oltraver
asked on
How to rebuild W2K domain controller with same name.
We have a Windows 2000 Active Directory Server that we want to wipe and rebuild. How do we go about this? The domain has 3 other systems on it that only use this domain controller for authentication and DNS. The actual domain controller was running as an internet DNS server and non-microsoft mail server. I have moved the mail system to another machine. I want to migrate DNS off this box (pretty sure I know how to do this..) then rebuild it. Will I have problems when taking this system down, and then plugging in a replacement with the same IP address, system name and domain name? Any tips?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Can you promote one of the other servers to be a domain controller? Any 2000 server can be. IF you don't you'll lose all your user accounts and the computer account information as well as any GPOs you may be using.
If you can, promote the other system then transfer the Operations Masters using the appropriate tools (you really should try not to SEIZE things unless you have no choice.
If you can't then you're pretty much going to start the domain from scratch. In which case, you might want to try to dump the users so you can script them in on the new domain and you'll have to reconnect all clients to the new domain.
Why is you want to rebuild the system? crashing often?
If you can, promote the other system then transfer the Operations Masters using the appropriate tools (you really should try not to SEIZE things unless you have no choice.
If you can't then you're pretty much going to start the domain from scratch. In which case, you might want to try to dump the users so you can script them in on the new domain and you'll have to reconnect all clients to the new domain.
Why is you want to rebuild the system? crashing often?
man, ther's alot of things that you can do, but without hair loss and possibly nervious breakdown pete's is the way to go
ASKER
Let me give you some background so I (we!) can make the best decision.
A founding member of the company I work for is leaving and had a TON of his personal stuff spread across 16+ web/mail/ftp servers. We have consolidated it all to one set of servers, 3 have been allocated for this project. Management wants me to maintain this hardware allocation, and wipe and rebuild each server to suit his needs, while ensuring that the systems are stable (we’ve had 4 non-documenting system administrators in the last 5+ years and the systems are a mess,) and also to make sure no information is left on the systems related to the parent company.
The bulk of this work is done. I rebuilt new DNS servers and migrated all of the domains we are keeping to a whole new domain, upgrading and rebuilding everything in the migration process. The last piece of the puzzle is this original (largely unused) domain controller, that only he is going to use, and is going to be taken offsite when I am done with it.
Original and Current Configuration of the servers is as follows:
One system was a Backup Exec server. It has since been rebuilt as an IIS and Backup Exec server.
One used to be a secondary DNS and an IIS server. It has since been rebuilt as an email server. Secondary DNS was moved to a system that we are keeping until the migration is done (He will be collocating elsewhere and not using our DNS servers any longer.)
The last machine (the Domain Controller in question) was a mail server (now moved), Primary DNS server (needs to be moved) and Domain Controller.
I don’t think rebuilding the domain will be that big of a deal since this domain controller only authenticates logins for the domain for 2 accounts, a backup exec account and the admin account on all machines.
Losing the user and computer accounts should not be that big of a deal, and there are no GPOs on this particular domain, besides default configs. I really don’t want to promote one of the newly rebuilt servers to a DC as they are running perfectly now as is.
I guess I need to know how much of a pain it is to rip out a domain controller and rebuild it so it can be dropped back in the exact same role, minus Primary Internet DNS.
What would you do?
A founding member of the company I work for is leaving and had a TON of his personal stuff spread across 16+ web/mail/ftp servers. We have consolidated it all to one set of servers, 3 have been allocated for this project. Management wants me to maintain this hardware allocation, and wipe and rebuild each server to suit his needs, while ensuring that the systems are stable (we’ve had 4 non-documenting system administrators in the last 5+ years and the systems are a mess,) and also to make sure no information is left on the systems related to the parent company.
The bulk of this work is done. I rebuilt new DNS servers and migrated all of the domains we are keeping to a whole new domain, upgrading and rebuilding everything in the migration process. The last piece of the puzzle is this original (largely unused) domain controller, that only he is going to use, and is going to be taken offsite when I am done with it.
Original and Current Configuration of the servers is as follows:
One system was a Backup Exec server. It has since been rebuilt as an IIS and Backup Exec server.
One used to be a secondary DNS and an IIS server. It has since been rebuilt as an email server. Secondary DNS was moved to a system that we are keeping until the migration is done (He will be collocating elsewhere and not using our DNS servers any longer.)
The last machine (the Domain Controller in question) was a mail server (now moved), Primary DNS server (needs to be moved) and Domain Controller.
I don’t think rebuilding the domain will be that big of a deal since this domain controller only authenticates logins for the domain for 2 accounts, a backup exec account and the admin account on all machines.
Losing the user and computer accounts should not be that big of a deal, and there are no GPOs on this particular domain, besides default configs. I really don’t want to promote one of the newly rebuilt servers to a DC as they are running perfectly now as is.
I guess I need to know how much of a pain it is to rip out a domain controller and rebuild it so it can be dropped back in the exact same role, minus Primary Internet DNS.
What would you do?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'll give this a try next week and assign split points when it's a success! *knockknockknock* Thanks you two!
ASKER
Looks like the change will happen early NEXT week, so I'll assign points then.
A few more questions, if I may:
1. What is the exact dcpromo command to demote the old server before I take it offline and rebuild it?
2. How can I make sure that the new server has all the proper FSMO roles assigned to it? I followed the instructions provided by PeteLong to the letter and it seems OK, although I wasn't sure what to do with the Global Catalog as his instructions said not to run it on the same machine as the Infrastructure Master role. I only had one doamin controller before I started this process, so where did the Global Catalog and Infrastructure Master role reside before, if not on the same server?
Thanks!
-Patrick
A few more questions, if I may:
1. What is the exact dcpromo command to demote the old server before I take it offline and rebuild it?
2. How can I make sure that the new server has all the proper FSMO roles assigned to it? I followed the instructions provided by PeteLong to the letter and it seems OK, although I wasn't sure what to do with the Global Catalog as his instructions said not to run it on the same machine as the Infrastructure Master role. I only had one doamin controller before I started this process, so where did the Global Catalog and Infrastructure Master role reside before, if not on the same server?
Thanks!
-Patrick
ASKER
All done and it works! Thanks you guys!
Sorry for the delay - here's some comments regarding your past questions:
This will explain Operations Masters and verifying their locations in a variety of ways:
http://is-it-true.org/nt/nt2000/atips/atips56.shtml
As you probably already figured out, just run DCPROMO - it's a wizard and will provide an option to remove Active Directory from the computer.
This will explain Operations Masters and verifying their locations in a variety of ways:
http://is-it-true.org/nt/nt2000/atips/atips56.shtml
As you probably already figured out, just run DCPROMO - it's a wizard and will provide an option to remove Active Directory from the computer.
ASKER