Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Move 2003 AD including GC and all FSMO to new subnet, then move Exchange.

Posted on 2009-03-30
6
Medium Priority
?
457 Views
Last Modified: 2012-06-21
I have an AD2003 native environment with (2) servers at our seattle site. DC1 is the GC and all FSMO roles with AD integrated DNS. This is the one which Exchange coughs over when it's rebooted. The other server (DC2) is AD integrated DNS and DHCP server holding all the scopes for this site. I have to move both and then our Exchange Cluster (2 nodes in active/standby) to a new subnet. We will be routing between the 2 subnets until the migration is complete. The DC's are replicating with other pgysical sites across WAN links. My concerns involve the steps and sequencing for DNS reverse lookup zones, replication partners, standby partners (never designed in the first place currently) and of course, the potential for breakign Exchange. I wish I could offer more than 500 for this somehow. I've read some of the links and other solutions already. Please don't point me to MS KB's unless they truly apply to exactly my situation. Thanks all!!!
0
Comment
Question by:marksheeks
6 Comments
 
LVL 80

Expert Comment

by:arnold
ID: 24024191
One you can add an IP from the new segment to each DC.  You need to at the same time configure your firewall to handle both segments.  When your data replicates, you can remove the old IP.

Are you mirating from 192.168.x.x to 172.z.x.y?
Or is the change necessitated because of a change in ISPs?
0
 
LVL 8

Accepted Solution

by:
Share-IT earned 1000 total points
ID: 24024411
As you are routing between the LANs there shouldn't be any issues with simply changing the ip addresses on the DC's. Just make sure that you do one at a time. Obviously you need to be awake as you'll need to update your DHCP scope with the new DNS servers etc. You'll also need to reconfigure your switches that have your IP Helpers so you don't break DHCP. but that's about it. The beauty of DNS is that you can change IP's as most systems look for a name.
As for adding additional IP addresses that's really not a good idea ad multi-homing DNS servers and DCs is generally considered a no-no.
Another alternative if you don't want to risk it (i've done it loads of time and never had issues so wouldn't worry), is to build a new DC with DNS, DHCP, etc. Then migrate the FSMO roles gracefully and make it a GC. Point the OAB and RUS servers (in exchange) to the new DC and then do as you please with the other DCs.
As for the Exchange Cluster just change the IP addresses of the nodes 1st then change the Virtual IP. here's a link for re-iping a cluster - i know you didn't want links but this applies. ;)
http://technet.microsoft.com/en-us/library/aa997813(EXCHG.65).aspx 
0
 

Author Comment

by:marksheeks
ID: 24029367
Awesome, thank you!
Is ther a preferred sequence to FSMO roles and/or should GC be enabled first please? Do you have an opinion. My impression is that the sequence does not matter.
Also, is it necesary to do anything in sites/svcs? Recommend any command line tools for verifying replication, GC operation? Thanks pal.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:marksheeks
ID: 24030921
to answer arnolds questions; it's all internal. we're redoing our vlans.
0
 
LVL 3

Assisted Solution

by:nskurs
nskurs earned 1000 total points
ID: 24035745
In a graceful transfer of an FSMO role between two domain controllers, a synchronization of the data that is maintained by the FSMO role owner to the server receiving the FSMO role is performed prior to transferring the role to ensure that any changes have been recorded before the role change.

It's always better to transfer Domain-Specific Roles first and then Forest-Specific Roles.
You can use GUI or NTDSUTIL.exe to transfer FSMO roles.

For AD replication verification between DCs use:
==================================================
repadmin /showrepl DC2.abc.com
repadmin /replsummary DC2.abc.com (This shows a summary of the replication of DC2. You can also use wildcard character to see all DCs replication status)

To Check and verify the GC promotion:
=====================================
When the account and the schema information replicate to the new global catalog server, event 1119 may be logged in the Directory Services log on the domain controller.
I means the computer is now advertising itself as a Global Catalog server.

You can use DSAdiag.exe to list all DCs and GCs.....

- Cheers!


0
 

Author Comment

by:marksheeks
ID: 24042287
thanks all. Very helpful! Again, I wish I had more points.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
If you have come across a situation where you need to find some EDB mailbox recovery techniques, then here you will find the same. In this article, we will take you through three techniques using which you will be able to perform EDB recovery. You …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

876 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question