Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Replacing Servers in an Existing Domain

Posted on 2006-04-08
6
Medium Priority
?
243 Views
Last Modified: 2010-05-18
We have a domain consisting of a Domain Controller, a Terminal Server, and an Exchange Server. OS is Win 2003 Server. The DC and Term. Server both need to be replaced however we are concerned that this will affect the Exchange Server. The computer names will not change nor will the IP addresses and the DNS settings will be the same when the two computers are replaced. What will be the result of this change when the Exchange Server is confronted with these new computers?
0
Comment
Question by:Generator
6 Comments
 
LVL 97

Expert Comment

by:Lee W, MVP
ID: 16409965
If you do things right, there will be no change.

Keeping the same names will cause this to take longer than it should, but if need the names you need the names:

1.  Add new server with a NEW NAME and a different IP (we'll change it later) and run DCPROMO on it to make it a domain controller.
2.  Once the new server is a domain controller, transfer the FSMO roles, DNS, and global catalog to it.
3.  Run DCPROMO on the existing DC.  This makes it a member server.
4.  Rename the original DC to something else and change it's IP.
5.  run DCPROMO on the original server and promote it to a DC again.
6.  Transfer the FSMO roles, GC, and DNS back to the original server with the new name.
7.  Run DCPROMO on the new server DEMOTING it so it is no longer a DC.
8.  Rename the new server to the old server's name and change its IP to the old server's IP.
9.  Run DCPROMO on the new server and make it a DC again.
10.  Transfer the FSMO roles, DNS, and GC back to the new server using the old name and IP.
11.  Demote the old server by running DCPROMO again.
12.  Remove the old server from the network.

BUT, how many DCs do you currently have?  If only one, then leave the original Domain Controller in place and just add another - this will give you redundancy and help ensure if a DC fails, your mail and network doesn't.
0
 

Author Comment

by:Generator
ID: 16410133
This is a case of too many hands in the pot. We came to this company after a number of different techs tried to peacemeal this system to keep it going and consequently we were called in to "fix" things. The Terminal Server was in need of replacement due to wear and tear and upon looking at the way the DC was setup (improperly) we felt it was best to also replace that unit due to numerous errors, lockups, AD errors and slow response time. The only good part of the system was the exchange server. We have 50 users that require access to the system (locally and remotely) and down time is not acceptable (weekend job).
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16410496
I'd suggest that you will need two weekends for this.

First weekend, get the new server in, dcpromo'ed and add the global catalog within the ntds settings. Add in the dns etc and move the FSMO roles to the new server (remember to create any forwarders etc in the dns as well for when you shutdown the first box.... Move any shares, printers etc

Leave that for the rest of the week to ensure all your replication etc is functioning and as you would expect it to be. Then shutdown the original DC. Does everything continue to operate?
Now do a full backup of the original DC including system state and dcpromo out.

Done this so many times now its almost second nature. Lee has given you all the steps but this is a one way thing. Once its dcpromo'ed out your options are gone.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 

Author Comment

by:Generator
ID: 16411444
We are building the new DC and TS from scratch and were hoping to be able to connect to the existing Exchange server. Due to the multiple error situation on the original DC; we were worried that some of the system errors and security mistakes would propagate to the new units. So basically, we wanted to know if the Exchange server would crash upon being introduced to the new DC and TS. Yesterday we introduced the new terminal server to the existing DC and noted a large number of anomolies appearing in the TS after replication. Thanks to Lee and Keith for your expertise thus far.
0
 
LVL 97

Accepted Solution

by:
Lee W, MVP earned 2000 total points
ID: 16411841
You can't create a new DC on the side and slam it into place in AD.  You either run DCPROMO on the new server while the new server is a member of your domain - which will essentially copy Active Directory to it - in its current condition - or you start from scratch.   If you want to clean up your AD problems by replacing the DC, you're going to have to create a new domain and new exchange server and export the email from the old one, probably using Exmerge.
0
 
LVL 9

Expert Comment

by:cooledit
ID: 16417750
hi, there

If you are getting problems using the DCPROMO and it for some reason does not work here is a scenario you can try on.

Use the Ntsdutil on the server type like this:

Ntsdutil
roles
Connections
connect to server "Servername"
q
Seize domain naming master
Seize infrastructure master
Seize PDC
Seize RID master
Seize schema master

you can find the full explanation here:

http://www.petri.co.il/seizing_fsmo_roles.htm

It worked for me.....

Cooledit
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question