• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 583
  • Last Modified:

Replacing Domain Controller Procedure?

Scenario:

Client has a 2008 R1 server with the OS on C and Data on D drive

The R1 OS is toast.  Running terribly buy AD is still in tact.

Goal:   The servers hardware is only 2 years old.   Want to dcpromo AD off to a 2008 R2 SERVER OS on a temp box.   Then keep all shares etc exactly the same.    Build the R2 box on the same network with the R1 box still acting as a PDC.
Once I have confirmed the temp box is tweaked and AD replication is good.   I want to promote it as a PDC.  Then rename using NETDOM to server from tempserver so clients UNC paths are in tact.

NOW the tough part

1.  Need to swap the NETBIOS names or at least get the temp r2 (new fresh server) as my PDC with the same name as the previous R1 server.  This is because 50 pcs are mapped with various programs / printers to UNC paths on my \\server   so \\tempserver  will break everything and require hours of fixing clients

2.  Need to take image of just C the R2 OS and bare metal restore to the previous server hardware blowing away R1 os.

Where Im at:

Both servers are online.  R2 has been dc promo'd.  I have not made it a PDC though.   I have not renamed anything ...as once I commit I have to complete the task or the client is totally down.

Any advice on the above ?   I mostly concerned about renaming the dc.  Making r2 the PDC im not as worried about

Thanks!!!!!
0
j-teksolutions
Asked:
j-teksolutions
  • 7
  • 3
  • 2
  • +2
2 Solutions
 
Mike KlineCommented:
Making R2 the PDC is not a big deal....move all the FSMO roles to it.  Is it also a GC and DNS server? (assuming your current box is also DNS).

I'd do the renaming over a weekend or after hours.  Rename the old box and restart the netlogon service (restart works too).  Once that name change has updated around the network you can rename your current box to the old name.

How many DCs will you ultimately have on the network?

Thanks

Mike
0
 
j-teksolutionsAuthor Commented:
Thanks Mike!  
Only plan to end up with the one DC on the 2008 R2 rebuilt server in the end.
Yes it is GC and DNS so will fix all that as well

Now at what point in this project does it make sense to do the renaming?
0
 
j-teksolutionsAuthor Commented:
Remember... Im prepping the new server on a temp piece of hardware
The goal is to image the OS onto the previous hardware.  I am sure though I need to complete all my role transfers and demote the old server first.  Then take the image of the newly built OS.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Mike KlineCommented:
I'd rename after I moved the data the big thing here is only having one DC....that could be bad (think if that one DC died hard)

Thanks

Mike
0
 
j-teksolutionsAuthor Commented:
True - maybe I convince them to get a second server as a BDC
0
 
j-teksolutionsAuthor Commented:
Is the NETDOM procedure difficult?  I recall trying this a year ago on a 2008 server but it didnt go so well.  It may have been SBS 2008 though which was probably why
0
 
Sarang TinguriaSr EngineerCommented:
What I would suggest is considering Now you have 2 DC's in Domain

1) Transfer the roles to New DC
2) Demote the old DC gracefuly
3) Remove the traces from Site and services and DNS
4) Re-install the box keeping your data intact
5) Promote as DC along with GC DNS etc and same host name
6) Again transfer the roles to original one

Note:- Do not use image restoration of DC as it is not recommended

Going NETDOM, image restoration is unpredictable task's
0
 
Neil RussellTechnical Development LeadCommented:
Just a pont of note....
There ahas been NO such thing as a PDC and a BDC since Windows NT4.0
All domain controllers are just Domain controllers. You can just assign a few FSMO roles to different servers but the concept of a PDC died over a decade ago.

And agreed, you REALLY should have more than ONE SINGLE DC
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
And why are you installing to hardware?  This just makes things more difficult if you have problems in the future or need to add another server.  Why not install it to a virtual machine instead?  Both Hyper-V and ESXi are free.

These days, I won't install directly to hardware unless there's a REAL good reason to... and I've not heard one yet.  The potential benefits are huge and the potential downside is minimal.
0
 
j-teksolutionsAuthor Commented:
Sorry I agree with you both above - I am running Esxi 4.1 at our office .  This is a simple setup and they have always have the single DC on HW.

Everything is working to plan.  I have seized the FSMO roles and AD is working

The tough part now is to get the DC renamed using the original DCS name!

It will take longer to fix 50 clients with a ton of unc paths etc than to rebuild the whole server itself
0
 
Neil RussellTechnical Development LeadCommented:
"It will take longer to fix 50 clients with a ton of unc paths etc than to rebuild the whole server itself"
Dont bet on it. Renaming a dc can cause all kind of issues somtimes and you end up with a totally screwed AD site.
0
 
j-teksolutionsAuthor Commented:
I hear you.  Some say it is no problem.  Others say you can kill AD

Considering fixing clients - my server now is working perfectly with FSMO roles
However all the mapped drives and UNC paths are broken on the clients

Question:  is there anyway in DNS to alias the old server name to the new?  Any way to have say "server.domain.local" and "newserver.domain.local" resolve ?
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Why do you have UNC paths?  And UNC paths for what?  Mapped Drives?  These should be easily fixed with a script.
0
 
Sarang TinguriaSr EngineerCommented:
j-teksolution-> I think you had not seen steps given by me
0
 
Mike KlineCommented:
In his small environment renaming a DC should not cause a lot of issues.

Thanks

Mike
0
 
j-teksolutionsAuthor Commented:
Server online with dns entries for both names
Roles seized AD running perfectly
To be noted - we had alot of Exchange AD attribute fixes but all good
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 7
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now