Hello,
I just stood up a replacement Domain Controller (Windows Server 2019) to replace the last 2008 R2 we still have live.This will leave us with 1 Server 2019 DC and two Server 2012R2 DC's.
I have a couple questions:
1) Since the 2008R2 is still live and is currently the "Default" domain controller in AD, is there any issue with designating one of the 2012R2's as the new default, while an older OS is still live (I'm not talking about the Functional level. I'll do that after we demote)?
2) We have a well protected infrastructure with respect to firewalls, and in the past, DC's did not have their internal firewalls up. The 2019 is the first one I've stood with the firewall up. I want to transfer the three FSMO roles to the new DC 2019. Do I need to open ports not already open for a fully functional DC/DNS Server ?
Thanks