Adding a W2K3 SP2 Domain Controller

rnsimmons
rnsimmons used Ask the Experts™
on
I have a small home network with a W2K3 SP2 Domain Controller with DNS and DHCP.  This is running on a Dell PowerEdge 1300 that I'll call SvrA.  I've just purchased a used HP DL380 on which I've installed W2K3 R2 SP1 that I'll call SvrB.  I want to promote SvrB to be a Domain Controller, enable and configure DNS and DHCP on SvrB to replicate SvrA, and demote SvrA.

I've looked at ADPrep and RepAdmin as mentioned in http://technet.microsoft.com/en-us/library/cc773360(WS.10).aspx.

My concern is the mix of W2K3 SP2 and W2K3 R2 SP1.  What caveats should I be aware of?  Can I use the ADPrep from R2 on my SP2 DC without any problems?  I figure I could use the brute force method of shutting down SvrA and creating a new DC/Forest with SvrB, but I'd like to step through the correct procedure, if at all possible.

I appreciate any help...
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
No problem running R2 ADPrep on your SvrA.
Most Valuable Expert 2018
Distinguished Expert 2018

Commented:
You should be able to use adprep from the (second!) R2 CD without problems. The service pack doesn't do any schema changes, so there should be no issues.
remmett70Network Manager

Commented:
Definately use ADRPEP from the second CD of the R2 media.  I once used the version from the first CD and it did not work.  They are different versions.
Photographer
Awarded 2007
Top Expert 2008
Commented:
The procedure is:

Install Windows 2003 on the new machine
Assign the new computer an IP address and subnet mask on the existing network

Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller)

Join the new machine to the existing domain as a member server

Next you need to run Adprep  from CD2 of the R2 disks on the existing Domain controller. Adprep is in the \CMPNENTS\R2\ folder on CD2   you need to run

adprep /forestprep
and
adprep /domainprep

From the command line promote the new machine to a domain controller with the DCPROMO command from the command line Select Additional Domain Controller in an existing Domain

Once Active Directory is installed then install DNS. You can do this through Add/Remove Programs->Windows Components->Networking Services->DNS.  If you are using Active Directory Integrated DNS then DNS will br replicated from the other DC/DNS.

Next make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

If necessary install DHCP on the new DC. You can do this through Add/Remove Programs->Windows Components->Networking Services->DHCP.

You will then need to remove any existiing DHCP prior to authorising the new DHCP Server. When setting up the new DHCP server dont forget to set the default gateway (router) and DNS Servers. Talking of which all the clients (and the domain controllers themselves) need to have their Preferred DNS server set the new domain controller.

Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and the domain could function for a while at least should any one of them fail.

If you really want rid of the old DC then:-

Transfer all the FSMO roles to the new DC: See http://www.petri.co.il/transferring_fsmo_roles.htm

Check that you have:-
Made the other DC a global catalog:
Installed DHCP on the new DC, set up the scope and authorise it. (If using DHCP)
Make sure that all clients use the new DC as their Preferred DNS server (either by static or DHCP options)

Power down to old DC and make sure that all is well, once satisfied power on the old DC again, then run DCPROMO for remove it's domain controller status. This is essential to avoid replication errors

If you want to remove the machine from the domain then you can do so one it's DC role has been removed

Author

Commented:
The Global Catalog paragraph was incomplete.  For one, a Global Catalog is not absolutely required with just one domain in the forest.  However, the Global Catalog check box is actually on the NTDS  properties of the applicable server.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial