Build a New DC vs Swing Migration: Upgrade Server OS Correctly
Because unsupported operating systems (OS’) introduce security risks and can affect compliance requirements, organizations should migrate to supported versions of Windows Server. In my lab environment, the domain controllers currently run Windows Server 2022 despite not affected. I want to take advantage of the newer capabilities available in Windows Server 2025. To accomplish this, we will be discussing the steps to “Build a New DC vs Swing Migration: Upgrade Server OS Correctly“ to replace the existing servers while maintaining Active Directory continuity. Please, see Unicode Manipulation: CVE-2026-25177 Privilege Escalation in AD.
Reinstalling or upgrading the Domain Controller (DC) ensures enhanced security, access to the latest features such as improved Kerberos, SMB, and Group Policy support. This helps maintain compliance with modern regulatory standards.
Note: Microsoft does not recommend in-place upgrades for Domain Controllers (DCs), so migrating to a new server while preserving the same IP addresses is the standard approach, especially with multiple DCs.
Also, see Specify user account name when adding a DC to an existing Forest, how to perform In-place upgrade of Windows Server 2022 to 2025, and how to perform an in-place upgrade from Windows Server 2016 to Windows Server 2019.
Why Avoid In-Place Upgrades on Domain Controllers
AD Integrity Risks: In-place upgrades can corrupt the Active Directory database (NTDS.dit), especially if lingering schema extensions or legacy drivers exist.
- Even a minor corruption in the SYSVOL or replication metadata can cause replication or authentication failures.
Replication and SYSVOL Consistency: A new, clean DC ensures that SYSVOL replication (DFSR-based) is initialized fresh, avoiding lingering issues from legacy FRS setups.
Security Baseline Compliance: Fresh installations inherit modern Windows Server security defaults, group policy baselines, and updated cryptographic standards.
- In-place upgrades often carry forward outdated configurations and deprecated settings.
Rollback and Recovery Simplicity: If something fails on a new DC, you can simply demote and rebuild it and no need for domain recovery or restore operations.
Schema and Feature Cleanliness: When you install a new DC, you start with a clean OS and can safely introduce updated schema versions (for instance, when moving from Server 2016 to 2022 or 2025).
Please, see Fix Error 0x87E10BC6 on a PC running Windows non-core Edition, Why you should not Upgrade Windows on an ePO Server, and Veeam Backup and Replication Disk I/O with diskspd.
You Shouldn’t “Restore” a DC Image to New Hardware or a New OS
SID, AD, and replication metadata issues: Active Directory uses Update Sequence Numbers (USN) to track changes. If you restore an old image, the DC “forgets” the recent updates it already sent to its partners. When it tries to replicate again using old USNs, the other DCs will detect the inconsistency and stop talking to it to protect the database. This is called a USN Rollback, and it can isolate a DC entirely.
Version and schema mismatch: You cannot “restore” a 2022 DC onto a 2025 Server OS because:
- The underlying binaries and AD DS schema may differ.
- SYSVOL, NTDS.dit, and registry settings aren’t guaranteed to align with the newer AD DS service version.
- Microsoft explicitly does not support cross-version DC restores as a migration path.
Restore results in cloned DC, not clean promotion: Even if the restore boots, it would be seen by the domain as an inconsistent DC and not a cleanly joined one. That can trigger replication errors, Kerberos ticketing issues, and logon problems domain-wide.
The exception: VM Generation ID
Modern virtualization (Hyper-V and VMware) supports a feature called VM Generation ID. If you restore a backup using a tool like Veeam onto the same OS version or hardware, the DC detects the ID change and safely resets its own Invocation ID to prevent a rollback.
However, this does not help you upgrade the OS. It only helps you recover from a disaster on the same version as discussed here: “Migrate Active Directory Domain and Forest with Veeam Replica“.
Veeam Replica creates a bit-for-bit copy of the existing VM. That is, if you replicate a Server 2022 DC, the replica is still a Server 2022 DC. It does not perform an upgrade of the operating system.
