Solved

Help planning new Windows 2012 Domain Controller

Posted on 2013-07-01
18
793 Views
Last Modified: 2016-11-23
Two part question:
Part 1: on our current 2003 rs dell 1950 (dual core & 12GB ram) We have 120 - 150 network users, about 100 groups, 120 IP phones, running DHCP and DNS for 8 locations and allocating ip's for all 120 plus across these 8 locations. And, a separate exchange 2007 server.
We want to upgrade to a new 2012 AD DC server (dedicated) as well.  We are considering between two configurations.
Dell R320 32GB ram one six core processor, raid 1 146 GB drive (mirrored).
or
the same spec except a Dell R420 with two 6 core processors.
Dell thinks the second is way over kill and the first is more that enough power to handle our user base.
The difference in cost is about $700 ...  not so much but silly to spend if it is going to be wasted dollars.  Thoughts on this will be greatly appreciated.

Part2:  We need to move (migrate) our 2003 AD config and all scripts etc. to the new box.
Should we build from scratch (seems dangerous) or migrate.
How easy or hard is the migration and is there a really good set of instructions or white paper on this?

Thanks
Wayne
0
Comment
Question by:wlasner
  • 8
  • 5
  • 3
  • +1
18 Comments
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39291308
The above configuration for Server is good you can go with confif 1 or 2 the choice is yours.Regarding the migration are you planning to change domain name or add Win2012 server is existing domian.

If you are not chaning the domain name you need to add the server as additional DC and all the policies and script will be replicated to DC.Refer this link it will be helpful:
http://kpytko.wordpress.com/2012/09/07/adding-first-windows-server-2012-domain-controller-within-windows-200320082008r2-network/

For any data movement you can use robocopy will copy the data with permission.
0
 
LVL 18

Assisted Solution

by:Sarang Tinguria
Sarang Tinguria earned 100 total points
ID: 39291352
120-150 users..??? Dell R320 Model is more than enough for your requirement and even if you reduce memory to half of current size Active Directory will dance like MJ in that config

for your second part you should first add 2012 as ADC (snaps are in below link)
Then transfer FSMO roles then remove 2003 DC using DCpromo
You may also retain hostname and IP of old DC to new one see below links

Step-by-Step Guide for Setting Up Windows Server 2012 Domain Controller
http://social.technet.microsoft.com/wiki/contents/articles/12370.step-by-step-guide-for-setting-up-windows-server-2012-domain-controller.aspx

Introducing the first Windows Server 2012 Domain Controller (Part 1 of 2)
http://blogs.technet.com/b/askpfeplat/archive/2012/09/03/introducing-the-first-windows-server-2012-domain-controller.aspx

Remove an old DC and Introduce a new DC with the Same Name and IP Address
http://msmvps.com/blogs/acefekay/archive/2010/10/09/remove-an-old-dc-and-introduce-a-new-dc-with-the-same-name-and-ip-address.aspx
0
 

Author Comment

by:wlasner
ID: 39291480
Thank you for the quick responses, I am going to go through the docs and will respond back in a few days.
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 39292493
The easiest option to move from Windows 2003 to Windows 2012 is to upgrade the domain.

As soon as you've added the 2012 DC to the existing Domain they will replicate all the AD configuration and scripts from the 2003 DC.

Your next task is to move the FSMO roles and any other roles/services(e.g. DNS, DHCP, Print Server, etc) from the 2003 DC's to the 2012 DC's.

Once done you should be ready to demote the Windows 2003 DC's.
After 2003 DC's are removed you can update your Forest and Domain functional levels as required.

Instructions for each task appears to be listed in the links above.
Post back if you need more detailed instructions.
0
 

Author Comment

by:wlasner
ID: 39320848
Last question, as stated above I will likely go that route.  Do you think it is unwise to just create a new AD server from scratch, manually add users, or is the above add and delete method the best way to do it.

The new AD will have a different server name, won't that mess up all the system attaching to the domain or will either one work at that point?
0
 
LVL 26

Assisted Solution

by:Leon Fester
Leon Fester earned 200 total points
ID: 39320920
Do you think it is unwise to just create a new AD server from scratch, manually add users, or is the above add and delete method the best way to do it.

If you go this route then you're essentially building a new domain, all Servers, workstations and users will need to be re-created and all permissions will be lost.

Upgrading the domain is the safest way to maintain all your accounts/users/permissions.

The first part of the process is pretty standard and would be used if you were going to keep the original servers.

The added step of removing the old DC is also standard practice which you would do to decommissions a DC on a larger network. I've used the same process on my Company's upgrade where we have 27 DC's.

