Solved

Replacing the  Forest Root Domain Controller with same name on new machine

Posted on 2004-08-06
12
291 Views
Last Modified: 2010-04-14
We have a Win2000 forest root domain controller that has almost run out of storage space on the boot/system partition (dynamic disk, mirrored). The hardware is outdated and we wish to replace this machine with a new dual/processor server. We also want to upgrade the OS to Win2003. We feel it may be necessary to keep the same computer name because of the scripts that run on the network. The question is what steps do we follow to assure that the network will function successfully after the DC is swapped out?
0
Comment
Question by:melville2712
  • 3
  • 3
  • 2
  • +1
12 Comments
 
LVL 9

Expert Comment

by:SamuraiCrow
ID: 11739606
Do you have any other domain controllers on the network?

If so the first thing you need to do is move the operations master roles (FSMO roles) to another domain controller.  See this microsoft site for the process:

http://www.microsoft.com/windows2000/en/server/help/default.asp?url=/windows2000/en/server/help/sag_ADtransferFSMOroles.htm

Once the roles are migrated I would suggest demoting the server before removing it from the network and bringing in the new machine.

What sort of scripts are running that are domain controller contingent?  Is the server a script repository of some type or are these LDAP typed scripts that are hard coded to a particular server?
0
 
LVL 4

Accepted Solution

by:
shard26 earned 250 total points
ID: 11739733
(before any of this make sure your 2000 server is at SP4) He should bring the new server online 1st. Join it to the domain. Then run DCPromo on the new server and make it a DC.  Then transfer all the roles mentioned above to the new DC. Then run DCpromo on the 2000 server and demote it to a member server. I think you also have to run forestprep and domainprep on the 2000 server before you begin.


0
 
LVL 4

Expert Comment

by:shard26
ID: 11739744
oh my bad I see you need to keep the computer the same on the new computer. Can you just edit the scripts?
0
 
LVL 9

Assisted Solution

by:MSGeek
MSGeek earned 250 total points
ID: 11740959
If you bring in a new 2003 server, you can rename the server.  I guess my plan would be to bring up the new server, copy the catalog to it.  Upgrade the old server to Windows 2003 then rename it, lastly rename the new server to that of the old and exchange IP addresses.  

I don't mean to oversimplify the process, but this is pretty much what you need to do.  Hard to believe you cannot just do a find replace in your scripts though (You must have a lot of scripts!)   MSGeek
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Author Comment

by:melville2712
ID: 11752952
MSGEEK, I see you are in the Hall of Fame! Congrats! I am new to this site and going through the learning curve. There are only logon scripts that map drives, but they are on the machines of mobile and at home users that VPN in from 3 States. I agree that with some work the script  issue could be straightened out before we make the switchover.
So I should create a 2003 DC with a new name, copy over the catalog and other roles, demote the original DC, rename the new machine to that of the old and assign proper IP addresses. Old server is running DHCP, DNS and RRAS. I stopped these services and did a complete backup to a SCSI drive that came from the new machine. Any further insight into how I should proceed.
0
 

Author Comment

by:melville2712
ID: 11753326
SamuraiCrow--thanks for your input and the link to transfering the OP Master Roles. I have been instructed to keep the same name, and to be able to physically remove the original DC from the network because of its hardware limitations. The script situation is described in the memo to MSGeek.Keeping the name the same is an issue with unknowns for me.
I thought I would incorporate the advice you have all given as follows, and perhaps you would be kind enough to polish it up for me.
I have done a complete backup with system state to basic disk of DC1. I have installed 2000 Advanced Server on the DC2 with same name , which is offline. I will install the backup disk into DC2 and do a restore. Then after transfering roles off of DC1 to DC3, I will remove DC! from network, attach DC2 to network and transfer appropriate roles back to DC2.
0
 

Author Comment

by:melville2712
ID: 11754228
Shard26--thanks for the input. Your input on domainprep and adprep will be helpful during the upgrade to 2003. I am operating under the assumption that I should first install 2000 on the new machine and once all is up and running, upgrade to 2003. Other suggestions are to install 2003 on the new DC with an alternate name and then change the name after removing original from network. Anything further you can add. Probably want to do this this weekend. Thanks
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 11768492
You can install 2003 on the new server. You can also backup DHCP database and move that over.
0
 
LVL 4

Expert Comment

by:shard26
ID: 11788153
Have any other questions?
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
win2k service packs 5 645
Windows 2003 server: List of EVENT IDs 1 714
website 1 304
windows explorer 21 172
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques. This attack comes as a nightmare trifecta for email filtering services; sent from a familiar contact, using authentic tone and verbi…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

27 Experts available now in Live!

Get 1:1 Help Now