Determine the OS the OLD Domain Controller are running?
As mentioned above, let us determine the version of the OS we are running. We can do this in multiple ways in Windows. To do this, run “winver” from the search window as shown below.
This will display the about Windows information as shown in the wizard below.
Please see SQL Server 2025 Upgrade Requirements and Compatibility, how to Install SQL Server Management Studio 20 on Windows Server, and Upgrade Path and In-Place Upgrade for VBR v13 and Known Fixes.
Replace old DC and Promote Windows Server 2025 as new DC
In this article, we will assume the Swing migration method for Domain Controller 2 (TechDC02) and a rebuild for Domain Controller 1 (TechDC01). This way, you can chose the method that is best for you in your environment.
Since this is a lab environment, I have all FSMO roles on a single domain controller (TechDC01). The second domain controller acts as a standby that can assume all roles if required. Although it does not host any FSMO roles right now. It runs DNS and the Global Catalog, maintain direct replication with TechDC02, and serve as the designated backup if the primary domain controller becomes unavailable.
But, if you wish to have a distributed spread for your lab, you could place the “PDC Emulator, RID Master, Infrastructure Master” on TechDC01 and on TechDc02, move the Schema Master + Domain Naming Master. This reduces the impact if one DC disappears, but adds tracking complexity.
Please see Methods for Integrating Azure Active Directory with on-Premise Active Directory, how to sync on-premises AD with Azure AD via Azure AD Connect, and how to sync on-premises AD with Azure AD via Azure AD Connect.
Verify FSMO Roles
As you can see, all five FSMO roles: Schema Master, Domain Naming Master, RID Master, PDC Emulator, and Infrastructure Master belong to TechDC01 as mentioned above. This was my first DC and held all FSMO roles by default until I added a new DC and did not distribute the roles. In a different guide, I will discuss the role distribution in details.
Note: This is fine for small setups but means that server is a single point of failure for AD operations like password changes (PDC Emulator) and SID allocation (RID Master)
TechDC02 holds no role, and can safely be demoted and deleted. But because I wish to show you both steps for building a new DC and also perform a swing migration. A simple delete and re-install will not be appropriate for learning sake.
To do this, we will create another VM, and perform a swing migration by renaming the Domain Controller afterwards.
Repair or Uninstall Azure AD Connect: Uninstall Azure AD Connect, Azure Active Directory integration with on-premise AD using PTA, and The password has expired, update your password and try again.
Part A: Swing Migration
The swing method is where a temporary DC is introduced, FSMO roles are transferred if necessary, and the old DC is removed so its name/IP can be reused.
Note: Regardless of the method I am using, a temporal VM is needed. I prefer the Part B method as this method is problematic as discussed. This is very common during swing migration as the TempDC DC GUID remains in
_msdcs, so AD still tries replication using the old GUID reference, causing the below issues. Some of these errors will be discussed in another guide:
- RPC 1722
- Replication failure
- FSMO move failure
- SPN errors (Passed without further troubleshooting).
Please, see these artiles before proceeding with this step: Blog1 from Microsoft Techncommunity, blog2 from DELL, and “Domain Controller rename doesn’t rename all AD DFSR SYSVOL objects“
Create a Temporal VM for the DC
For this section, I will be using XCP-ng. I will navigate to the Home section and select “New VM”. If you are using another Hypervisor please see Proxmox, Hyper-V_1 or Hyper-V_2, vSphere, and XCP-ng,
If you cannot proceed with your VM creation because you have not imported Windows Server 2025 ISO image yet to XCP-ng Storage. You can do so by clicking on “Import”, select the storage location
drag and drop the ISO and click on Import as shown below.
Windows Server 2025 successfully imported to XCP-ng.
VM Creation
You can now proceed with the VM creation. Populate the information as shown below.
