Solved

Domain Controller and netdom

Posted on 2006-06-16
7
632 Views
Last Modified: 2008-01-16
We have a domain controller named Bravo the PDC file server. We want to move it to a server named Kilo and then rename kilo to bravo.

The Plan

Promote Kilo to a Domain Controller move all the files and folder maintian there permissisions and shares.

let sit for an hour or so to allow AD to replicate

demote bravo rename to lima

rename kilo to bravo change all kilos ip addresses to match old bravos change all bravos ip address to match old kilos

Will this work with the netdom tool or is it going to screw up active directory

0
Comment
Question by:arahming
7 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 16923996
You can't rename a domain controller.
Plus you will also have to make sure that all the roles move across and the global catalog status.

Therefore you would have to demote the server, drop it in to a workgroup, then rename it, reboot and put it back in the domain. Don't try and shortcut by doing two of those parts without rebooting.

As long as you don't touch any of the permissions they should be retained.

Simon.
0
 
LVL 5

Expert Comment

by:Amitspeedstar
ID: 16926174


First demote ur bravo and join it in workgroup anname it bravo1 , now change kilo name as bravo , and promote it as a DC . ok now join bravo1 to domain and copy all files and folders as u mentioned above .

As long as do not touch permissions they will remain intact . and in the end u can the ip address as u mentioned above between kilo and bravo which is now bravo1 .

Amit.
0
 
LVL 83

Expert Comment

by:oBdA
ID: 16926619
IF you're running Server 2003, AND your domain is running in Server 2003 functional level, you CAN rename a DC (you can just use the GUI as usual, not even a need for netdom).
Just make sure you rename the sysvol member object to avoid later confusion:
You Must Rename the SYSVOL Member Object to Rename a Windows Server 2003 Domain Controller
http://support.microsoft.com/?kbid=316826
The best method to actually do this depends on whether you want to keep the old bravo (future lima if I understood you correctly) as DC, or if you want it to be just a member server.

amitspeedstar,
if bravo is arahming's only DC, your advice will cost him his domain ...
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 1

Author Comment

by:arahming
ID: 16926986
Bravo is in fact my only domain controller. I will be running both of your recommendations in a beta environment this weekend thanks
0
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 16927104
My comment about "The best method to actually do this depends on whether you want to keep the old bravo (future lima if I understood you correctly) as DC, or if you want it to be just a member server." was actually a question.
Anyway, since this is your only DC (and probably running DNS), I'd recommend the following:
1. let kilo point to bravo as the only DNS server in TCP/IP; install DNS on kilo, but do NOT create any zones.
2. if you haven't done so already, change the DNS zones on bravo to AD integrated.
3. dcpromo kilo; the AD integrated DNS zones should appear automatically on kilo.
4. change the DNS settings in TCP/IP on bravo and kilo to point to itself as primary, the other one as secondary.
5. run netdiag and dcdiag to make sure everything is okay.
6. Make kilo a GC, and move the FSMO roles to kilo (see links below)
7. run netdiag and dcdiag to make sure everything is okay.
8. for the sake of completeness, transfer the Licensing server to kilo (AD Sites and Services, right-click "License Server" in the right pane, choose Properties, move it to kilo).

If you do NOT want to keep bravo as DC:
9. change the DNS settings in TCP/IP on bravo to point to kilo as only DNS.
10. dcpromo down bravo (which will remove the AD integrated DNS zones from bravo), rename it to lima.
11. check AD sites and services and remove bravo entries; remove any SRV entries in DNS referring to bravo that might have survived.
12. rename kilo to bravo, rename the sysvol object.

If you *want* to keep bravo as DC:
9. rename bravo to lima, rename the sysvol object.
10. rename kilo to bravo, rename the sysvol object.

Finally, both scenarios again:
11. change the IP addresses.

How to promote a domain controller to a global catalog server
http://support.microsoft.com/?kbid=296882

How To View and Transfer FSMO Roles in Windows Server 2003
http://support.microsoft.com/?kbid=324801

Just in case you haven't come across it yet, as far as the beta environment is concerned, I'd recommend using Virtual Server:
Microsoft Virtual Server 2005 R2
http://www.microsoft.com/windowsserversystem/virtualserver/default.mspx
0
 
LVL 1

Author Comment

by:arahming
ID: 16928019
thanks odba you must have spent extra time on your MCSE......
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

I have never ceased to be amazed how many problems you can encounter on a fresh install of a Windows operating system.  This is certainly case in point& Unable to complete ANY MSI installation.  This means Windows Updates are failing and I can't …
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now