Tag Archives: controller

Install certificate for Unifi Controller

1. Request certificate. I saved my certificate as unifi2020.crt and unifi2020.key
2. Replace certificate on unifi controller

openssl pkcs12 -export -inkey unifi2020.key -in unifi2020.crt -out unifi.p12 -name unifi  -password pass:temppass
keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /var/lib/unifi/keystore -srckeystore unifi.p12 -srcstoretype PKCS12 -srcstorepass temppass -alias unifi -noprompt

3. Restart unifi

/etc/init.d/unifi restart

Update Domain Controller to Windows Server 2016/2019 and move FSMO roles to new domain controller

I’m still using Windows 2012R2 as my home lab’s domain controller. Since MS released Windows Server 2019, so I think it’s the time to upgrade my test lab to Windows Server 2019.
The first server I want to upgrade is my domain controller.

Even though you can mount the ISO and click setup.exe to upgrade Domain Controller to Windows 2016/2019, but after a test, I found that this kind of “upgrade” is a fresh installation…If you upgrade your DC in this way, you will find after reboot, your DC is gone…You will only have a standalone server running windows 2016/2019 which is in a workgroup… I don’t know why MS permit people doing “upgrade” in this way and don’t show any warning message at all…

So how to upgrade DC to Windows 2016/2019 in the right way?

The right way is to build a new server, and prompt it to domain controller, and then move all FSMO roles to it.

1. Install a new Windows 2016/2019 Server.
2. Install “Active Directory Domain Services” on the server
3. Promote the server to a domain controller. Make sure you also installed DNS services on it.
4. Reboot the server.
5. Once the serer is up and running. Open Server Manager, then open “Active Directory Module for Windows PowerShell”
6. Run below command:

Move-ADDirectoryServerOperationMasterRole -Identity "DC2019" -OperationMasterRole 0,1,2,3,4

Press Y to move all FSMO roles to this server.
7. Run below command to make sure all FSMO roles are migrated to the new domain controller

Get-ADDomain
Get-ADForest

8. demote the old domain controller and then remove the old DC from domain. And then shut down the old DC
9. Change the new DC IP address to the Old one. Then run below command to make sure all DNS records are updated and also no error.

ipconfig/registerdns
dcdiag /fix

Do not rename the only domain controller… And how to fix it if you have already done so..

Even though MS provide the document about how to rename domain controller, the thing is, if you only have one domain controller, the “rename” will break the AD service and you are not able to roll back.

The issue you will get is that after you rename domain controller, the AD DS services are still using the old hostname because you didn’t transfer the FSMO roles from the old name to the new name. And if you want to start any domain management tools you’ll get error said that domain is unavailable. And if you want to change domain controller name back you will get the same error because dc is not available and your renaming will failed too. And this issue won’t happen if your domain get two or more domain controllers.

Ok, how to fix this issue if you have already done so? What we can do now is to update registry and change the computer name back to the old one. Below are the four registry keys you need to update:

HKLM\System\CCS\Control\Computername "Computername"
HKLM\System\CCS\Control\Computername "ActiveComputername"
HKLM\System\CCS\Services\Tcpip\Parameters "Hostname"
HKLM\System\CCS\Services\Tcpip\Parameters "NVHostname"