Remember once, you have a DC, the only way to grow your network is to add another DC to your existing domain. As soon as you create a new domain you essentially have 2 domains with different SID's.
0
 

Author Comment

by:wlasner
ID: 39321183
I was not planning on keeping the old dc running, it is 7 years old and 2003.

thank you for the quick response
0
 

Author Comment

by:wlasner
ID: 39321358
So If I want to just replace my 2003 AD with a new 2012 AD, do you recommend adding  the 2012 AD server in to the domain as a  new server name?  Then after they both are in the domain removing the old server.  Will the other phones and computers now automatically accept and recognize the new server name and ip address?
As you can see, I am fearful of doing this.  I have build several successful AD servers for first time new networks but never replaced one.
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39321594
If you want to get rid of old Win2003 server you can demote the same once Win2012 server is introduce and working with anu issue.

I would commend to proceed as this.
1.Introduce new Windows 2012 server in current domain.
2.Move the FSMO role from Win2003 to Win2012.
3.Move other role if any like DFCP,file server,etc
4.Point the dns setting of client to new Win2012 DC this may be in DHCP or TCP/IP setting.
5.Shutdown the Win2003 server during business hours or better 2 days or week and observer the impact.
6.If no issue reported you should be looking good to demote the old Win2003 server.
7.I will also recommend to have one more DC in the network for redundancy.
8.How to demote/decommision the old Win2003 Servers
http://technet.microsoft.com/en-us/library/cc740017(WS.10).aspx (how to demote a DC)
http://technet.microsoft.com/en-us/library/cc755937(WS.10).aspx (how to decommisioning a DC)
http://technet.microsoft.com/en-us/library/cc771844(WS.10).aspx (how to removing a DC from a Domain)
9.For promoting new server already the links are posted.

Hope this helps
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:wlasner
ID: 39321799
can the old 2003 server stay in the domain and become the backup or would it make sense to remove it then rebuild another 2012 dc and add it into the domain?

Also, after we remove the old server can we change the ip address of the new one to the old address instead of change 120 pc's and printers?
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39321853
You can have Win2003 server as ADC server so problem.However if you have no budget issue you can plan to have another Win2012 server to enjoy the new features of Win2012 the chice is yours.

You can change the IP address of new server to old.http://technet.microsoft.com/en-us/library/cc758579(v=ws.10).aspx http://social.technet.microsoft.com/Forums/windowsserver/en-US/8cce4453-e216-4429-8cbd-6b907dce5bcc/changing-ip-address-on-domain-controller

Remove an old DC and Introduce a new DC with the Same Name and IP Address
http://msmvps.com/blogs/acefekay/archive/2010/10/09/remove-an-old-dc-and-introduce-a-new-dc-with-the-same-name-and-ip-address.aspx

Hope this helps
0
 

Author Comment

by:wlasner
ID: 39471839
We finally got brave and started this project.  The new 2012 server is on line.  I have installed DC feature and it is now a DC on the network.  I also installed dhcp and rebuilt the scopes.
Do I need to move fsmo roles or will that happen automatically when promoting the new unit.

Also, our old unit is 0.200 and we have phone systems, helper entries that point to 0.200, can we just simply remove the old DC after promoting the new one and change the ip address of the new DC to the 0.200?
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 200 total points
ID: 39472323
You need to manually transfer the FSMO role to Win2012 DC.http://www.petri.co.il/transferring_fsmo_roles.htm and configure authorative time server role on PDC server.http://support.microsoft.com/kb/816042

Yes you need to change the servers/clients dns setting to pint to new DC as preferred dns setting this may in DHCP or TCP/IP setting.

Dont demote the DC directly,shutdown the old server during business hours and see the impact.If no issue reported for couples of days.Make the old server online and demote the DC.

How to demote/decommision the Servers
http://technet.microsoft.com/en-us/library/cc740017(WS.10).aspx (how to demote a DC)
http://technet.microsoft.com/en-us/library/cc755937(WS.10).aspx (how to decommisioning a DC)
http://technet.microsoft.com/en-us/library/cc771844(WS.10).aspx (how to removing a DC from a Domai
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 39472349
So finally you got the 2012....I would open a beer on behalf of you..:-)
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 39475601
Also, our old unit is 0.200 and we have phone systems, helper entries that point to 0.200, can we just simply remove the old DC after promoting the new one and change the ip address of the new DC to the 0.200?

You can safely change the IP address of your new server to re-use the IP of the old server.
http://www.petri.co.il/change-ip-address-domain-controller.htm
0
 

Author Comment

by:wlasner
ID: 39476966
You guys are great - thank you, making progress.
A few more issues so far, now that the old dc is off line as a test.
1. How to set the new server as the time keeper for the network (time server)
2. the group policy was loading for each user, it seems to fail
3. login at the workstations takes a really long time
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39478523
As you have promoted the new server ensure that clients/server dns settiong is pointing to new online DC.Configure authorative time server role on new server assuming that PDC and other FSMO role is moved on new server and check.http://support.microsoft.com/kb/816042
0
 

Author Closing Comment

by:wlasner
ID: 39503001
Thank you all for all you help.  You all deserve 500 points.... We are good to go.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
A procedure for exporting installed hotfix details of remote computers using powershell
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now