?
Solved

Complications of moving DCs between sites

Posted on 2009-04-29
4
Medium Priority
?
491 Views
Last Modified: 2013-12-24
Consider the following setup:
Site A: Headquarters
3 Domain controllers on Windows 2000 SP4 - DC01, DC02, DC03
DC01: schema master, domain role
DC02: pdc, RID, infrastructure roles
DC03: no FSMO roles
Site B: Remote Site
1 Domain controller on Windows 2000 SP2 - DC04
DC04: no FSMO roles

Issue:
As part of my domain upgrade project (2000 to 2003), I am going to wipe and reinstall DCs on our domain one by one. 1st phase requires me to demote the remote DC04, which is Windows 2000 SP2 and cannot be updated to SP4. I am planning to demote DC04 at site B and assign DC01 from site A to site B. The server subnets between the sites are different. If I assign a site A DC to site B in Active Directory, what am I risking? Does the subnet of DC01 need to be changed to match DC04's subnet? Shall I rather assign a DC with non FSMO roles to a remote site (e.g. DC03)? Do DC01 and DC02 have to stay within the same site? Are there any other issues that might arise? Thank you
0
Comment
Question by:CEAdmin
  • 2
  • 2
4 Comments
 
LVL 18

Expert Comment

by:Americom
ID: 24265478
It is meaningless to move DC from one AD site to another AD site without changing the DC's IP and physically move to the subnet of the remote site. Why not just demote the DC04 and upgrade or create a new win2k3 DC if that the site you have concern not having a DC? Or why do you even have a such old DC on this site, what is in this site that you really need a DC? Or can you live without a DC on this remote site?
0
 

Author Comment

by:CEAdmin
ID: 24272729
Hi Americom, DC04 is going to be upgraded (wiped out and Win2003 installed on the same box). I don't want the site to remain without any DCs during that time; there are 100+ users there. Moving another DC to the remote site in AD is only a temporary measure, that is, until the new DC is up at that site. I hope this clears things up. My questions still remain.
0
 
LVL 18

Accepted Solution

by:
Americom earned 2000 total points
ID: 24273780
Are you physically going to move the DC to the remote site and change the IP address to the remote site's subnet?If not, simply moving the DC01 from AD site A to AD Site B is not going to accomplish anything other than create some even error on your DC log but also not going have any majory risk, it just meaningless. I don't suggest you to physically move the DC to site B. Since your DC04 is old and the hardware could also be very old as well, don't you have another box you can promote as a DC05 before killing dc04? Physically moving your root domain DC is more risky than demoting your DC04 and leave the 100 users without a DC. For 100 users, authenticate over the WAN is only a temporary performance concern assuming all user authenticate the same time. Unless you have other roaming profile etc that the clients need to pull from DC04 upon authentication etc. Otherwise, temporarily without a DC on a site is not a big concern. Other option you can do is may be bring up a VM or even a desktop as a DC while you are doing the upgrade of DC04 would probably be a better and less effort.
0
 

Author Closing Comment

by:CEAdmin
ID: 31576167
Thanks Americom. I think this covers all the bases.
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question