Solved

Setting up domain controller on Windows 2003 Server Platform

Posted on 2011-03-25
11
307 Views
Last Modified: 2012-05-11
Need to setup a new domain controller on Windows 2003 server platform as our old one is running on fumes.  I have never setup a domain controller using Acitve Directory before.  This controller needs to have dns, etc so computers can login into the internet successfully.  Also, the computers, user accounts, etc that are currently on domain controller do they have to be re-created or can they be copied over to the new domain controller.  Any help would be greatly appreciated.
0
Comment
Question by:qec-cmolloy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 7

Accepted Solution

by:
mmicha earned 500 total points
ID: 35218716
Below is a link to a guide to walk you through the process.

http://www.windowsreference.com/dns/step-by-step-guide-for-windows-server-2003-domain-controller-and-dns-server-setup/

If you currently have a domain controller, you will want to pick the add to existing domain option during the dcpromo process.  This will replicate the other domain controller and leave everything in tact.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 35218781
Is your current DC a DNS server...I'm assuming yes.

In that case what you will want to do is point your DNS to the current server.  Then after dcpromo is done you can install the DNS service on the box and at that point just wait for replication to happen.

Make the new DC a global catalog too.

As previously stated no objects have to be recreated.  It all will replicate to the new DC (users, computers, group policy, sysvol, etc)

Thanks

Mike
0
 

Author Comment

by:qec-cmolloy
ID: 35218861
Thanks mmicha it looks pretty good.   Just a couple of quick questions.  As we are not creating a new domain choose the option additional domain controller for an existing domain.  The next step in the process is where I am curious do I choose domain tree in an existing forest or domain in a new forset.

Basically our domain covers four locations and I am currently on-site to the location where the faulty domain controller needs to be replaced.  So, it is not a new domain we are creating just bascially a new domain controller in our already created domain.  Thanks for the help.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 

Author Comment

by:qec-cmolloy
ID: 35218877
Thanks Mike, yes our current dc for this location is also a dns server as well.
0
 
LVL 11

Expert Comment

by:sighar
ID: 35218912
Since the old one is about to give up, I'd also either downgrade it by using dcpomo after making sure they replicate ok or manually move the FSMO roles from the old one to the new one. Check out this url for info about FSMO roles and moving them: http://support.microsoft.com/kb/324801
0
 
LVL 7

Expert Comment

by:mmicha
ID: 35218957
You should select domain tree in existing forest.
0
 

Author Comment

by:qec-cmolloy
ID: 35219035
Thanks MMicha.  I guess the only other think I want to be sure of is I will have to give the new domain controller a different static ip address as the one currently in use, and leave it powered on while the settings replicate??  Do you know how long replication normally takes it?? Reason being is that we want to power off the old doamin controller once completed and provide the new one with the static ip of the current dc in use.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 35219061
I would not downgrade/demote the old one until you have at least two others left.  Always try and have two DCs if you can.

Thanks

Mike
0
 
LVL 7

Expert Comment

by:mmicha
ID: 35219092
If the site has a domain controller at it, I'd imagine replication will not take very long.  Sighar posted material about FSMO roles that you may want to check before you decom the old DC.  You don't want to kill the DC handling roles until you move them.

Under AD Site & Services you can force replication as well.  Then just run DCPROMO on the old DC, and demote it cleanly.
0
 
LVL 7

Expert Comment

by:mmicha
ID: 35219100
Guide for changing IP Address of Domain Controller:
http://technet.microsoft.com/en-us/library/cc758579(WS.10).aspx
0
 
LVL 1

Expert Comment

by:vagedis23
ID: 35219478
Use ideal migration from pointdev.com.

This tool allowes you to easily export all objects you want to have on the new domain controller and import them as well. You can copy user passwords, user group memberships ( very Important if you want to keep your NTFS security to work after moving to à new server.

Make sure your new server is NOT connected to your existing network.
Install 2003 server and perform the dcpromo.exe command from start --> run

Fill in your domain name and keep everything else default.

Make sure you select install the first domain controller for à new domain. The servername and ip address must be the Same as your old server, to ensure drive mappings on client pc's Will still work after the migration..

Create Export with ideal migration on old server to USB disk.
Make sure SID history and user groupmembership and computers are exported together with all objects you want to copy to the new server.

Run ideal migration on the new server and import the data from your USB disk.
Shutdown your old domain controller, connect your new server to THE network.

check if the cliënts can login with the new DC with the same username and password as before.

If they can, the object migration was succesfull. If they cannot login, disconnect new server from the network en start up the old server again. everything Will then be back to the original situation before the migration.

-------------------------
you could also Add a new dc to your existing domain and Add the dns role after dcpromo and replication has completed.

to make sure all DC functions are moved to the new server. Perform the dcpromo command on the old server to remove active directory and all FSMO roles from that server. when process has completed your new server Will have all AD objects and roles of the old server.

NEVER remove the old DC, without running dcpromo.exe on it. Change the dns server ip address in your DHCP scope to reflect the ip of the new server after you added the DHCP server role.

The downside of this second approach is that you cannot change back to the original situation by just switching the old server on and disconnect the new server.  though you could perform a full disk restore on the old server from a diskimage created with e.g. Symantec ghost before you added the new DC.




0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question