Solved

How to rebuild W2K domain controller with same name.

Posted on 2004-09-01
10
309 Views
Last Modified: 2010-04-14
We have a Windows 2000 Active Directory Server that we want to wipe and rebuild.  How do we go about this?  The domain has 3 other systems on it that only use this domain controller for authentication and DNS.  The actual domain controller was running as an internet DNS server and non-microsoft mail server.  I have moved the mail system to another machine.  I want to migrate DNS off this box (pretty sure I know how to do this..) then rebuild it.  Will I have problems when taking this system down, and then plugging in a replacement with the same IP address, system name and domain name?  Any tips?
0
Comment
Question by:oltraver
  • 5
  • 3
  • 2
10 Comments
 
LVL 9

Assisted Solution

by:BigC666
BigC666 earned 250 total points
ID: 11958364
howdy,
have a look at this http://www.experts-exchange.com/Operating_Systems/Win2000/Q_21115098.html
petelong got the best explination that i've found.

hope that this helps
0
 

Author Comment

by:oltraver
ID: 11958427
Looks excellent, and I will try as a last resort, but I need to know if there is anything I can do to use the *same* box for the rebuild?!  We don't have any extra hardware at this time (but may be able to dig some up if this turns out to be a nightmare!)
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 11958438
Can you promote one of the other servers to be a domain controller?  Any 2000 server can be.  IF you don't you'll lose all your user accounts and the computer account information as well as any GPOs you may be using.  

If you can, promote the other system then transfer the Operations Masters using the appropriate tools (you really should try not to SEIZE things unless you have no choice.

If you can't then you're pretty much going to start the domain from scratch.  In which case, you might want to try to dump the users so you can script them in on the new domain and you'll have to reconnect all clients to the new domain.

Why is you want to rebuild the system?  crashing often?
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 9

Expert Comment

by:BigC666
ID: 11958446
man, ther's alot of things that you can do, but without hair loss and possibly nervious breakdown pete's is the way to go
0
 

Author Comment

by:oltraver
ID: 11958704
Let me give you some background so I (we!) can make the best decision.

A founding member of the company I work for is leaving and had a TON of his personal stuff spread across 16+ web/mail/ftp servers.  We have consolidated it all to one set of servers, 3 have been allocated for this project.  Management wants me to maintain this hardware allocation, and wipe and rebuild each server to suit his needs, while ensuring that the systems are stable (we’ve had 4 non-documenting system administrators in the last 5+ years and the systems are a mess,) and also to make sure no information is left on the systems related to the parent company.

The bulk of this work is done.  I rebuilt new DNS servers and migrated all of the domains we are keeping to a whole new domain, upgrading and rebuilding everything in the migration process.  The last piece of the puzzle is this original (largely unused) domain controller, that only he is going to use, and is going to be taken offsite when I am done with it.

Original and Current Configuration of the servers is as follows:

One system was a Backup Exec server.  It has since been rebuilt as an IIS and Backup Exec server.
One used to be a secondary DNS and an IIS server. It has since been rebuilt as an email server.  Secondary DNS was moved to a system that we are keeping until the migration is done (He will be collocating elsewhere and not using our DNS servers any longer.)
The last machine (the Domain Controller in question) was a mail server (now moved), Primary DNS server (needs to be moved) and Domain Controller.

I don’t think rebuilding the domain will be that big of a deal since this domain controller only authenticates logins for the domain for 2 accounts, a backup exec account and the admin account on all machines.

Losing the user and computer accounts should not be that big of a deal, and there are no GPOs on this particular domain, besides default configs.  I really don’t want to promote one of the newly rebuilt servers to a DC as they are running perfectly now as is.

I guess I need to know how much of a pain it is to rip out a domain controller and rebuild it so it can be dropped back in the exact same role, minus Primary Internet DNS.

What would you do?
0
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 250 total points
ID: 11958790
Honestly, to, me it's a hassel to rebuild things when there is another option.  I would probably promote the current mail or backup/IIS server to be the DC with the roles migrated to it.  Then I'd blow away the system and rebuild it.  I recently had to effectively do what you are doing for 10 users and 14 PCs.  Honestly, it was a nightmare - especially the PCs.  Actually, as I think more, I'd probably - if you could scrap up $60-100, buy another hard drive.  Yank the one in the system now and then build from scratch.  If you find too many things break (check your web server, backup, etc), then you can always put the drive back in the system and rejoin the workstations to the domain.  

Sorry, I've worked with 4 Active Directory implementations and over time, they have proven their complexity to me.  You obviously know your systems better than I, but I wouldn't take the chance.  As long as the existing domain wasn't failing (structure, AD errors, etc), I'd move the AD to another server, rebuild this one, then move it back.  

Please keep in mind, I'm not suggesting PERMANENTLY moving AD to another server, just temporarily while you rebuild the system you want to rebuild.

Also, if it's NOT the only DC, then ripping it out and rebuilding is pretty simple - only thing, demote it first with DCPROMO so it's properly removed from the directory and can be readded later with the same name and DNS doesn't get screwed.

(Sorry, I hope I'm being coherent enough here - been a LONG day).
0
 

Author Comment

by:oltraver
ID: 11959007
I'll give this a try next week and assign split points when it's a success! *knockknockknock*  Thanks you two!
0
 

Author Comment

by:oltraver
ID: 12029613
Looks like the change will happen early NEXT week, so I'll assign points then.

A few more questions, if I may:

1. What is the exact dcpromo command to demote the old server before I take it offline and rebuild it?
2. How can I make sure that the new server has all the proper FSMO roles assigned to it?  I followed the instructions provided by PeteLong to the letter and it seems OK, although I wasn't sure what to do with the Global Catalog as his instructions said not to run it on the same machine as the Infrastructure Master role.  I  only had one doamin controller before I started this process, so where did the Global Catalog and Infrastructure Master role reside before, if not on the same server?

Thanks!

-Patrick
0
 

Author Comment

by:oltraver
ID: 12069587
All done and it works!  Thanks you guys!
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 12069646
Sorry for the delay - here's some comments regarding your past questions:

This will explain Operations Masters and verifying their locations in a variety of ways:
http://is-it-true.org/nt/nt2000/atips/atips56.shtml

As you probably already figured out, just run DCPROMO - it's a wizard and will provide an option to remove Active Directory from the computer.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
ConnectWise and their customers need to ensure critical alerts automatically reach the right person at the right time. MSP superheros efficiently respond to these alerts key is providing automatic, intelligent alerting that generates a complete audi…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question