Solved

Domain Controller and netdom

Posted on 2006-06-16
7
636 Views
Last Modified: 2008-01-16
We have a domain controller named Bravo the PDC file server. We want to move it to a server named Kilo and then rename kilo to bravo.

The Plan

Promote Kilo to a Domain Controller move all the files and folder maintian there permissisions and shares.

let sit for an hour or so to allow AD to replicate

demote bravo rename to lima

rename kilo to bravo change all kilos ip addresses to match old bravos change all bravos ip address to match old kilos

Will this work with the netdom tool or is it going to screw up active directory

0
Comment
Question by:arahming
7 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 16923996
You can't rename a domain controller.
Plus you will also have to make sure that all the roles move across and the global catalog status.

Therefore you would have to demote the server, drop it in to a workgroup, then rename it, reboot and put it back in the domain. Don't try and shortcut by doing two of those parts without rebooting.

As long as you don't touch any of the permissions they should be retained.

Simon.
0
 
LVL 5

Expert Comment

by:Amitspeedstar
ID: 16926174


First demote ur bravo and join it in workgroup anname it bravo1 , now change kilo name as bravo , and promote it as a DC . ok now join bravo1 to domain and copy all files and folders as u mentioned above .

As long as do not touch permissions they will remain intact . and in the end u can the ip address as u mentioned above between kilo and bravo which is now bravo1 .

Amit.
0
 
LVL 83

Expert Comment

by:oBdA
ID: 16926619
IF you're running Server 2003, AND your domain is running in Server 2003 functional level, you CAN rename a DC (you can just use the GUI as usual, not even a need for netdom).
Just make sure you rename the sysvol member object to avoid later confusion:
You Must Rename the SYSVOL Member Object to Rename a Windows Server 2003 Domain Controller
http://support.microsoft.com/?kbid=316826
The best method to actually do this depends on whether you want to keep the old bravo (future lima if I understood you correctly) as DC, or if you want it to be just a member server.

amitspeedstar,
if bravo is arahming's only DC, your advice will cost him his domain ...
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 1

Author Comment

by:arahming
ID: 16926986
Bravo is in fact my only domain controller. I will be running both of your recommendations in a beta environment this weekend thanks
0
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 16927104
My comment about "The best method to actually do this depends on whether you want to keep the old bravo (future lima if I understood you correctly) as DC, or if you want it to be just a member server." was actually a question.
Anyway, since this is your only DC (and probably running DNS), I'd recommend the following:
1. let kilo point to bravo as the only DNS server in TCP/IP; install DNS on kilo, but do NOT create any zones.
2. if you haven't done so already, change the DNS zones on bravo to AD integrated.
3. dcpromo kilo; the AD integrated DNS zones should appear automatically on kilo.
4. change the DNS settings in TCP/IP on bravo and kilo to point to itself as primary, the other one as secondary.
5. run netdiag and dcdiag to make sure everything is okay.
6. Make kilo a GC, and move the FSMO roles to kilo (see links below)
7. run netdiag and dcdiag to make sure everything is okay.
8. for the sake of completeness, transfer the Licensing server to kilo (AD Sites and Services, right-click "License Server" in the right pane, choose Properties, move it to kilo).

If you do NOT want to keep bravo as DC:
9. change the DNS settings in TCP/IP on bravo to point to kilo as only DNS.
10. dcpromo down bravo (which will remove the AD integrated DNS zones from bravo), rename it to lima.
11. check AD sites and services and remove bravo entries; remove any SRV entries in DNS referring to bravo that might have survived.
12. rename kilo to bravo, rename the sysvol object.

If you *want* to keep bravo as DC:
9. rename bravo to lima, rename the sysvol object.
10. rename kilo to bravo, rename the sysvol object.

Finally, both scenarios again:
11. change the IP addresses.

How to promote a domain controller to a global catalog server
http://support.microsoft.com/?kbid=296882

How To View and Transfer FSMO Roles in Windows Server 2003
http://support.microsoft.com/?kbid=324801

Just in case you haven't come across it yet, as far as the beta environment is concerned, I'd recommend using Virtual Server:
Microsoft Virtual Server 2005 R2
http://www.microsoft.com/windowsserversystem/virtualserver/default.mspx
0
 
LVL 1

Author Comment

by:arahming
ID: 16928019
thanks odba you must have spent extra time on your MCSE......
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question