Solved

New 2008 Domain Controller File Server Same Name as Old 2003 Domain Controller

Posted on 2011-02-17
17
1,018 Views
Last Modified: 2012-05-11
Need to replace aging/dying 2003 standard domain controller/file server.  It is one of several remote DCs we have at remote sites.  The existing DC is still operational at this site and appears to be replicating sysvol correctly to the main DC at HQ.  It also acts as a file server with offline files caching enabled on the clients.  For this reason my concern is to keep the same name domain controller, otherwise there will be huge headache with users not accessing the realtime data and not working off the cache.

Is it acceptable practice to keep same name of DC?
What are the steps to do this as smoothly as possible, transition from the old DC/file server to the new DC/file server with the same name.

Also, the new DC is Server 2008 R2, and it would be the the ONLY 2008 server on our domain for a while.  All other DCs are running Server 2003 SP2.
0
Comment
Question by:fireguy1125
  • 9
  • 5
  • 3
17 Comments
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 34923390
If you can DEMOTE the existing DC first, you can fairly easily keep the same name.  You would demote the existing, rename it, then install the new server, rename it to the old name, and promote it.

I'm not sure I'd say it's acceptable or unacceptable, but I will say it's generally not advisable due to the hoops you have to jump through, ESPECIALLY in circumstances where it's your only DC.

Given how AD works and that devices should be connecting via mapped drives that are otherwise easily remapped with logon scripts, it should be entirely unnecessary in most circumstances.
0
 
LVL 7

Accepted Solution

by:
eugene20022002 earned 250 total points
ID: 34923805
According to best practise it is recommended that you do not have other services running on your DC . So if it is possible I would think this is a good time to split the role of DC and File Server onto different server ( This is if its possible and if obviously depends on budget constraints which we all have) but if you can then do it.

If you have another server then it will save you allot of time if you have that one up and running already when you want to make the change over then simple change names and IPs when you make the change over.

- In your scenario I would first dcpromo the existing server out, If it has any fsmo roles (check with command netdom query fsmo) first transfer it to another DC and make sure you ahve atleast 2 other workign DC's available before you demote it.
- reboot and while the server is a member server take a backup with whatever backup app you use.
- Reinstall with 2008 R2 and install the file server role first.
- restore your backup but only your data files and make sure to restore with the original timestamp and security permissions.
- Setup all your shares as the original machine
- Then dc promo it.

Im not sure about the offline file caching so I would def recommended you test this before doing it.

but as Ive said above, try to use 2 machines if you can.

0
 
LVL 1

Author Comment

by:fireguy1125
ID: 34925931
Can't have both servers, DC and Fileserver have to be on one.

the 2008 server is physical replacement to the 2003 server, not in addition to.

My big concern is the coexistance of 2008R2 co-existing on a domain that has all 2003 domain controllers...yes ideally i would make them all 2008 as soon as possible, but they will have to remain 2003 for several months. - anything i should be checking besides all servers being 2003SP2 which they already are?

How about workstations authenticating to the 2008R2 DC? They are all XP SP2, is this ok?

As a side note, from my experience, the issue with the offline files caching is a tremendous headache-clients have their H: drive  and My Documents mapped to UNC share on server, which saves on their logon profile.  If the server name changes, and even if you update the H: drive mapping to UNC share, yes it will map the new H: drive UNC path, but the My Documents folder still has the old UNC path, which either has to be changed in the registry or the user profile deleted and new one created....something i want to avoid with 75 users at that site, as well as those that travel among several sites, using different computers.

