Upgrade Windows Active Directory server

Posted on 2007-12-06
Last Modified: 2010-04-18
I am replacing our Active Directory/Global Catalog/File & Print server at one of our satellite offices with a brand new server with warranty.

My current plan is to accomplish this using the following methodology:
- Install Windows 2003 on new server and give exactly the same name and static ip address.
- Take backup of current server (Windows 2003) and uninstall AD using dcpromo.
- Run dcpromo on the new server at add it to the domain.  Wait for replication to complete.
- Restore files to new server.
- Have clients log in normally?

What I would like to know:
For those experts who are experienced with this can you please provide any details I might want to look out for (possible issues/problems) using the methodology above or suggest a better methodology (possibly less risk) with reasons why?

Thanks in advance.
Please only respond if you have experience doing this in a large environment with multiple GC and AD controllers.
Question by:Joesmail
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 96

Accepted Solution

Lee W, MVP earned 500 total points
ID: 20424385
You can do it that way, but you will need to reset the computer account AFTER you have demoted the original DC.

LVL 10

Author Comment

ID: 20424465
Hi lee,

By resetting the account, do you mean just removing it from the domain after demoting it to a member server?

What way would you recommend?  I have tested restoring everything including AD using Veritas  to a test server although this seems very risky.  Alternatively, I could just install it next to the orginal server and migrate data although this will require changes on every client.  e.g. software, shares etc...

LVL 10

Author Comment

ID: 21055393
I don't believe this  attempt to answer my first question deserves points.  The fact you didn't even respond to my second posting shows you don't deserve it.  I know if I try to arbitrate this question I will only get "well he did try to answer your question".

It would be nice if someone else good just put a ".." so I can give them the 500 points.  Unfortunately no one has bothered.  Amazing how this forum has changed!!!  Disappointing.
Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

LVL 96

Expert Comment

by:Lee W, MVP
ID: 21055502
WOW... how amazingly rude of you... I miss ONE e-mail about this question and you think I "don't deserve" to be awarded the points... Do you have ANY IDEA how many notifications from EE I get per day?  Would it have killed you to just drop another comment a day or two later - instead of 3 months later?  As you can see, I DO respond... when I haven't missed the comment... so yes, I DO OBJECT to you deleting and asking for a refund.  My answer stands.

Frankly, I'm a little surprised that you, as a long time MCSE, didn't understand what I meant by "resetting the computer account".  I meant just that - you go into ADU&C and right click on the account and select Reset.

What I would do depends on the requirements of the local site.  Frankly, in my networks, I setup logon scripts that map to servers so if I have to replace a box, I just need to change a logon script entry and everyone's pointed to the new server.  So I would install the system with a new, unique name, avoiding any possible conflicts, and just migrate my user data to it, modifying the logon script.  This also assumes that the remote site only has one server that's acting as a file server, among other things.

LVL 10

Author Comment

ID: 21056789
It wasn't worth the effort.  Have the points.
LVL 96

Expert Comment

by:Lee W, MVP
ID: 21057914
But it was worth the effort to post 3 months later and rant about it.  

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question