How to replace single domain controller in domain with a single do

Discussion in 'Active Directory' started by danyadd, Nov 27, 2008.

  1. danyadd

    danyadd Guest

    We are planning to replace our only domain controller running Windows 2003
    x86 standard SP2 with a new server running Windows 2008 x64 standard.
    We have a single Windows2003 native forest, single domain, with 1 domain
    controller. The server to be replaced holds the all the FSMO roles. We
    are running Active Directory Integrated DNS on the server we are replacing.

    It is critical for us to keep the same server name and IP address for the
    new server, because everything on our network is pointing to the server we
    are replacing.

    I've found this page
    http://support.microsoft.com/default.aspx/kb/555549/en-us
    but i'd like to know:
    1) Is this article applicable also to Windows 2003 -> Windows 2008 ?
    2) How can I keep the same server name and IP address ?

    Thanks in advance for any tips or useful links

    Daniele
     
    danyadd, Nov 27, 2008
    #1
    1. Advertisements

  2. danyadd

    Marcin Guest

    Daniele,
    considering that you will be adding a Windows Server 2008 domain controller
    to Windows Server 2003 domain, you will first need to take into
    consideration steps outlined in
    http://technet.microsoft.com/en-us/library/cc733027.aspx
    Once these steps have successfully completed, you would follow instructions
    in the article you referenced (you should be able to skip WINS installation
    and rely exclusively on DNS). After you finish step 12, remove the old
    (already demoted at that point) domain controller from the domain,
    disconnect it from the network, and power it off. Next, rename your new
    domain controller so it matches name of the old one and change its IP
    address as desired (which, effectively, will eliminate the need for steps 13
    and 14)

    hth
    Marcin
     
    Marcin, Nov 27, 2008
    #2
    1. Advertisements

  3. Hello danyadd,

    After preparing the domain for 2008 with adprep command you can follow the
    arcticle. If all is done, remove the old machine from the network and then
    rename the DC and change the ip address to the old one. Also you have to
    delete in AD sites and services the old DC name, not done during demotion.

    Rename 2008 DC:
    http://technet.microsoft.com/en-us/library/cc794925.aspx


    Another way would be more work but also more secure for AD:
    - install a temp DC in the domain, move all 5 FSMO roles, make it GC and
    DNS (Ad integrated zones), export of DHCP database for 2008 choose "netshell
    dhcp backup" and "netshell dhcp restore" command (http://technet.microsoft.com/en-us/library/cc772372.aspx)
    - run dcdiag, netdiag and repadmin /showrepl to check for errors
    - prepare the domain for 2008
    - demote the old DC to member server, reboot and rename it, reboot and change
    the ip address and run ipconfig /registerdns, check the DNS zones for the
    correct changes ip/name
    - install the 2008 with the old ip/name and promote, make it DNS server,
    GC and move all 5 FSMO roles, import of DHCP database for 2008 choose "netshell
    dhcp backup" and "netshell dhcp restore" command (http://technet.microsoft.com/en-us/library/cc772372.aspx)
    - run dcdiag, netdiag and repadmin /showrepl to check for errors
    - move the files/printers
    - remove the old 2003 member machine from the domain
    - demote the temp DC to member server and remove it from the domain
    - check DNS configuration and remove old server entries if exist
    - open AD sites and services and remove the old DC's from the list
    - run dcdiag, netdiag

    Best regards

    Meinolf Weber
     
    Meinolf Weber, Nov 28, 2008
    #3
  4. danyadd

    danyadd Guest

    Thanks very much for your reply,
    I think I will follow the first procedure because I don't have a temp DC to
    add to the domain.
    I have two more questions.
    1) Renaming the DC:
    I didn't know about the Netdom.exe command-line tool way.
    I was thinking to use the System Properties user interface (UI).
    What's the difference?
    2) Should I first change IP address or DC name?

    Thanks
     
    danyadd, Nov 28, 2008
    #4
  5. Hello danyadd,

    As stated in the article (http://technet.microsoft.com/en-us/library/cc794951.aspx)
    Although you can use System Properties to rename a domain controller (as
    you can for any computer), Active Directory and DNS replication latency might
    temporarily prevent clients from locating or authenticating (or both) to
    the renamed domain controller. To avoid this delay, you can use the Netdom
    command-line tool to rename a domain controller.

    Doesn't matter when you change the ip.

    Best regards

    Meinolf Weber
     
    Meinolf Weber, Nov 28, 2008
    #5
  6. I have not read the article....From a procedure standpoint it should look
    like the following:
    Install a new machine, make it a DC and move everything over. Remove the
    previous DC and install the new one. Moving everything back from the TEMP DC
    OR
    Move everthing to the NEW DC, remove the old DC, re-IP and rename the new DC
    (assuming rename is possible with the pass installed on it)

    --

    Cheers,
    (HOPEFULLY THIS INFORMATION HELPS YOU!)

    # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

    BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
     
    Jorge de Almeida Pinto [MVP - DS], Nov 28, 2008
    #6
  7. danyadd

    danyadd Guest

    I've used my Windows 2008 x64 DVD on my Windows 2003 32bit to run:
    adprep /forestprep
    No problem: "Adprep successfully updated the forest-wide information."

    Then I tried to run: adprep /domainprep /gpprep
    but I had the following error message:
    "Adprep detected that the domain is not in native mode"

    Now I will change my domain to Native mode using "Active Directory Domains
    and Trusts" utility.

    My question is:
    is it ok to use the Windows 2008 x64 DVD version on Windows 2003 32bit ?
    Should I run adprep /domainprep /gpprep using the 32bit DVD?

    Thanks
    Daniele
     
    danyadd, Nov 29, 2008
    #7
  8. Jorge de Almeida Pinto [MVP - DS], Nov 29, 2008
    #8
  9. danyadd

    danyadd Guest

    I can confirm I had no problem replacing my server using
    the procedure suggested by Marcin and Meinolf Weber.

    To do the adprep I used the Windows 2008 x64 DVD on my Windows 2003 32bit
    server.

    Thanks for you help
     
    danyadd, Dec 3, 2008
    #9
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.