0
 
LVL 1

Author Comment

by:fireguy1125
ID: 34925975
Just read that I need to raise the domain forest functional to 2003, it is currently set at windows 2000 on the DC.  All our DCs are 2003, however....there is a trust set-up to our old NT4 domain.  Will raising the domain/forest functional level affect the trust between the 2003 domain and the old NT4 domain?
0
 
LVL 1

Author Comment

by:fireguy1125
ID: 34926090
when i run the netdom query fsmo command on that dc, it comes up with netdom is not recognized as internal or external command.....i'm guess that means it has no fsmo roles?
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 250 total points
ID: 34927098
I could swear I did a Migration from 2000 to 2008R2 recently... but maybe I'm tired and misremembering.  I don't have any NT4 systems remaining online and the last time I setup a trust with an AD domain and an NT4 domain was several years ago... but I don't THINK there should be any problem moving to 2003 Native Mode, especially if you're already in a 2000 Native Mode (meaning you are not in mixed mode - if you were going to have problems, they should have started when you left Mixed mode.  Mixed mode was REQUIRED if you wanted NT4 BDCs to remain functional in an AD domain, but I am fairly certain it didn't impact trusts.

Having a 2008R2 DC in a domain filled with 2003 DCs is not a problem - just make sure your domain native mode is equal to your oldest version DC.

The workstations don't really matter.  There were some networking enhancements but if you encountered problems, you could always turn them off (SMB signing in particular).

> when i run the netdom query fsmo command on that dc, it comes up with netdom is not
> recognized as internal or external command.....i'm guess that means it has no fsmo roles?
No, it means you don't have the command installed.  

Before you add another DC, I make it a point to run DCDIAG /C /E /V - this should give you an overview of your AD health and allow you to fix problems before they become too serious.
0
 
LVL 7

Expert Comment

by:eugene20022002
ID: 34932530
I just recently introduced 2008 R2 machines into my domain and you need to use adprep to prepare your forest , once and on each domain in the forest . Look at http://www.petri.co.il/windows-server-2008-adprep.htm

Netdom.exe is a part of the Windows 2000/XP/2003 Support Tools
Have a look at Method 4 Here for instructions to get the netdom tools.

If all your DCs are 2003 then make sure your domain functional level is on 2003 Use this to do it http://www.petri.co.il/raise_domain_function_level_in_windows_2003.htm

For additional Information regarding functional levels look here: http://www.petri.co.il/raise_domain_function_level_in_windows_2003.htm

NOTE!! Before raising the domain functional level to 2003 make sure the NT4 domain trust will still work.  I've done some research and I honestly cant tell yet if it will. For now I would stay on the side of caution but according to this MVP you can http://www.winvistatips.com/raising-functional-level-and-trust-relationship-nt4-domain-t678622.html
0
 
LVL 1

Author Comment

by:fireguy1125
ID: 34964647
Thank you both.  I'm thinking it's better we get a new 2008 DC at the main site first before we promote one at a remote office, and perhaps change FSMO roles from the existing 2003DC at the main site to the new 2008R2 DC at the main site.  We will then replicate them from that new DC at the main site to the new 2008 DC at the remote site? Sounds like a safer plan?

Also, when running the netdom query fsmo, how do i get it to save to a file, it generates too much text and gets cut off so unable to review all?
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 34965665
You can always redirect the output from command line tools to a file - for example, whenever I run DCDIAG, I redirect it to DCDIAG.YYYYMMDD.HHMMSS.TXT

On the command line, when you run a command, use > filename.ext.

Example:

DCDIAG > DCDIAG.20110223.1243.txt

Now there is the possibility that that WON'T capture errors (there's actually two types of output - best illustrated with the NET command if you want to play - Standard Output and Standard Error (Standard Error is represented by a 2.  TECHNICALLY Standard Ouput is represented by a 1 but the one is assumed if nothing is specified))

For example:

DCDIAG 1> DCDIAG.20110223.1243.txt 2>DCDIAG.20110223.1243.errors.txt

And finally, the trick to getting BOTH errors and standard output into the same file is to use 2>&1 (basically the &1 means "same file as standard output"

DCDIAG >DCDIAG.20110223.1243.txt 2>&1

0
 
LVL 1

Author Comment

by:fireguy1125
ID: 34966827
eugene20022002: do i run the adprep utility before or after i raise the domain functional level?
0
 
