[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Upgrade Windows Active Directory server

Posted on 2007-12-06
6
Medium Priority
?
354 Views
Last Modified: 2010-04-18
I am replacing our Active Directory/Global Catalog/File & Print server at one of our satellite offices with a brand new server with warranty.

My current plan is to accomplish this using the following methodology:
- Install Windows 2003 on new server and give exactly the same name and static ip address.
- Take backup of current server (Windows 2003) and uninstall AD using dcpromo.
- Run dcpromo on the new server at add it to the domain.  Wait for replication to complete.
- Restore files to new server.
- Have clients log in normally?

What I would like to know:
For those experts who are experienced with this can you please provide any details I might want to look out for (possible issues/problems) using the methodology above or suggest a better methodology (possibly less risk) with reasons why?

Thanks in advance.
Please only respond if you have experience doing this in a large environment with multiple GC and AD controllers.
0
Comment
Question by:Joesmail
  • 3
  • 3
6 Comments
 
LVL 97

Accepted Solution

by:
Lee W, MVP earned 1000 total points
ID: 20424385
You can do it that way, but you will need to reset the computer account AFTER you have demoted the original DC.

0
 
LVL 10

Author Comment

by:Joesmail
ID: 20424465
Hi lee,

By resetting the account, do you mean just removing it from the domain after demoting it to a member server?

What way would you recommend?  I have tested restoring everything including AD using Veritas  to a test server although this seems very risky.  Alternatively, I could just install it next to the orginal server and migrate data although this will require changes on every client.  e.g. software, shares etc...

0
 
LVL 10

Author Comment

by:Joesmail
ID: 21055393
I don't believe this  attempt to answer my first question deserves points.  The fact you didn't even respond to my second posting shows you don't deserve it.  I know if I try to arbitrate this question I will only get "well he did try to answer your question".

It would be nice if someone else good just put a ".." so I can give them the 500 points.  Unfortunately no one has bothered.  Amazing how this forum has changed!!!  Disappointing.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 97

Expert Comment

by:Lee W, MVP
ID: 21055502
WOW... how amazingly rude of you... I miss ONE e-mail about this question and you think I "don't deserve" to be awarded the points... Do you have ANY IDEA how many notifications from EE I get per day?  Would it have killed you to just drop another comment a day or two later - instead of 3 months later?  As you can see, I DO respond... when I haven't missed the comment... so yes, I DO OBJECT to you deleting and asking for a refund.  My answer stands.

Frankly, I'm a little surprised that you, as a long time MCSE, didn't understand what I meant by "resetting the computer account".  I meant just that - you go into ADU&C and right click on the account and select Reset.

What I would do depends on the requirements of the local site.  Frankly, in my networks, I setup logon scripts that map to servers so if I have to replace a box, I just need to change a logon script entry and everyone's pointed to the new server.  So I would install the system with a new, unique name, avoiding any possible conflicts, and just migrate my user data to it, modifying the logon script.  This also assumes that the remote site only has one server that's acting as a file server, among other things.



0
 
LVL 10

Author Comment

by:Joesmail
ID: 21056789
It wasn't worth the effort.  Have the points.
0
 
LVL 97

Expert Comment

by:Lee W, MVP
ID: 21057914
But it was worth the effort to post 3 months later and rant about it.  
0

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Scripts are great for performing batch jobs against users, however sometimes the GUI is all you need.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question