Unfortunately, we cannot show you all the screenshots for this steps. Therefore, refer to the hyperlinks for VM creation above. Enter the product key and continue with the OS installation.
Select Windows Server 2025 (desktop Experiencer) and click Next
Enter you Admin password and reconfirm this and click on Finish.
Please see how to Integrate Hyper-V: Install System Center Virtual Machine Manager, how to Migrate Veeam One Database from SQL Server 2017 to 2025, and Upgrade VBR to 12.3.1: Setup detected inconsistent configuration.
Post OS Settings
For the post OS configuration of Windows Server. Please see “Post OS installation: Configure the properties of Windows Server“
Since we do not have a proper DNS resolution configured before hand and we would like to be able to join our domain, we will have to enable NetBIOS over TCP under Wins in Advanced TCP/IP Settings.
Ensure you configure the TCP/IP Parameters correctly as shown below. for the alternate DNS, you could use a loop back address or its own IP address as you wish.
Join the Server to the Domain.
Note: You must join this server to the domain. Else, you will get an error which says you must specify a user account and password when promoting as a domain controller.
Welcome to the domain
Do not forget to apply Windows updates and set the correct time zone for your new DC.
Please see how to Convert Windows Server Datacenter to Standard: Install Windows Server via iDRAC Virtual Media, and how to Protect your Windows Devices with MFA with SystoLOCK.
Install ADDS Role
The next steps would be to install the Active Directory Domain Services (ADDS) Role. To do this, click on Manage via the server manager and select “Add Roles and Features”.
On the Before You Begin page, slect Next
Choose Role based and feature based installation.
Luckily, we only have one server in the pool, click next to continue.
Select ADDS as shown below
In the pop-up wizard to add additional features for ADDS, click add features.
ADDS role selected, click Next
On the informational window, click next
The role is currently being installed. You can close this window now or wait for it to complete.
Promote DC
As you can see on the Server Manager. Click the yellow notification flag at the top right.
Choose Promote this server to a Domain Controller to begin the promotion process.
How to add a second Domain Controller, How to add a new Domain Controller to an Existing Domain, and Active Directory: How to Setup a Domain Controller
Add a New Domain Controller to an Existing Domain
In the deployment configuration, enter the domain when not automatically detected. You may also have to specify the credentials.
You will be prompted to enter your username and credentials in this case.
Ensure DNS and GC is selected and enter your DSRM password and click next.
We have no DNS delegation, so we will click on Next.
I am fine to replicate from any DC.
On the preparation option. I will click Next.
Review option, I will also click on next
As you can see, our prerequisites have passed with few warnings and will click on Install.
When completed, you will get a prompted that you will be signed out. You may not take action here as it will happen regardless.
How to troubleshoot Active Directory Replication issues, how to install and configure FSRM in Microsoft Windows Server, and Fix AADSTS900144: The request body must contain the parameter.
Query FSMO
As mentioned before, for this DC I am here to demonstrate the swing migration process. Otherwise, it would have been sufficient to delete the other demote TechDC02, and reinstall as a new DC using the same IP and name. But, the scope and requirement for this is different and as such, we will embark on the complicated steps to perform the swing migration.
Note: Also, I will be transferring FSMO roles to this Temp DC that will be renamed to TechDC02 and then rebuild with TechDC01 and re-transfer the FSMO roles back to TechDC01 due to hardware reliability.
So, I am fine having TechDC01 having all the FSMO roles as mentioned above. What I will do is to create a new Hyper-V server and rebuild TechDC01 from scratch as discussed in Part 2 below.
As you can see, with our newly setup DC, there is no replication issue via the command below
repadmin /summary
You could also verify the health with the below command
dcdiag /vThe below command is used to show the replication status of a domain controller. By default, it shows all NCs and all replication partners for the local DC.
repadmin /showrepl
If the sync does not happen, you can force it using this command
repadmin /syncallTo check replication for each DC, please use the comamnd below.
repadmin /showrepl <DCName>Please see How to fix the Filesystem root is running low on Disk space, and “Enter connection information for your on-premise directory or forests: Azure AD connect unable to connect directory, forest not available“.
