This question is more of a pre-emptive one, as I would like some input before going ahead with a few changes.
- We have a DC with active directory services that has been migrated from an older dc (that no longer provides ADS). The migration wasn't done correctly, and at this point I can't mess around with it too much as I can't cause downtime for the business. I fixed a few issues (although naming standards are all over the place), and the domain authority seems to still be the old dc. So when you ping domain.local it points to a different IP than pinging the DC . Meaning, the old DC was not demoted or something happened when they attempted to migrate over (this is very old, dying hardware, so they shouldn't be relying on it for anything). Strangely, if I bring the old DC (domain.local) offline, people can still login to the domain because the DNS points to the current DC (and is providing the ADS). Previously, when both machines were online, I faced an issue where no one could log in. The DNS entries were pointing to the current DC, but the current DC referenced the old DC as the Domain, but the old DC didn't recognize the current DC as what was providing ADS. Changing DNS entries to point to either or both didn't help, but changing the start of authority on the current DC to point to itself, as well as a few other items in the DNSmanager helped resolve that issue.
- The current active DC is also providing DHCP, and WINS.
- Current Servers are running WIN2K3.
- We've purchased a new server to replace our obsolete hardware. Which makes me want to redo things from scratch with correct standards, and proper services delegated to correct servers (will be running XenServer on BareMetal). Will be running instances of WIN2K8 R2 64BIT.
- To transition smoothly, I was thinking of removing the DHCP service from the current active DC, and having one of our edge devices provide it. The same gateway, and DNS settings would be applied through this device. So everyone should still be able to log onto the current DC.
- A new DC within a new Domain.ads will be created (using .ads instead of .local), the current one is called Domain.local.
- Once the new Domain is setup, I would try to get everyone to logon to the DC on Domain.ads rather than the old DC on Domain.local by manually changing the terminals' dns settings to point to the NEW DC or new Domain.ads (which would the same in this case).
- I would switch each user, one by one, making sure everything is applied correctly to their computer. At this point, the two domains would both be online so that users who need to do work won't have to face any downtime while they're still on the old Domain.
- Once everyone is on the new DC/Domain.ads, I would reconfigure the edge device to hand out the DNS of the new DC.
- I can then go to each terminal and place everyone back on to automatically retrieve DNS settings.
- Switch everyone to a new domain within the same DHCP scope provided by a different device than the windows servers. The two domains would exist this way for a little while, one would point to (as an example) 10.0.1.10 and the other to 10.0.1.20. The old domain would then be removed completely after the transition.
- It's a total of approximately 50 computers to switch, but I don't trust the previous setup and content of the DC. I think I'm forced to switch it over this way...
Just curious to know if this is a fairly safe bet, or if I'm missing something, or should be considering other things as well?