Replacing First Domain Controller Computer

Discussion in 'Active Directory' started by derSchweiz, Jul 10, 2006.

  1. derSchweiz

    derSchweiz Guest

    Hi,

    I want to upgrade my server to another faster physical machine with
    completely different hardware. My current setup is 1 domain say abc.de and I
    have 2 DCs, DC-Main and DC-Backup. DC-Main is the first DC holding the 5
    FSMO roles and this is the machine that I want to replace.

    My Questions:
    1) Do I just DCpromo the new machine and transfer all the 5 FSMO roles to my
    new DC and the demote the "DC-MAIN" machine, or is this method wrong?

    2) Is there any way to name my new machine DC-MAIN as well? I want this to
    be as seemless as possible. (to do this im thinking of transfering the 5
    roles to DC-Backup, then demote DC-MAIN, and promote the NEW DC-MAIN and
    transfer the roles back).

    Someone please give me some input. This procedure is totally new to me.

    Thanks in Advance!
     
    derSchweiz, Jul 10, 2006
    #1
    1. Advertisements

  2. #2 will work. Make sure DC-Backup is a GC and is running DNS.

    Doug Sherman
    MCSE, MCSA, MCP+I, MVP
     
    Doug Sherman [MVP], Jul 10, 2006
    #2
    1. Advertisements

  3. this works, planned like under item one. Please do not forget to export
    the EFS recovery agent certificate of the administrator before you
    "dcpromo" the server.
    Without this certificate you are not able to recover encrypted user files.
     
    Frank Röder [MVP], Jul 10, 2006
    #3
  4. Option 2 will do the trick. Also remember to mark the new DC as a GC again.

    --
    Thanks,
    Brian Desmond
    Windows Server MVP - Directory Services

    www.briandesmond.com
     
    Brian Desmond [MVP], Jul 10, 2006
    #4
  5. derSchweiz

    Hank Arnold Guest

    This is a new one on me... How do I do this?

    Does backing up the System State accomplish this?

    Regards,
    Hank Arnold
     
    Hank Arnold, Jul 10, 2006
    #5
  6. On the first DC open the "Default Domain Policy". Navigate to:

    Computer Settings\Security Settings\Public Key Policy\EFS Recovery Agent

    there you should see the efs recovery agent certificate.
    Point to this certicate and click with the right mouse button.

    All Tasks -> Export

    You must export it twice. One for the public key and one for the private
    key.
     
    Frank Röder [MVP], Jul 10, 2006
    #6
  7. derSchweiz

    Paul Bergson Guest

    Paul Bergson, Jul 10, 2006
    #7
  8. derSchweiz

    Hank Arnold Guest

    Excellent! How often should this be done? That is, how often does it change?

    Regards,
    Hank Arnold
     
    Hank Arnold, Jul 11, 2006
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.