Solved

How do I replace the domain controller on windows 2003 server?

Posted on 2009-07-15
13
299 Views
Last Modified: 2012-05-07
Our domain controller is failing beyond repair.  I would like to replace it by re-installing.  The data for the file is still intact on a different volume.  Can someone please give me quick rundown of whats involved?  I was planning to reinistall it on a new box and then move over the old drives with the file shares.  Should I name it something else?  Make it a domain controller to sync active directory information?  Is there a way to preserve the original name? I am assuming all file permission is stored in NTFS for the data correct? Thanks
0
Comment
Question by:isaakadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
  • +3
13 Comments
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 250 total points
ID: 24862862
Well the best way would to be install the new box. Make it a DC and DNS server. Allow replication to take place overnight then in the morning run a netdiag to make sure you don't have any issues before transfering the FSMO roles over. Below is a link that is more detailed but it talks about adpreping the domain which you don't have to do if you are using the same OS.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_23665224.html 
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 100 total points
ID: 24862863
When you say it is failing beyond repair does that mean that it is currently down and can't even boot up?
How many other DCs do you have in your environment?
Thanks
Mike
0
 

Author Comment

by:isaakadmin
ID: 24862987
Well let me rephrase because of new development.  I thought it was beyond repair because when I go on the server it just a blank background and no response.  However, after a restart it works fine.  I just posted a different question on repair possiblilites.  The wierd thing is if I remote it to investigate one by one i get a message that a process failed.  If I acknowledge the message then the next process failes and eventually the server locks up.  If I leave the first message on and not hit don't send it seems to work.  So I like to leave this question on replacement of the server which I was planning to do tonight, if I can't get a resolution on this WIERD problem.

Also can I just copy the data over the network, will it preserve the permissions? Assuming the AD tranfers over?

Also I have one other DC on the network.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 2

Assisted Solution

by:dlbenson1979
dlbenson1979 earned 50 total points
ID: 24863019
I agree with dariusq

Your best bet create another server, perform dcpromo and make it a dns server. Then allow replication to occur or type "repadmin /syncall" at a command prompt.

Once all of this is in place, you will have to move all FSMO roles to this server. Just incase you need to know what the FSMO roles are:

Schema (schema plugin)
Domain Naming (AD Domains and Trusts)
RID (AD users and computers)
PDC Emulator (AD users and computers)
Infrastructure (AD users and computers) - not cruel if all domain controllers are global catalogs.

Then you would need to move everything as stated. I don't believe you can give it the same name as that may cause some issues.

Good luck my friend.
0
 

Author Comment

by:isaakadmin
ID: 24863085
Thanks for the guides.  Last question, assuming everything goes right, and since my replacement server has identical RAID controller can I just move the data drives over to the new server?  And will the permissions be preserved?

All this server does is AD, print and file share. FYI
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 250 total points
ID: 24863095
Robocopy the GUI verison will copy all permissions or you can do a ntbackup and restore.
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 250 total points
ID: 24863104
You can give it a shot but I don't think the OS will function correctly your data might will work but you will bringing over any problems with the filesystem if you do it that way.
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 100 total points
ID: 24863144
0
 
LVL 1

Assisted Solution

by:mp022
mp022 earned 50 total points
ID: 24863164
So your domain controller is also your file server. That makes things just a little more difficult, but not much.

Your best option is to install a new server in your network, promote it to a DC and transfer all FSMO roles to it. Make sure other network services provided by the old server work properly from the new one (DNS, DHCP, WINS, etc...). Make sure replication works and watch the event logs for errors.

At this point your old server is only acting as a file server. The simplest way to do it is to move the drives to the new server (make sure you have a good backup) and remap the users. The NTFS permissions will still apply.

Now remove the server from the network for a day, make sure no one misses it.... connect it again and run dcpromo to demote the server. Give it a nice retirement...

Whatever you do, don't keep the name of the server, AD doesn't like that.
0
 

Author Comment

by:isaakadmin
ID: 24863233
Well the data drive are on separate drives from the OS...
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 250 total points
ID: 24863270
Again be aware that if you move the drivers over then you are moving all problems from the filesystem and drivers over to the new server. If you are going to move to a new server then do it the correct way and migrate the data over.
0
 
LVL 2

Assisted Solution

by:cirlare
cirlare earned 50 total points
ID: 24870447
just a little recommendation on top of making the second server a dc, you might want to make all future DCs virtualized servers. I went virtualized DC about a year ago and have not look back since.
0
 

Author Closing Comment

by:isaakadmin
ID: 31603915
Thanks for all your help.  I tried to split the points the best I can.  
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question