Migrating from Windows Server 2019 to 2022 brings significant improvements in security (secured-core), performance (SMB compression), and container support. This guide covers the migration process including in-place upgrade and clean migration approaches for various server roles.
Pre-Migration Planning
What's New in Windows Server 2022
- Secured-core server: Hardware-based security with TPM 2.0, Virtualization-based Security
- TLS 1.3 by default: Improved security and performance
- SMB compression: Network file transfer optimization
- Azure hybrid: Better Azure Arc and Azure Automanage integration
- Container improvements: Smaller images, faster startup, gMSA enhancements
- Storage: SMB over QUIC, adjustable storage repair speed
Compatibility Check
# Check current OS version
Get-ComputerInfo | Select-Object OsName, OsVersion, OsBuildNumber
# Check installed roles and features
Get-WindowsFeature | Where-Object Installed | Format-Table Name, InstallState
# Check hardware compatibility
systeminfo | Select-String "System Type", "Total Physical Memory", "Processor"
# Check disk space (need ~32GB free for upgrade)
Get-Volume | Where-Object DriveLetter -eq "C" | Select-Object SizeRemaining
# Check for incompatible applications
Get-WmiObject Win32_Product | Select-Object Name, Version | Sort-Object Name | Format-Table
# Export current configuration for documentation
Get-WindowsFeature | Where-Object Installed | Export-Csv "C:\Migration\installed-roles.csv"
Get-Service | Export-Csv "C:\Migration\services.csv"
Get-NetIPConfiguration | Export-Csv "C:\Migration\network-config.csv"Option 1: In-Place Upgrade
# Preparation
# 1. Full backup of the server (system state + data)
wbadmin start backup -backupTarget:D: -include:C: -systemState -quiet
# 2. Document current configuration
$config = @{
Hostname = $env:COMPUTERNAME
Domain = (Get-WmiObject Win32_ComputerSystem).Domain
IP = (Get-NetIPAddress -AddressFamily IPv4 | Where-Object PrefixOrigin -ne "WellKnown").IPAddress
DNS = (Get-DnsClientServerAddress -AddressFamily IPv4).ServerAddresses
Roles = (Get-WindowsFeature | Where-Object Installed).Name
}
$config | ConvertTo-Json | Set-Content "C:\Migration\server-config.json"
# 3. Update current OS
Install-Module PSWindowsUpdate -Force
Get-WindowsUpdate -Install -AcceptAll
# 4. Mount Windows Server 2022 ISO and run setup
# D:\setup.exe /auto upgrade /quiet /compat ignorewarning
# PowerShell approach
$isoPath = "C:\ISOs\WindowsServer2022.iso"
Mount-DiskImage -ImagePath $isoPath
$driveLetter = (Get-DiskImage -ImagePath $isoPath | Get-Volume).DriveLetter
Start-Process "${driveLetter}:\setup.exe" -ArgumentList "/auto upgrade" -WaitOption 2: Clean Migration (Side-by-Side)
# This approach is safer: install fresh 2022 server, migrate roles
# Step 1: Install Windows Server 2022 on new VPS
# Step 2: Configure basic settings to match old server
# Migrate Active Directory
# On old DC: Transfer FSMO roles if needed
Move-ADDirectoryServerOperationMasterRole -Identity "NewDC" `
-OperationMasterRole SchemaMaster, DomainNamingMaster, PDCEmulator, RIDMaster, InfrastructureMaster
# Migrate DHCP
Export-DhcpServer -File "C:\Migration\dhcp-export.xml" -Leases
# On new server:
Import-DhcpServer -File "C:\Migration\dhcp-export.xml" -BackupPath "C:\DHCPBackup" -ScopeOverwrite
# Migrate DNS
# AD-integrated DNS zones migrate automatically with AD replication
# Migrate File Server
# Use Storage Migration Service (built into Windows Admin Center)
# Or robocopy:
robocopy "\\oldserver\Shares" "D:\Shares" /E /COPYALL /DCOPY:DAT /R:3 /W:5 /LOG:"C:\Migration\robocopy.log"
# Migrate IIS
# Export IIS configuration
& "$env:SystemRoot\system32\inetsrv\appcmd.exe" list config -xml > "C:\Migration\iis-config.xml"
# On new server:
& "$env:SystemRoot\system32\inetsrv\appcmd.exe" restore backup "iis-backup"
# Migrate Print Server
# On old server:
PrintBrmEngine.exe -b -d c:\Migration\PrintServerBackup -s \\oldserver
# On new server:
PrintBrmEngine.exe -r -d c:\Migration\PrintServerBackup -s \\newserverPost-Migration Verification
# Verify OS version
Get-ComputerInfo | Select-Object OsName, OsVersion, OsBuildNumber
# Verify all roles are functioning
Get-WindowsFeature | Where-Object Installed | Format-Table
# Test AD (if domain controller)
dcdiag /v
repadmin /showrepl
# Test DNS
Resolve-DnsName corp.example.com
nslookup -type=srv _ldap._tcp.dc._msdcs.corp.example.com
# Test network connectivity
Test-NetConnection -ComputerName dc1.corp.example.com -Port 389
Test-NetConnection -ComputerName fileserver -Port 445
# Verify services
Get-Service | Where-Object Status -ne "Running" | Where-Object StartType -eq "Automatic" | Format-Table
# Check event logs for errors
Get-WinEvent -LogName System -MaxEvents 50 | Where-Object Level -le 2 | Format-Table TimeCreated, Message
# Run Windows Server 2022 specific features
# Enable TLS 1.3
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server" `
-Name "Enabled" -Value 1Rollback Plan
# If in-place upgrade fails:
# 1. Boot from Windows Server 2019 installation media
# 2. Select "Repair your computer"
# 3. Use System Image Recovery with the pre-upgrade backup
# If side-by-side migration has issues:
# 1. Point DNS/DHCP back to old server
# 2. Revert FSMO role transfers
# 3. Old server remains functional as fallback
# Timeline:
# Day 1: Full backup and documentation
# Day 2: Perform upgrade/migration
# Day 3-7: Monitor for issues
# Day 14: Decommission old server (if side-by-side)
# Day 30: Delete old server backup (keep for compliance if needed)Best Practices
- Always backup before upgrading — full system state and data backup
- Use side-by-side migration for critical production servers — it's safer and allows easy rollback
- Test in a lab first: Clone your server to a test environment and try the upgrade
- Update the old server fully before attempting an in-place upgrade
- Verify all applications are compatible with Windows Server 2022 before migrating
- Schedule during maintenance windows with adequate time for rollback
- Keep the old server running for at least 2 weeks after migration for comparison