Demote TechDC02
Note: As I said before, it was actually not necessary to setup the TempDC VM and promote as a DC. Because the TechDC02 has no FSMO roles and can be demoted and removed. But because, I wanted to show the swing migration steps. I am embracing this method to show some caveat and the recommended approach of DC rebuild discussed in Part B of this guide.
The have to demote the Domain controller and to do this, we will have to click on Remove Roles and Features under Manage in the Server Manager.
Click Next to proceed
Select the server if you have multiple servers in the pool and click next
Uncheck ADDS
In the pop-up window, select remove features.
As you can see, the validation failed. This is because we have not demoted the Domain controller. Unfortunately, the command as shown below to do this no longer works and we have to go through this method. Click on Demote this Domain controller. Please, see “how to demote and remove a Domain Controller on Windows Servers“.
dcpromo
In the credential section, click next
Select proceed and remove and click on Next
Uncheck Remove DNS delegation
DNS delegation unselected
Enter new Administrator password and click next
On the review option, click on demote
Shortly, the PC will be restarted.
When complete, please follow through the steps and remove the ADDS role.
Select Remove on the confirmation window as shown below to remove ADDS role.
Note. On the result window, because we have selected to restart the server if required. The Server will restart and be shutdown afterwards.
Please see Ensuring Backup Integrity and Reliable Recovery with SureBackup, BitLocker behavior when MBAM agent is removed: No Uninstall Option in Control Panel, and What’s New? Install Windows Server 2025 on Beelink EQ12 PC.
Delete or Rename TechDC02 VM
Ideally, the next step is to delete the VM. I will rename this server, perform an in-place upgrade, and use it for the SCOM setup. This process does not modify the VMDK file on the Hyper-V host. If you wish to reuse the server, follow the steps below; otherwise, you can delete it immediately.
Login locally as you cannot conenct with a domain account.
Change the PC name and also join the domain once again.
Assign new TCP/IP address
Domain join complete and you must restart your server.
Confirm server restart
confirm assigned IP
Assign New IP Parameters to TempDC
Note: While it is technically possible to change a Domain Controller’s name or IP after it has been promoted, it is generally not recommended because it creates a window of instability. DNS records take time to update, and services that rely on the DC (like Kerberos or LDAP) can break during this transition. Luckily, this is not the only DC!
Now, since we are performing a swing migration (where a temporary DC is introduced, FSMO roles are transferred if necessary, and the old DC is removed so its name/IP can be reused). Therefore, we will re-assign the IP address of TechDC02 to this new TempDC.
Note that the regular server name change or via PowerShell “rename-Computer’ do not work. You will have to use the command below.
netdom computername TempDC /add:TechDC02.techdirectarchive.comnetdom computername TempDC /add:TechDC02
Note that if some mata data are not cleared. The below opration will fail. And after clearing the redudant names from Site and Services and forcing AD replication. The below will fail until you readd as an alternate name.
Now, lets verify the current Names of the DC. If TechDC02 is not listed as shown below. Then the /makeprimary command will fail.
netdom computername TempDC /enum
Now, let’s make the newly added name primary. As you can see, this command ran successfully.
netdom computername TempDC /makeprimary:TechDC02.techdirectarchive.com
You will be required to reboot as shown below. lease use the restart button or the command below.
You can refresh DNS and AD Registration via the commands below
ipconfig /registerdnsnet stop netlogonnet start netlogon
Force Replication
You can force replication between the DC by running the command below.
repadmin /syncall
As you can see below, the replication succeeded via the command below
repadmin /showrepl
You can also run this from the second DC with hostname “TechDC02” as shown below.
