Solved

Migration Active Directory windows server 2003 to windows server 2008 R2

Posted on 2011-02-17
23
311 Views
Last Modified: 2012-06-21
Going to migrate active directory,(DNS,,DHCP,file server) 2003 to windows 2008 R2. The question is when I’m I finished with the migration and making the new server the primary domain controller, ( DNS, DHCP, and file server,), can I  rename the server name back to the original  name without damage to the Active Directory.  

Thanks just not sure if that can be done.
0
Comment
Question by:patrickst
  • 4
  • 4
  • 3
  • +7
23 Comments
 
LVL 11

Expert Comment

by:RickSheikh
ID: 34919641
Is this a domain migration or just a box migration going from 03 to 08 ?
0
 
LVL 11

Expert Comment

by:RickSheikh
ID: 34919653
On a side note, you minimally should have two DCs per domain for redundancy.
0
 
LVL 6

Assisted Solution

by:mattconroy
mattconroy earned 125 total points
ID: 34919698
You can use the Netdom.exe command-line tool to rename a DC.
0
 
LVL 7

Assisted Solution

by:brota
brota earned 125 total points
ID: 34919797
yes you can rename a  domain contoller
There are some dns cleanup you are going to want to do.

http://www.petri.co.il/windows_2003_domain_controller_rename.htm
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34919836
You can change the hostname; but like Rick stated we need clarification just to make sure

Are you trying to for example

Current 2003 DC = DC1

New DC = DC2

You can rename DC1 to DC3 for example

...then rename DC2 to DC1.  

Make sure do doublecheck that the IPs addresses/SRV records are updated.

The best point was by Rick though...always try to have 2 DCs.

Thanks

Mike
0
 
LVL 76

Expert Comment

by:arnold
ID: 34919945
There is no real benefit to renaming the newdc to the old name but there are pitfalls as others pointed to dealing with cleaning UP the AD eliminating the old one prior to the rename.
To solve the issue for the future such that the shares are not tied to the servers name is to use DFS and domain based shares.
0
 
LVL 9

Expert Comment

by:nattygreg
ID: 34920038
Well take it from me and not to take away any of the positive points from my fellow colleagues, do not rename the new Active Directory Box the clean up you will have to do is the same amount of time to configure a new server and if you miss something everything goes a-wire.

Once migration is done the only thing u need to do is point the new server to itself for DNS all other computer will be sent the new info upon request of a new ip address.

I have done this many times and its a lot simpler to leave the new AD name.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 34920355
Agree, renaming a DC is of no benefit to you and the time wasted in clean up is vast.  Secondly, you use the term Primary Domain Controller. They has been no thing as a PDC and a BDC since the days of NT4. A domain controller is a domain controller is a domain controller.

Also as somebody above said, you REALLY need to have a minimum of 2 Domain Controllers per AD Site.
0
 

Author Comment

by:patrickst
ID: 34920585
Thanks for the quick feed back. What I'm saying is I have a   2003 server having all 5 fsmo roles install and DNS, Dscp and it also a file server. The name of the server is call  zol-server1. When i migrate everything over to new server the server name is zol-server2. After the migration rename the Zol-server2 back to  zolserver1.  Also I will like to change the ip address back to the orginal ip address. The reason is that device like the Firwall,SSPVPN,printers,routers,spam box needs the same  computer name and ip address. That way  I won't need to change the setting on each device.
0
 
LVL 76

Expert Comment

by:arnold
ID: 34920704
You are asking for trouble where the benefit is non-existent.
0
 

Author Comment

by:patrickst
ID: 34921022
 Ok that is why I'm asking the question. All of you talk me out of not changing the server name. But can I change the IP address back to the orginal IP address. That is with out any problems. After I turn off the old server.

Thanks
0
 
LVL 76

Expert Comment

by:arnold
ID: 34921137
Changing the IP should not be a problem. Note the current 2003 should be off the network.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 250 total points
ID: 34921209
The benefit of renaming would be if you had applications or scripts hard coded to use the old server name.

It is very common.  You can google the activedir archives for "Reusing DC names when rebuilding with an upgraded OS"  good thread there.

Thanks

Mike
0
 

Author Comment

by:patrickst
ID: 34925527
Arnold:
  when you talk about to solve the issue for the future such that the shares are not tied to the servers name is to use DFS and domain based shares.

