Solved

Help planning new Windows 2012 Domain Controller

Posted on 2013-07-01
18
788 Views
Last Modified: 2016-11-23
Two part question:
Part 1: on our current 2003 rs dell 1950 (dual core & 12GB ram) We have 120 - 150 network users, about 100 groups, 120 IP phones, running DHCP and DNS for 8 locations and allocating ip's for all 120 plus across these 8 locations. And, a separate exchange 2007 server.
We want to upgrade to a new 2012 AD DC server (dedicated) as well.  We are considering between two configurations.
Dell R320 32GB ram one six core processor, raid 1 146 GB drive (mirrored).
or
the same spec except a Dell R420 with two 6 core processors.
Dell thinks the second is way over kill and the first is more that enough power to handle our user base.
The difference in cost is about $700 ...  not so much but silly to spend if it is going to be wasted dollars.  Thoughts on this will be greatly appreciated.

Part2:  We need to move (migrate) our 2003 AD config and all scripts etc. to the new box.
Should we build from scratch (seems dangerous) or migrate.
How easy or hard is the migration and is there a really good set of instructions or white paper on this?

Thanks
Wayne
0
Comment
Question by:wlasner
  • 8
  • 5
  • 3
  • +1
18 Comments
 
LVL 24

Expert Comment

by:Sandeshdubey
Comment Utility
The above configuration for Server is good you can go with confif 1 or 2 the choice is yours.Regarding the migration are you planning to change domain name or add Win2012 server is existing domian.

If you are not chaning the domain name you need to add the server as additional DC and all the policies and script will be replicated to DC.Refer this link it will be helpful:
http://kpytko.wordpress.com/2012/09/07/adding-first-windows-server-2012-domain-controller-within-windows-200320082008r2-network/

For any data movement you can use robocopy will copy the data with permission.
0
 
LVL 18

Assisted Solution

by:sarang_tinguria
sarang_tinguria earned 100 total points
Comment Utility
120-150 users..??? Dell R320 Model is more than enough for your requirement and even if you reduce memory to half of current size Active Directory will dance like MJ in that config

for your second part you should first add 2012 as ADC (snaps are in below link)
Then transfer FSMO roles then remove 2003 DC using DCpromo
You may also retain hostname and IP of old DC to new one see below links

Step-by-Step Guide for Setting Up Windows Server 2012 Domain Controller
http://social.technet.microsoft.com/wiki/contents/articles/12370.step-by-step-guide-for-setting-up-windows-server-2012-domain-controller.aspx

Introducing the first Windows Server 2012 Domain Controller (Part 1 of 2)
http://blogs.technet.com/b/askpfeplat/archive/2012/09/03/introducing-the-first-windows-server-2012-domain-controller.aspx

Remove an old DC and Introduce a new DC with the Same Name and IP Address
http://msmvps.com/blogs/acefekay/archive/2010/10/09/remove-an-old-dc-and-introduce-a-new-dc-with-the-same-name-and-ip-address.aspx
0
 

Author Comment

by:wlasner
Comment Utility
Thank you for the quick responses, I am going to go through the docs and will respond back in a few days.
0
 
LVL 26

Expert Comment

by:Leon Fester
Comment Utility
The easiest option to move from Windows 2003 to Windows 2012 is to upgrade the domain.

As soon as you've added the 2012 DC to the existing Domain they will replicate all the AD configuration and scripts from the 2003 DC.

Your next task is to move the FSMO roles and any other roles/services(e.g. DNS, DHCP, Print Server, etc) from the 2003 DC's to the 2012 DC's.

Once done you should be ready to demote the Windows 2003 DC's.
After 2003 DC's are removed you can update your Forest and Domain functional levels as required.

Instructions for each task appears to be listed in the links above.
Post back if you need more detailed instructions.
0
 

Author Comment

by:wlasner
Comment Utility
Last question, as stated above I will likely go that route.  Do you think it is unwise to just create a new AD server from scratch, manually add users, or is the above add and delete method the best way to do it.

The new AD will have a different server name, won't that mess up all the system attaching to the domain or will either one work at that point?
0
 
LVL 26

Assisted Solution

by:Leon Fester
Leon Fester earned 200 total points
Comment Utility
Do you think it is unwise to just create a new AD server from scratch, manually add users, or is the above add and delete method the best way to do it.

If you go this route then you're essentially building a new domain, all Servers, workstations and users will need to be re-created and all permissions will be lost.

Upgrading the domain is the safest way to maintain all your accounts/users/permissions.

The first part of the process is pretty standard and would be used if you were going to keep the original servers.

The added step of removing the old DC is also standard practice which you would do to decommissions a DC on a larger network. I've used the same process on my Company's upgrade where we have 27 DC's.

