?
Solved

DC Migration Action Plan

Posted on 2007-11-22
8
Medium Priority
?
677 Views
Last Modified: 2010-03-17
Hi,

I am trying to put together an action plan for the migration of our current domain controller to a new domain controller [as we are running into space issues].

This is what I have came up [this is my first time].



Goal: To successful migrate the existing domain controller (pkserv1) to another server (dc2)

Action Plan:

1) installation of windows 2003, application of all available service packs and windows update on dc2
2) network integration of dc2, including domain membership and IP configuration
3) installation of DNS on dc2 [as a secondary zone].

   Some background info: the primary zone for DNS is running from the exchange server and the 2 domain controllers are running secondary zones. We don’t have AD integrated DNS.

Also there are no FSMO roles on pkserv1.

4) confirm DNS is working fine on dc2
    Need some help here: what tool should I use?

4) installation of AD (dcpromo) on dc2
5) transfer of the user data from existing server (pkserv1) to dc2
6) transfer of printer settings from pkserv1 to dc2
7) test that users are able to login and access their data on dc2
8) preparation and shutdown of the old server. Remove AD using dcpromo
9) remove the secondary zone DNS from pkserv.

   [Need some help here]: what tool should I use?
 
   Is it as simple as right clicking the zone and pressing the delete button?

10) Need to check that pkserv1 is no longer exists as a domain controller.

   Tools to use:  

Netdiag and Dcdiag, check Active Directory Site and Services, and make sure it does not exist there.

Can someone please help me – if I have missed something.

Thanks a bunch!





For more background info please refer to:

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_2003_Active_Directory/Q_22971272.html#a20321189
 
0
Comment
Question by:melu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20336446
0
 

Author Comment

by:melu
ID: 20336464
Hi Jay,

I have gone through your guide in my previous posting (and given you points for that).

The scenario now is different - I want help on 4, 9 and overall help in terms of the action plan.
Look for any gaps that I have missed etc.

Regards
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20336502
oh this is the one we are working on in the other Q
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:melu
ID: 20336742
Hi,

I am trying to find a solution of 4) i.e confirm DNS is working fine.

According the following MS Technet article

http://technet2.microsoft.com/windowsserver/en/library/b96e3f0a-bf98-4a80-8718-dd80dc1071fd1033.mspx?mfr=true


one should use netdiag /test:dns /v


I have run that on dc2 - and am getting something strange. Here are the results:



DNS test . . . . . . . . . . . . . : Passed
      Interface {DCF05740-D70F-4D7C-A18B-CD29999CE4C2}
        DNS Domain:
        DNS Servers: 10.10.250.140
        IP Address:         Expected registration with PDN (primary DNS domain name):
          Hostname: dc2.myDomain.com.
          Authoritative zone: myDomain.com.
          Primary DNS server: parkex.myDomain.com 10.10.250.122
          Authoritative NS:10.10.250.120 10.10.250.122 10.10.250.140



so my question is:

1) what does it mean "expected registration with PDN".

2) the Authoritative Name servers are: 10.10.250.120 10.10.250.122 10.10.250.140

  which are respectively pkserv1, parkex, and pkcore.


Do I need to add dc2 [10.10.250.5] as a nameserver?


Thanks
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20336790
often you will find that they dont get updates auto, so yes, you may need to manually create that entry for yourself....i know i did at some stage or another...

When dealing with Seondary zones i am a little out of touch as to the exact results a diag will return
0
 

Author Comment

by:melu
ID: 20338924
Hi,

any other experts who can assist, please?
0
 

Author Comment

by:melu
ID: 20339285
Hi

Prior to installing AD - need to run some perquisites checks:


I am referring to:

http://technet2.microsoft.com/windowsserver/en/library/b96e3f0a-bf98-4a80-8718-dd80dc1071fd1033.mspx?mfr=true

in point 8) Verify the availability of the operations masters


In it, Microsoft recommend running:


dcdiag /s: pkcore /test:knowsofroleholders /v
dcdiag /s: pkcore /test:fsmocheck /v

where pkcore is my main domain controller.



Also, in kb 265706, they recommend running:

dcdiag /test:dcpromo /dnsdomain:mydomain.com /replicadc

this basically is to test so that the DNS configuration is sufficient to allow this computer to be promoted as a replica domain controller in the mydomain.com domain.


So my question are this tests the right ones?

Thanks
0
 

Accepted Solution

by:
melu earned 0 total points
ID: 20411615
Hi,

Can we close this question with points refunded as I have not received any satisfactory answer?

Thanks.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question