Not sure what you mean about DFS  and shares no being tied to the server. Can you explain

Thanks so much

Pat
0
 
LVL 2

Expert Comment

by:amnhtech
ID: 34926563
If you absolutely need to reuse the name and the IP address you have the following option.  You could have the two Domain controllers running. After you have verified that replication has been done you could demote the old DC, remove it from AD turn it off and then rename the new DC and reuse the IP address.  I have done this recently as we were also in a situation where we needed to reuse the IP address.  Just make sure you check replication after you are done to make sure everything is working properly.

That being said.  I will say what everyone else on this list has been saying.  IT IS EXTREMELY DANGEROUS, repeat EXTREMELY DANGEROUS and FOOLHARDY to run a production environment using a single domain controller.  If that domain controller dies you are dead in the water if you do not have a second one running.
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 250 total points
ID: 34926622
Here is the thread I was talking about on activedir about reusing the name

http://www.activedir.org/ListArchives/tabid/55/forumid/1/postid/42855/view/topic/Default.aspx

listmail is Joe Richards and Tony Murray is another guy that his highly respected in the AD world.  

...when Joe says something I listen :)

Thanks

Mike
0
 
LVL 2

Expert Comment

by:amnhtech
ID: 34926680
Here is some information on DFS and how to set it up

http://technet.microsoft.com/en-us/library/bb727150.aspx
0
 

Author Comment

by:patrickst
ID: 34930244
Thanks again I'm looking over the info on DFS. inside active directory in the user account we use home directory. Currenty the home folder looks like  \\servername\data\users\username

I would have to change each user account to the new server name.  This again is another reason why I would like to keep the orginal server name.

thanks

Pat
                                               
0
 
LVL 76

Expert Comment

by:arnold
ID: 34930704
Once you change it to use \\addomainname\data\users you will not have the issue that is tied to a single server.

You can change all users at the same time
\\addomainname\data\users\%username% when applied the variable %username% will be replaced with the correct username.
You would need to copy using robocopy with /copy:DATO option This way the permissions will be preserved.

Copying the user's settings might be a pain but need only occur once.  Should you miss an entry that does not impact the AD right away, that errand entry could and likely would (Murphys Law) come back and bite in the most inconvenient time.
0
 
LVL 2

Expert Comment

by:amnhtech
ID: 34931314
I would even go as far as saying that if you make the share at the user folder you only need to set the permissions on the one share and then changing the homefolder property in the profile will take care of making sure the each user has permissions to their home folder.  

believe me you will love DFS once you start using it.  Even if now you have a small environment where everything fits on one server gaining the experience of using it will make it super easy once you get to environments where you have multiple servers and you find you have to move shares around because some groups are using more than others.  We have a relatively small environment with only 9 Fileservers and we would have gone crazy if we did not have DFS.  It is worth it if for no other reason than you can set up a hot DR server that people can switch to on the fly if something happens to the main File Server
0
 
LVL 9

Expert Comment

by:nattygreg
ID: 35000619
However it is in my opinion that it is much more simplier to point your firewall, checkpoint or whatever cisco equipment your running, say for instance you have a cisco router pointing to 10.10.10.1 as dns
simple log in to router do a sh run the conf t then type no ip name-server lets say 192.178.2.1
then retype ip name-server 10.10.10.1 save the setting on router with wr  then reload or ping the router several times for it to see the new dns with all info already there.

it would have been like it never left each computer would take 30 seconds or less to pick up the new info. The shares would not be affected since all the info would have been migrated. The only real draw back to this method would
be that for those device with static ips pointing to dns will have to change manually so do them after work
and instruct everyone to turn off there computer that night before they go home once they turn them on in the
morning AD will push the info down to the clients no biggie.

This how DNS works it knows where everthing is on the network, so if your'e looking for a computer that changes its
name, but has the same ip address dns will locate such computer resolve ip to name in this instance, then update itself pass the new info on to client computer
and after seven or whatever purge timeline is set, purge itself from the info it no longer needs.

(to Me My Opinion correct me if i'm wrong) from what I gather from your info you have a file server that would not have been
taken out of production, if this is correct, the real issue here is AD and DNS and since the info been migrated successfully I HOPE
then your problem only lies with dns and setting some device to point to the new DNS and assume DC is running AD and DNs,
then there isn't much to worry about just follow the above mention.


hopes this helps.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35390654
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Join & Write a Comment

Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now