As you can see below, there are no replication errors via the below command
readmin /replsummary
Note: Several errors were fixed, which ensures or at least appears to ensure that the swing operation is seamless. However, it can still fail or produce unexpected results. Therefore, building a new Domain Controller is the approach recommended by Microsoft, as discussed below.
Please see Using IBM Library with Veeam, Review of the Synology CC400W Installation and Configuration, and Azure File Sync : How to enable Self-Service restore.
Part B: Domain Controller Rebuild
A pure rebuild by creating a new Windows Server 2025 VM and promoting it to a domain controller ensures a safe and clean upgrade without in-place upgrades or temporary servers.
The table below shows the pros and cons and the recommended approach to installing a newer version of Windows Server for your DC.
First, we will have to move or transfer all FSMO roles from TechDC01 to TechDC02. You can run any of these commands on TechDC02 as shown below.
Move-ADDirectoryServerOperationMasterRole -Identity "TechDC02" -OperationMasterRole SchemaMaster,DomainNamingMaster,RIDMaster,PDCEmulator,InfrastructureMaster -ForceMove-ADDirectoryServerOperationMasterRole -Identity TechDC02 -OperationMasterRole 0,1,2,3,4Either of the commands above works as each FSMO role has an index number. Therefore, any of the above commands will get the job done with the desired outcome. Please see Active Directory Flexible Single-Master Operations Roles [FSMO].
| Index | Role Name |
|---|---|
| 0 | SchemaMaster |
| 1 | DomainNamingMaster |
| 2 | PDCEmulator |
| 3 | RIDMaster |
| 4 | InfrastructureMaster |
To proceed, let us query the FSMO roles by using the command below. As you can see, all roles are being held by TechDC01 currently.
netdom query fsmo
You can either use the command above or below as mentioned to transfer the fsmo roles to TechDC02.
After fixing all errors “Fix unable to contact Server: This may be the server does not exist”. Let us re-run any of the command as shown below.
Move-ADDirectoryServerOperationMasterRole -Identity "TechDC02" -OperationMasterRole SchemaMaster,DomainNamingMaster,RIDMaster,PDCEmulator,InfrastructureMaster -Confirm:$falseMove-ADDirectoryServerOperationMasterRole -Identity "TechDC02" -OperationMasterRole 0,1,2,3,4 -Confirm:$falseAs you can see, we have successfully transferred the FSMO roles t TechDC02.
Please see Resolving VSS Errors: Veeam AD Backups failing with SentinelOne, A-Z on Veeam Data Cloud: Workload Enrollment and Onboarding, and A real case of Internal Sabotage and Recovery.
Decommision (Demote) DC
Before Proceeding to demote the Domain Controller. We have to confirm that there are no errors and to verify that the “netlogon service” is running as shown below. You can do this by running the command below.
repadmin /replsummaryget-service Netlogon
Note: As mentioned above, In Windows Server 2012 and later, the Active Directory Domain Services Installation Wizard (dcpromo.exe) was deprecated and relocated into Server Manager. This means, you can only use the Server Manager to promote and demote your DCs. I did not want to provide this image above in order not to over complicate (confuse) you of the swing migration workflow.
Remove Active Directory Certificate Services (ADCS) Role
It is actually not recommended to have any other roles such as ADDS running on the DC itself. As such, you will need to remove Active Directory Certificate Services (ADCS) before you are able to demote a DC. Use the Remove Roles and Features to remove the ADCS Role from the server.
Click on remove to strip ADCS off the server.
ADCS is currently being removed.
The ADCS roles has been removed. Now you can proceed to demote the Domain Controller (DC).
Since we have actually showed the steps above comprehensively, we will only show a subset in this section. Here we are unchecking the ADDS roles and removing the feature before being prompted to demote the DC. Click on Demote as shown below.
Shortly, you will get a prompt that you are about to be signed out. You can do nothing here or just click on close. Regardless, you will be signed out.