LVL 7

Expert Comment

by:eugene20022002
ID: 34967562
Once you are ready and sure about the NT domain then raise the functional level. Then run adprep to make it ready for the 2008 R2 servers.
0
 
LVL 1

Author Comment

by:fireguy1125
ID: 34969608
ALso, regarding keeping the same name, i DCPROMO out on the old, i reboot, then i can rename that server, while DCPROMO in the new server under the same name/ip address as the old?  Should I be allowing time for any auto replication to complete, or does DCPROMO take care of everything?
0
 
LVL 1

Author Comment

by:fireguy1125
ID: 35209911
OK, big problem, the server crashed, doesn't boot anymore, so I am unable to DCPROMO the old server.  What are my steps now to promote new 2008 server to Domain Controller, keeping the same name as the old one?  This happened suddenly, so I need to raise the functional level to 2003, adprep then promote the new 2008DC. Also, do I have to wait for replication to all the other servers at other sites when raising the domain fucntional level and running ad prep? Or can I do it only on the main server at HQ, that holds the FSMO roles, and the one that the new server will be replicating from?  If I have to wait for all of this to replicate to other servers at other sites, is there a way to force it immedietely, and then how to check to see if replication is completed?
0
 
LVL 7

Expert Comment

by:eugene20022002
ID: 35212842
Thats not good.
The failed server, was that your only Domain Controller? As long as you have one other DC in the domain then it should be relatively simple to remove metadata of the old machine ,reinstall OS and DC promo again with the same name.

Also, if you have another DC your should transfer/seize any roles the failed DC has and you can still DCPROMO a new 2008 DC.
but make sure you have atleast 2 DCs available at all time, even if you have to temporarliy use a desktop to make a temp DC until your main one is up.
First try however to get the failed DC up and running before going ahead with the cleanup.

Please let us know ur progress.
0
 
LVL 1

Author Comment

by:fireguy1125
ID: 35214914
Well, we're back up and running, I was able to pull everything from our FSMO role holder DC from another site, that thankfully had a p2p T1, so good solid connection unfortunately I had to do some extensive research last night, but essentially what I did was:

-A week prior, thankfully i had already raised the domain functional level from 2000 native to 2003 native.
Ran all these on our main DC, FSMO role holder, that also replicates to 9 other domain controllers at 9 different sites.
-Ran ntdsutil for the metadata cleanup, went smoothly
-Went through each DNS records, hostnames, cnames, etc and removed any instances of the old server name
-forced replication to each domain controller, and lowered the interval from 90 minutes to 15 minutes
-ran adprep32.exe (this was a pain, since the FSMO role main DC had 2003 32 bit, i didn't have the 32 bit DVD, but later found online that you can run the adprep32.exe from the 64bit dvd)
- did /forestprep waited to replicate to all other domain controllers, verified this by running ADSIedit.msc and checking the revision attribute under the Configuration > Forest Update properties set to 5
-restored all data files from previous file server onto the new one, had to download ntbackup for windows 2008r2, with original timestamp and security permissions
- ran /domain prep, waited to replicate to other DCs, verifid by viewing schema properties for objectVersion set to 47
-Performed dcpromo, including DNS and Global Catalog, rebooted
-installed DHCP, entering reservations as needed
-seems that clients are logging in and authenticating fine, also, with the offline files cache issue, it just prompts for any conflicting files that may have occured while the users were working offline, but other than that it appears to be connecting to server and browsing files and shares correctly.  thank you for your input and i'm very relieved that it went as smoothly as it did.
0
 
LVL 1

Author Closing Comment

by:fireguy1125
ID: 35214940
Thank you both eugene20022002 and leew!
0
 
LVL 7

Expert Comment

by:eugene20022002
ID: 35215011
Great stuff, and glad everything is back up and running and thanks for points.
0

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now