have endpoint security that’s locked down so users dont mess with it and we have a patching system in play as well. We just need a form of a DC to connect to the file share back at our head office and then the devs need to remote into the dev thread ripper to conduct coding, and this looks way easier and less of a headache then getting a windows server sitting there barley being used even if we do a brand new 2019 or 2022 fresh install we would still be barley be using it. But i like the fact that we can add GPO after that fact if our ceo decides that he wants to have GPO in place.

yeah for sure, we are already in talks with someone with regards to our setup that im meeting with soon.

Yeah, im gong to mention that to the IT Ops team which im a part of. We are going through lots of discussion with options. But im really looking closely at Zentyal ! That looks like a really sweet product !