Please see Veeam Enterprise Manager setup and User Role management, Building VIHR: Ransomware-Proof Repository with Veeam JeOS, and how to fix Failed to connect to Deployer Service Error.
Remove ADDS role
Now that we have successfully demoted the DC, we can now remove the ADDS role
On the confirmation window, click on Remove
The ADDS Role removal is n progress and you can now close the wizard if you want or wait for it to complete.
Delete the VM
I could easily perform an in-place upgrade of TechDC01 Server but this will defy the purpose of server rebuild. I need to reinstall Windows Server 2025 from scratch.
First, you have to turn of the VM in Hyper-V to be able to delete it.
Now, proceed and delete the VM (TechDC01) in this case.
In the confirmation window, click on delete as shown below.
See the following guide on how to set up a VM via PXE boot on a Generation 1 VM, Generation 2 VM: Set up a HyperV VM through PXE boot, and how to deploy images to computers or virtual machines using WDS.
Create a New VM for your DC
To do this in Hyper-V, we have referenced some links above in Part (Section) A above and the above Hyper links.
As you can see, I only have a few VMs running on the host, so I will proceed to clean up the virtual hard disks by identifying and removing unused or obsolete VHDX files to free up and conserve storage space
We will be creating a generation 2 VM as shown below.
I will select the operating system to install right away; to do this, I will attach the installation ISO image to the VM in Hyper-V so that the system can boot from it and proceed with the installation.
Click on Finish to complete this step.
Windows Server 2025 Installation
To continue with the installation of Windows Server 2025, click on Start as shown below.
Select the option to install Windows Server 2025 and click Next
Enter the product key and click Next. You can choose to do this at a later time.
Select Windows Server 2025 Data Center (Desktop Experience)
Installation of Windows Server 2025 is in progress
Enter your password and click on Finish.
Please see How to fix Error 401 Permission denied for invalid PVE ticket, how to Create an NFS Storage on Synology NAS and Present it to XCP-ng, and how to Resolve New WDAC Policy Issues in Azure Stack
Post OS Installation of Windows Server 2025
You can perform or configure all these settings directly from the Server Manager and you will be redirected. Since we have already attached a link to the Post OS installation in section A and also attached a link. We will not discuss these steps extensively in this section.
Populate the TCP/IPv4 properties as shown below. Since we have deleted the VM above, we can not reuse the IP Address.
Change the server name and also join the server to the Domain. Since we have deleted the VM above, we can not reuse the name as well.
When prompted, please restart or wait to apply Windows updates and restart all at once.
Install ADDS Role
Previously we used the Server Manager to install ADDS roles. But in this section, we will be using PowerShell to install ADDS, and this will be beneficial to the geeks that love to script.
Install-WindowsFeature AD-Domain-Services -IncludeManagementTools
As you can see below, the Active Directory Domain Services has been successfully installed.
Now, we have to promote the Server as a Domain Controller (DC). You can use any of the below commands. When prompted, kindly supply your credential.
Install-ADDSDomainController -DomainName "techdc01.techdirectarchive.com" -InstallDns -Credential (Get-Credential) -NoRebootOnCompletion:$false -ForceInstall-ADDSDomainController -DomainName "techdc01.techdirectarchive.com"OR unattended with the below script.
$Cred = Get-Credential “TECHDC01\Administrator”
$DSRM = ConvertTo-SecureString “EnterYourDSRMPasswordhere” -AsPlainText -Force
Install-ADDSDomainController -DomainName “techdc01.techdirectarchive.com” -InstallDns -Credential $Cred -SafeModeAdministratorPassword $DSRM -NoRebootOnCompletion:$false -Force
DC promotion is in progress
Shortly, the system will notify you before signing you out.
As you can see, the domain controllers correctly appear as CNAME records within the _msdcs zone.
