Solved

DC Migration Action Plan

Posted on 2007-11-22
8
668 Views
Last Modified: 2010-03-17
Hi,

I am trying to put together an action plan for the migration of our current domain controller to a new domain controller [as we are running into space issues].

This is what I have came up [this is my first time].



Goal: To successful migrate the existing domain controller (pkserv1) to another server (dc2)

Action Plan:

1) installation of windows 2003, application of all available service packs and windows update on dc2
2) network integration of dc2, including domain membership and IP configuration
3) installation of DNS on dc2 [as a secondary zone].

   Some background info: the primary zone for DNS is running from the exchange server and the 2 domain controllers are running secondary zones. We don’t have AD integrated DNS.

Also there are no FSMO roles on pkserv1.

4) confirm DNS is working fine on dc2
    Need some help here: what tool should I use?

4) installation of AD (dcpromo) on dc2
5) transfer of the user data from existing server (pkserv1) to dc2
6) transfer of printer settings from pkserv1 to dc2
7) test that users are able to login and access their data on dc2
8) preparation and shutdown of the old server. Remove AD using dcpromo
9) remove the secondary zone DNS from pkserv.

   [Need some help here]: what tool should I use?
 
   Is it as simple as right clicking the zone and pressing the delete button?

10) Need to check that pkserv1 is no longer exists as a domain controller.

   Tools to use:  

Netdiag and Dcdiag, check Active Directory Site and Services, and make sure it does not exist there.

Can someone please help me – if I have missed something.

Thanks a bunch!





For more background info please refer to:

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_2003_Active_Directory/Q_22971272.html#a20321189
 
0
Comment
Question by:melu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20336446
0
 

Author Comment

by:melu
ID: 20336464
Hi Jay,

I have gone through your guide in my previous posting (and given you points for that).

The scenario now is different - I want help on 4, 9 and overall help in terms of the action plan.
Look for any gaps that I have missed etc.

Regards
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20336502
oh this is the one we are working on in the other Q
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 

Author Comment

by:melu
ID: 20336742
Hi,

I am trying to find a solution of 4) i.e confirm DNS is working fine.

According the following MS Technet article

http://technet2.microsoft.com/windowsserver/en/library/b96e3f0a-bf98-4a80-8718-dd80dc1071fd1033.mspx?mfr=true


one should use netdiag /test:dns /v


I have run that on dc2 - and am getting something strange. Here are the results:



DNS test . . . . . . . . . . . . . : Passed
      Interface {DCF05740-D70F-4D7C-A18B-CD29999CE4C2}
        DNS Domain:
        DNS Servers: 10.10.250.140
        IP Address:         Expected registration with PDN (primary DNS domain name):
          Hostname: dc2.myDomain.com.
          Authoritative zone: myDomain.com.
          Primary DNS server: parkex.myDomain.com 10.10.250.122
          Authoritative NS:10.10.250.120 10.10.250.122 10.10.250.140



so my question is:

1) what does it mean "expected registration with PDN".

2) the Authoritative Name servers are: 10.10.250.120 10.10.250.122 10.10.250.140

  which are respectively pkserv1, parkex, and pkcore.


Do I need to add dc2 [10.10.250.5] as a nameserver?


Thanks
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20336790
often you will find that they dont get updates auto, so yes, you may need to manually create that entry for yourself....i know i did at some stage or another...

When dealing with Seondary zones i am a little out of touch as to the exact results a diag will return
0
 

Author Comment

by:melu
ID: 20338924
Hi,

any other experts who can assist, please?
0
 

Author Comment

by:melu
ID: 20339285
Hi

Prior to installing AD - need to run some perquisites checks:


I am referring to:

http://technet2.microsoft.com/windowsserver/en/library/b96e3f0a-bf98-4a80-8718-dd80dc1071fd1033.mspx?mfr=true

in point 8) Verify the availability of the operations masters


In it, Microsoft recommend running:


dcdiag /s: pkcore /test:knowsofroleholders /v
dcdiag /s: pkcore /test:fsmocheck /v

where pkcore is my main domain controller.



Also, in kb 265706, they recommend running:

dcdiag /test:dcpromo /dnsdomain:mydomain.com /replicadc

this basically is to test so that the DNS configuration is sufficient to allow this computer to be promoted as a replica domain controller in the mydomain.com domain.


So my question are this tests the right ones?

Thanks
0
 

Accepted Solution

by:
melu earned 0 total points
ID: 20411615
Hi,

Can we close this question with points refunded as I have not received any satisfactory answer?

Thanks.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question