Domain Controller

Posted on 2013-06-12
Last Modified: 2013-06-13
I am going to be replacing a windows 2003 domain controller with a windows 2008R2 domain controller. I want to re-use the same hostname and the same IP address. Is it better for me to leave the current domain controller promoted and just change the hostname and IP address or will that cause issues with my new domain controller if I don’t demote the old one?
This is a secondary domain controller that holds the PDC Role, does DFS, and is also our DHCP server.
I attempted this once and I wasn’t able to transfer the PDC role because it said the new domain controller wasn’t a replication partner. I added it to sites and trusts but maybe I just didn’t wait long enough. It also wouldn’t let me create the dfs with the same name as the old one but I think I found how to do that by deleting it from the system folder in AD, is that all that is necessary for DFS?
Basically I am just looking for some best practices when trying to re-use the IP and hostname to make this as smooth as possible. Thanks for your input!
Question by:Winsoup
LVL 23

Assisted Solution

by:Thomas Grassi
Thomas Grassi earned 150 total points
ID: 39241123
I just went thru this process.
I was going to keep the same names and ip address for my dc's but after the issues I had with a member server tried to make it the same name even deleting the original server from the domain and adding the new one had issues.

So yes you can but I would suggest you create new names especially on the DC's

You can keep all the DC's on at the same time then run dcpromo on the old dcs to demote them

Make sure you move all the roles to the new DC's first

Assisted Solution

MisterTwelve earned 150 total points
ID: 39241232
yes, the best options is demote DC, reinstall New OS(2008R2), Add to domain with the same name after delete the old computer account from AD, then promote to DC again.

After delete account from domain, ensure your Domain controllers replicate all changes!

If you do like this, you dont have any problem.

Best regards
LVL 13

Accepted Solution

Michael Machie earned 200 total points
ID: 39241584
One question: Are you planning on using the same Domain name?  

One thing to keep in mind that you want to make sure your new Domain Controllers are running at the highest functional level. Adding the new 2008 Server as a DC in the same Domain as your 2003 server will have issues, because 2003 can only operate at 2003 functionality, whereas server2008 can run at 2000,2003 and 2008. However, the highest functional level you can use is based on your oldest DC, which is Server2003. Once this functional level is specified during installation, you can't really change this without rebuilding AD so you need to put some thought into how to proceed.

As  'trgrassijr55' stated, I also recommend using different computer names. He mentioned making sure all roles are configured on the new DC and I see you want it to be the DHCP server. If you build them all on the same Domain and demote the original DC after, make sure to configure DHCP on the new Server and before connecting it to the same network, disable the DHCP Service until cutover day. You cannot have two Servers in the DHCP role, using the same scopes, on the same network without problems.

If you plan on keeping the same Domain name and/or plan on using the current DC's name and IP, I would highly suggest you set the new DC up in a separate LAN - not connected to the same network as your current 2003 DC - and configure it. On cutover day you can remove the old 2003 DC and connect the new one - you won't get any IP or name conflicts this way. If you follow MisterTwelve's method, you may lose your AD structure entirely, which is fine if you are starting from scratch, and which is not fine if you plan on migrating AD. Once you demote a 2003 Server from the DC role Active Directory is lost.
Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!


Author Comment

ID: 39241641
Yes it will be on the same domain.

I will still have a couple of domain controllers running on 2003 so I will not be raising the functional level just yet, they will all run at the 2003 level.
What if I just transfer the roles on this DC to our primary DC, then demote the old DC and change the hostname and IP address and then set the new one up with that hostname and IP address, then promote it to a DC and transfer the roles back from the primary DC?
I do have the DHCP database all transferred over already it's just not authorized yet.  

Do you see any issues that would arise doing it that way?
I definitely do not want to rebuild AD!
LVL 13

Expert Comment

by:Michael Machie
ID: 39241762
Yea, that actually sounds like a good way of doing it, and should work without much issue. I would suggest you do this during off-hours if possible though, in case of conflicts or problems.

Author Comment

ID: 39244375
Thanks for the advice everyone, I apprectiate the input!

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now