Note: The _msdcs zone is a special namespace used by Active Directory (AD) for domain controller location and replication. Instead of relying solely on A records, it uses CNAME records to map each domain controller’s unique GUID to its corresponding hostname. This design allows services and clients to reliably locate the correct domain controller even if its name or IP address changes. In combination with SRV records such as _ldap._tcp.dc._msdcs, this mechanism enables efficient load balancing and service discovery across multiple domain controllers, ensuring high availability and consistency within the directory infrastructure.
As you can see, the initial replication query failed because Active Directory had not yet fully propagated changes across the domain controllers, which is expected.
Verified that I had the right TCP/IPv4 configuration in place.
To force this replication to happen very fast, we can use the comamnd below
repadmin /syncall
Force a Topology Update
Now let us instruct the DC to re-scan the network and determine their partners are. I will run these on both servers. Here, the /kcc will forces the KCC to recalculate replication links, and /syncall /AeD synchronizes all naming contexts using DNS names and cross-site boundaries.
repadmin /kccrepadmin /syncall /AeD
Next, run the commands below to clear DNS ghosts, and then verify replication again using the following command.
ipconfig /flushdns
ipconfig /registerdns
repadmin /replsummary
Please see Run Mendeley Reference Manager and Cite for Word on Windows, how to install Nextcloud on Mac, and How to set up Confluence Site and Spaces in Confluence Cloud.
Retransfer FSMO
Due to hardware concern, I will be moving the FSMO Roles back to TechDC01. To do this, run this command from the TECHDC01 via PowerShell console as Administrator.
Move-ADDirectoryServerOperationMasterRole -Identity "TECHDC01" -OperationMasterRole SchemaMaster, DomainNamingMaster, PDCEmulator, RIDMaster, InfrastructureMaster -Confirm:$falseAs you can see, we have been above to back the FSMO roles back to the newly built server as shown below.
Want to do this over the GUI, please follow the steps below.
Transfer Schema Master and Domain Naming Master roles: Repeat the process for the Domain Naming Master role using the
Active Directory Domains and Trustssnap-in.
– Openmmc.exe.
– Add theActive Directory Schemasnap-in: File > Add/Remove Snap-in > SelectActive Directory Schema> Add > OK.
– Right-clickActive Directory Schemaand selectOperations Master.
ClickChangeto transfer the Schema Master role.
As you can see the below image, we currently have our new built DC running on Windows Server 2025 datacenter as desired.
FAQs
Why does the status error 1355 0x54b no_such-domain mean?
The nltest error 1355 (ERROR_NO_SUCH_DOMAIN) occurs because /dsgetdc expects the domain name (techdc01.techdirectarchive.com), not a specific DC hostname like techdc02.techdirectarchive.com. The actual AD domain is just “techdc01.techdirectarchive.com”. No “techdc02” subdomain or child domain.
For TechDC01, no full failure here; the nltest succeeded by resolving techdc01.techdirectarchive.com’s DNS/SRV records (shows GUID, flags, Default-First-Site-Name), confirming Netlogon locator data is registered correctly on both DCs.
How do I change the computer name (primary DNS) for a Swing Migration domain controller?
You cannot rename a domain controller using PowerShell or the System Properties dialog. The supported method is to use the netdom renamecomputer command, which updates the DC name and propagates change. 
Performing an nslookup <IP> lets you verify that the DNS name resolves correctly to the hostname which confirms DNS registration, and replication propagation.
Why is the error “You must supply a User account” prompted during DC Promotion?
This is because, the domain and User account do not exist.
You will have to join the Server to the domain first before promoting it as a domain controller. 
After restart, you should be able to perform the Domain Controller Promotion
Fixing Active Directory Prerequisite Verification: User Not in Schema Admins?
AD schema changes require membership in the Schema Admins group. If the prerequisite verification fails, log in with an account that belongs to the Schema Admins group, or add your account to the group.
Adding the user account as a member of the Schema Admins group
I hope you found this article on Build a New DC vs Swing Migration: Upgrade Server OS Correctly very useful. Please feel free to leave a comment below.
