Solved

Migrating PDC, domain naming question reagrding logins

Posted on 2007-04-06
3
179 Views
Last Modified: 2010-03-18
Hello,

We are planning to migrate our current domain controller to a new machine with better hardware.  Our current domain controller is creatively named "domain".  The new DC will be named "Master".  

My question is all our machines and webservices login/authenticate through domain.company.com, if we migrate to the new machine, master.company.com, will those clients that log in be able to because of the name change?  Or would I make a new A Record pointing 'domain' to 'master'?

thanks
0
Comment
Question by:KCCMacMan
  • 2
3 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 18867807
Just to clarify We are talking about Windows 2000 or 2003 here?
The reason I ask is that in Windows 2000/2003 there is no such thing as a PDC and BDC. There are just domain controllers, one of which holds a PDC emulator role. All DCs contain live, unpdateable copies of Active Directory.

The way to do this cleanly is as follows:-

Install Windows 2003 on the new hardware
Assign the new computer an IP address and subnet mask on the existing network
Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller)

Join the new machine to the existing domain as a member server

If the new Windows 2003 server is the ‘R2’ version and the existing set-up is not then you need to run Adprep  from CD2 of the R2 disks on the existing Domain controller. Adprep is in the \CMPNENTS\R2\ folder on CD2

From the command line promote the new machine to a domain controller with the DCPROMO command from the command line
Select ‘Additional Domain Controller in an existing Domain’

Once Active Directory is installed then to make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the ‘Global Catalog’ checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Assuming that you were using Active Directory Integrated DNS on the first Domain Controller, DNS will have replicated to the new domain controller along with Active Directory.

If you are using DHCP you should spread this across the domain controllers for now. In a simple single domain this is easiest done by Setting up DHCP on the second Domain controller and using a scope on the same network that does not overlap with the existing scope on the other Domain Controller. Don’t forget to set the default gateway (router) and DNS Servers.

All the clients (and the domain controllers themselves) need to have their Preferred DNS server set to one domain controller, and the Alternate DNS to the other, that way if one of the DNS Servers fails, the clients will automatically use the other,

Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and DHCP.
You now need to mode the FSMO roles (including the PDC emulator from the old machine to the new machine.  You should cleanly transfer the FSMO roles see http://support.microsoft.com/kb/255504

You should now test that all os OK by disconnecting the old DC. The domain should continue to fuction, if not then troubleshoot. Reconnect the old Domain controller. when satisfied all is OK.

Once you are sure that all is OK then you can either leave both Domain controllers operational, two domain controllers are normally recommended for fault tollerance.

If you want to get rid of the old Domain controller then:
You should make sure that all the clients are using the new Domain Controller as their preferred DNS Server - and the Alternate DNS server is blank.
Run DCPROMO on the old DC to demote it back to a member server, then remove it from the domain.
Reconfigure the DHCP scope if reqired.

If you follow this guidance it should result in a clean transition. There is no need to rename anything or manually add any DNS info.

0
 
LVL 70

Accepted Solution

by:
KCTS earned 500 total points
ID: 18867878
I'll just repeat that - without the typo's

Just to clarify, we are talking about Windows 2000 or 2003 here arn’t we?
The reason I ask is that in Windows 2000/2003 there is no such thing as a PDC and BDC. There are just domain controllers, one of which holds a PDC emulator role. All Domain Controllers contain live, updateable copies of Active Directory in a Multi-Master Database.

The way to cleanly replace a Domain Controller cleanly and with minimal disruption to users is as follows:-

Install Windows 2003 on the new hardware
Assign the new computer an IP address and subnet mask on the existing network
Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller)

Join the new machine to the existing domain as a member server

Note: If the new Windows 2003 server is the ‘R2’ version and the existing set-up is not then you need to run Adprep  from CD2 of the R2 disks on the existing Domain controller. Adprep is in the \CMPNENTS\R2\ folder on CD2.

From the command line promote the new machine to a domain controller with the DCPROMO command from the command line
Select ‘Additional Domain Controller in an existing Domain’

Once Active Directory is installed then to make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the ‘Global Catalog’ checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Assuming that you were using Active Directory Integrated DNS on the first Domain Controller, DNS will have replicated to the new domain controller along with Active Directory.

If you are using DHCP you should spread this across the domain controllers for now. In a simple single domain this is easiest done by Setting up DHCP on the second Domain controller and using a scope on the same network that does not overlap with the existing scope on the other Domain Controller. Don’t forget to set the default gateway (router) and DNS Servers.

For now, all the clients (and the domain controllers themselves) need to have their Preferred DNS server set to one domain controller (the new one), and the Alternate DNS to the other (the old one), that way if one of the DNS Servers fails, the clients will automatically use the other.

Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and DHCP.
You now need to move the FSMO roles (including the PDC emulator from the old machine to the new machine.  You should cleanly transfer the FSMO roles. This can be done in different ways see http://support.microsoft.com/kb/255504 or http://support.microsoft.com/kb/324801 or http://www.petri.co.il/transferring_fsmo_roles.htm for alternatives methods that can be used.

You should now test that all is OK by disconnecting the old DC (just unplug the network cable). The domain should continue to function, if not then troubleshoot. Reconnect the old Domain Controller when you are satisfied all is OK.

Once you are sure that all is OK then you can either leave both Domain controllers operational, (two domain controllers are normally recommended for fault tolerance)

If you really want to get rid of the old Domain controller then:

You should make sure that all the clients are using the new Domain Controller as their preferred DNS Server - and the Alternate DNS server is blank.

Run DCPROMO on the old DC to demote it back to a member server, and then remove it from the domain.
Reconfigure the DHCP scope if required.

If you follow this guidance it should result in a clean transition. There is no need to rename anything or manually add any DNS info.
0
 
LVL 1

Author Comment

by:KCCMacMan
ID: 18868002
excellent, and quite a bit more than i expected from a reply.

the reason i said PDC was my upbringing on through 2000, the name kind of just stuck for descriptive purposes I guess!

Yes, this is between two 2003 servers.  Yes, we will be using the older server as a backup.

thanks!
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Resolve DNS query failed errors for Exchange
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now