Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Migrating PDC, domain naming question reagrding logins

Posted on 2007-04-06
3
Medium Priority
?
189 Views
Last Modified: 2010-03-18
Hello,

We are planning to migrate our current domain controller to a new machine with better hardware.  Our current domain controller is creatively named "domain".  The new DC will be named "Master".  

My question is all our machines and webservices login/authenticate through domain.company.com, if we migrate to the new machine, master.company.com, will those clients that log in be able to because of the name change?  Or would I make a new A Record pointing 'domain' to 'master'?

thanks
0
Comment
Question by:KCCMacMan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 18867807
Just to clarify We are talking about Windows 2000 or 2003 here?
The reason I ask is that in Windows 2000/2003 there is no such thing as a PDC and BDC. There are just domain controllers, one of which holds a PDC emulator role. All DCs contain live, unpdateable copies of Active Directory.

The way to do this cleanly is as follows:-

Install Windows 2003 on the new hardware
Assign the new computer an IP address and subnet mask on the existing network
Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller)

Join the new machine to the existing domain as a member server

If the new Windows 2003 server is the ‘R2’ version and the existing set-up is not then you need to run Adprep  from CD2 of the R2 disks on the existing Domain controller. Adprep is in the \CMPNENTS\R2\ folder on CD2

From the command line promote the new machine to a domain controller with the DCPROMO command from the command line
Select ‘Additional Domain Controller in an existing Domain’

Once Active Directory is installed then to make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the ‘Global Catalog’ checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Assuming that you were using Active Directory Integrated DNS on the first Domain Controller, DNS will have replicated to the new domain controller along with Active Directory.

If you are using DHCP you should spread this across the domain controllers for now. In a simple single domain this is easiest done by Setting up DHCP on the second Domain controller and using a scope on the same network that does not overlap with the existing scope on the other Domain Controller. Don’t forget to set the default gateway (router) and DNS Servers.

All the clients (and the domain controllers themselves) need to have their Preferred DNS server set to one domain controller, and the Alternate DNS to the other, that way if one of the DNS Servers fails, the clients will automatically use the other,

Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and DHCP.
You now need to mode the FSMO roles (including the PDC emulator from the old machine to the new machine.  You should cleanly transfer the FSMO roles see http://support.microsoft.com/kb/255504

You should now test that all os OK by disconnecting the old DC. The domain should continue to fuction, if not then troubleshoot. Reconnect the old Domain controller. when satisfied all is OK.

Once you are sure that all is OK then you can either leave both Domain controllers operational, two domain controllers are normally recommended for fault tollerance.

If you want to get rid of the old Domain controller then:
You should make sure that all the clients are using the new Domain Controller as their preferred DNS Server - and the Alternate DNS server is blank.
Run DCPROMO on the old DC to demote it back to a member server, then remove it from the domain.
Reconfigure the DHCP scope if reqired.

If you follow this guidance it should result in a clean transition. There is no need to rename anything or manually add any DNS info.

0
 
LVL 70

Accepted Solution

by:
KCTS earned 2000 total points
ID: 18867878
I'll just repeat that - without the typo's

Just to clarify, we are talking about Windows 2000 or 2003 here arn’t we?
The reason I ask is that in Windows 2000/2003 there is no such thing as a PDC and BDC. There are just domain controllers, one of which holds a PDC emulator role. All Domain Controllers contain live, updateable copies of Active Directory in a Multi-Master Database.

The way to cleanly replace a Domain Controller cleanly and with minimal disruption to users is as follows:-

Install Windows 2003 on the new hardware
Assign the new computer an IP address and subnet mask on the existing network
Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller)

Join the new machine to the existing domain as a member server

Note: If the new Windows 2003 server is the ‘R2’ version and the existing set-up is not then you need to run Adprep  from CD2 of the R2 disks on the existing Domain controller. Adprep is in the \CMPNENTS\R2\ folder on CD2.

From the command line promote the new machine to a domain controller with the DCPROMO command from the command line
Select ‘Additional Domain Controller in an existing Domain’

Once Active Directory is installed then to make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the ‘Global Catalog’ checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Assuming that you were using Active Directory Integrated DNS on the first Domain Controller, DNS will have replicated to the new domain controller along with Active Directory.

If you are using DHCP you should spread this across the domain controllers for now. In a simple single domain this is easiest done by Setting up DHCP on the second Domain controller and using a scope on the same network that does not overlap with the existing scope on the other Domain Controller. Don’t forget to set the default gateway (router) and DNS Servers.

For now, all the clients (and the domain controllers themselves) need to have their Preferred DNS server set to one domain controller (the new one), and the Alternate DNS to the other (the old one), that way if one of the DNS Servers fails, the clients will automatically use the other.

Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and DHCP.
You now need to move the FSMO roles (including the PDC emulator from the old machine to the new machine.  You should cleanly transfer the FSMO roles. This can be done in different ways see http://support.microsoft.com/kb/255504 or http://support.microsoft.com/kb/324801 or http://www.petri.co.il/transferring_fsmo_roles.htm for alternatives methods that can be used.

You should now test that all is OK by disconnecting the old DC (just unplug the network cable). The domain should continue to function, if not then troubleshoot. Reconnect the old Domain Controller when you are satisfied all is OK.

Once you are sure that all is OK then you can either leave both Domain controllers operational, (two domain controllers are normally recommended for fault tolerance)

If you really want to get rid of the old Domain controller then:

You should make sure that all the clients are using the new Domain Controller as their preferred DNS Server - and the Alternate DNS server is blank.

Run DCPROMO on the old DC to demote it back to a member server, and then remove it from the domain.
Reconfigure the DHCP scope if required.

If you follow this guidance it should result in a clean transition. There is no need to rename anything or manually add any DNS info.
0
 
LVL 1

Author Comment

by:KCCMacMan
ID: 18868002
excellent, and quite a bit more than i expected from a reply.

the reason i said PDC was my upbringing on through 2000, the name kind of just stuck for descriptive purposes I guess!

Yes, this is between two 2003 servers.  Yes, we will be using the older server as a backup.

thanks!
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question