Solved

Mixed DC platforms

Posted on 2008-10-22
12
184 Views
Last Modified: 2013-12-13
Is it acceptable practice to run a 32 bit Windows Server 2003 domain controller along side a 64 bit domain controller? WOuld there be any problems?
0
Comment
Question by:zen_68
  • 6
  • 6
12 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 250 total points
Comment Utility
Yes - perfectly acceptable - no issues
0
 

Author Comment

by:zen_68
Comment Utility
I'm removing a brand new server which was just added as a second dc. I should've ordered it with 64bit but didn't. Dell is sending me the 64 bit R2 discs so I can wipe this clean and start over in 64 flavor.

Do I run the adprep /domainprep  /forestprep from the 64 disc on the only dc remaining before promoting the new server which will start as a member server?
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 250 total points
Comment Utility
If its the same version of windows ie they are both the 2003 or both the 2003R2 then no need to run adprep.

You will have to DCPROMO the server that you added to remove it as a DC, if you intend to remove it and install the 64bit version on it, you cannot upgrade to 64bit - it has to be installed from scratch
0
 

Author Comment

by:zen_68
Comment Utility
Right, demote first via dcpromo, then take down to wipe and go 64 bit. My present older dc that will stay online currently has the FSMO roles. Its a much older box in terms of hardware & 2003 Regular instead of RC2. Should I consider transferring the roles?
0
 
LVL 70

Expert Comment

by:KCTS
Comment Utility
It won't improve performace if you do , but it may not be a bad idea in the long run - especially if you intend to replace the older server sometime soonish.
0
 

Author Comment

by:zen_68
Comment Utility
I also have your instructions for adding a dc. I followed them and they worked perfectly, thanks very much. One thing I did differently was to manually add the DNS server role to it after running dcpromo. Was this unecessary? I'm refering to the last line in your directions here:

The order does not matter, as long as the roles are present somewhere there will be no problems the process for replacing a domain controller is as follows:-

The way to cleanly replace a Domain Controller cleanly and with minimal disruption to users is as follows:-

Install Windows 2003 on the new hardware
Assign the new computer an IP address and subnet mask on the existing network
Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller)

Join the new machine to the existing domain as a member server

Note: If the new Windows 2003 server is the ‘R2’ version and the existing set-up is not then you need to run Adprep  from CD2 of the R2 disks on the existing Domain controller. Adprep is in the \CMPNENTS\R2\ folder on CD2.

From the command line promote the new machine to a domain controller with the DCPROMO command from the command line
Select ‘Additional Domain Controller in an existing Domain’

Once Active Directory is installed then to make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the ‘Global Catalog’ checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Assuming that you were using Active Directory Integrated DNS on the first Domain Controller, DNS will have replicated to the new domain controller along with Active Directory.

If you are using DHCP you should spread this across the domain controllers for now. In a simple single domain this is easiest done by Setting up DHCP on the second Domain controller and using a scope on the same network that does not overlap with the existing scope on the other Domain Controller. Don’t forget to set the default gateway (router) and DNS Servers.

For now, all the clients (and the domain controllers themselves) need to have their Preferred DNS server set to one domain controller (the new one), and the Alternate DNS to the other (the old one), that way if one of the DNS Servers fails, the clients will automatically use the other.

Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and DHCP.
You now need to move the FSMO roles (including the PDC emulator from the old machine to the new machine.  You should cleanly transfer the FSMO roles. This can be done in different ways see http://support.microsoft.com/kb/255504 or http://support.microsoft.com/kb/324801 or http://www.petri.co.il/transferring_fsmo_roles.htm for alternatives methods that can be used.

You should now test that all is OK by disconnecting the old DC (just unplug the network cable). The domain should continue to function, if not then troubleshoot. Reconnect the old Domain Controller when you are satisfied all is OK.

Once you are sure that all is OK then you can either leave both Domain controllers operational, (two domain controllers are normally recommended for fault tolerance)

If you really want to get rid of the old Domain controller then:

You should make sure that all the clients are using the new Domain Controller as their preferred DNS Server - and the Alternate DNS server is blank.

Run DCPROMO on the old DC to demote it back to a member server, and then remove it from the domain.
Reconfigure the DHCP scope if required.

If you follow this guidance it should result in a clean transition. There is no need to rename anything or manually add any DNS info.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:zen_68
Comment Utility
*********It won't improve performace if you do , but it may not be a bad idea in the long run - especially if you intend to replace the older server sometime soonish.********

I'm thinking it's gonna die before the new one will, as its like 5 years older.
0
 
LVL 70

Expert Comment

by:KCTS
Comment Utility
@@ zen_68 - this really is too much - if you are going to steal my words from other posts please have the decency to acknowledge the fact.....

0
 
LVL 70

Expert Comment

by:KCTS
Comment Utility
Opps - please ignore my comment - I thought it was another person stealing my words - it happens - sorry.
0
 

Author Comment

by:zen_68
Comment Utility
No no, I would never do such a thing. I found your instructions in another post and followed them when I first added this 32 bit dc. They worked very well and I thank you for posting them. Sorry If I did wrong by re-posting them.
0
 

Author Comment

by:zen_68
Comment Utility
I was looking for quates to make sure it was acknowledged they were your words!
0
 
LVL 70

Expert Comment

by:KCTS
Comment Utility
Please accept my apologies - I did not realise the post was from you as I did not read it properly - I thought someone else had jumped in as they sometimes do - and quoted one of my previous answers - once again apologies.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Go is an acronym of golang, is a programming language developed Google in 2007. Go is a new language that is mostly in the C family, with significant input from Pascal/Modula/Oberon family. Hence Go arisen as low-level language with fast compilation…
Learn about cloud computing and its benefits for small business owners.
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now