Remember once, you have a DC, the only way to grow your network is to add another DC to your existing domain. As soon as you create a new domain you essentially have 2 domains with different SID's.
0
 

Author Comment

by:wlasner
Comment Utility
I was not planning on keeping the old dc running, it is 7 years old and 2003.

thank you for the quick response
0
 

Author Comment

by:wlasner
Comment Utility
So If I want to just replace my 2003 AD with a new 2012 AD, do you recommend adding  the 2012 AD server in to the domain as a  new server name?  Then after they both are in the domain removing the old server.  Will the other phones and computers now automatically accept and recognize the new server name and ip address?
As you can see, I am fearful of doing this.  I have build several successful AD servers for first time new networks but never replaced one.
0
 
LVL 24

Expert Comment

by:Sandeshdubey
Comment Utility
If you want to get rid of old Win2003 server you can demote the same once Win2012 server is introduce and working with anu issue.

I would commend to proceed as this.
1.Introduce new Windows 2012 server in current domain.
2.Move the FSMO role from Win2003 to Win2012.
3.Move other role if any like DFCP,file server,etc
4.Point the dns setting of client to new Win2012 DC this may be in DHCP or TCP/IP setting.
5.Shutdown the Win2003 server during business hours or better 2 days or week and observer the impact.
6.If no issue reported you should be looking good to demote the old Win2003 server.
7.I will also recommend to have one more DC in the network for redundancy.
8.How to demote/decommision the old Win2003 Servers
http://technet.microsoft.com/en-us/library/cc740017(WS.10).aspx (how to demote a DC)
http://technet.microsoft.com/en-us/library/cc755937(WS.10).aspx (how to decommisioning a DC)
http://technet.microsoft.com/en-us/library/cc771844(WS.10).aspx (how to removing a DC from a Domain)
9.For promoting new server already the links are posted.

Hope this helps
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:wlasner
Comment Utility
can the old 2003 server stay in the domain and become the backup or would it make sense to remove it then rebuild another 2012 dc and add it into the domain?

Also, after we remove the old server can we change the ip address of the new one to the old address instead of change 120 pc's and printers?
0
 
LVL 24

Expert Comment

by:Sandeshdubey
Comment Utility
You can have Win2003 server as ADC server so problem.However if you have no budget issue you can plan to have another Win2012 server to enjoy the new features of Win2012 the chice is yours.

You can change the IP address of new server to old.http://technet.microsoft.com/en-us/library/cc758579(v=ws.10).aspx http://social.technet.microsoft.com/Forums/windowsserver/en-US/8cce4453-e216-4429-8cbd-6b907dce5bcc/changing-ip-address-on-domain-controller

Remove an old DC and Introduce a new DC with the Same Name and IP Address
http://msmvps.com/blogs/acefekay/archive/2010/10/09/remove-an-old-dc-and-introduce-a-new-dc-with-the-same-name-and-ip-address.aspx

Hope this helps
0
 

Author Comment

by:wlasner
Comment Utility
We finally got brave and started this project.  The new 2012 server is on line.  I have installed DC feature and it is now a DC on the network.  I also installed dhcp and rebuilt the scopes.
Do I need to move fsmo roles or will that happen automatically when promoting the new unit.

Also, our old unit is 0.200 and we have phone systems, helper entries that point to 0.200, can we just simply remove the old DC after promoting the new one and change the ip address of the new DC to the 0.200?
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 200 total points
Comment Utility
You need to manually transfer the FSMO role to Win2012 DC.http://www.petri.co.il/transferring_fsmo_roles.htm and configure authorative time server role on PDC server.http://support.microsoft.com/kb/816042

Yes you need to change the servers/clients dns setting to pint to new DC as preferred dns setting this may in DHCP or TCP/IP setting.

Dont demote the DC directly,shutdown the old server during business hours and see the impact.If no issue reported for couples of days.Make the old server online and demote the DC.

How to demote/decommision the Servers
http://technet.microsoft.com/en-us/library/cc740017(WS.10).aspx (how to demote a DC)
http://technet.microsoft.com/en-us/library/cc755937(WS.10).aspx (how to decommisioning a DC)
http://technet.microsoft.com/en-us/library/cc771844(WS.10).aspx (how to removing a DC from a Domai
0
 
LVL 18

Expert Comment

by:sarang_tinguria
Comment Utility
So finally you got the 2012....I would open a beer on behalf of you..:-)
0
 
LVL 26

Expert Comment

by:Leon Fester
Comment Utility
Also, our old unit is 0.200 and we have phone systems, helper entries that point to 0.200, can we just simply remove the old DC after promoting the new one and change the ip address of the new DC to the 0.200?

You can safely change the IP address of your new server to re-use the IP of the old server.
http://www.petri.co.il/change-ip-address-domain-controller.htm
0
 

Author Comment

by:wlasner
Comment Utility
You guys are great - thank you, making progress.
A few more issues so far, now that the old dc is off line as a test.
1. How to set the new server as the time keeper for the network (time server)
2. the group policy was loading for each user, it seems to fail
3. login at the workstations takes a really long time
0
 
LVL 24

Expert Comment

by:Sandeshdubey
Comment Utility
As you have promoted the new server ensure that clients/server dns settiong is pointing to new online DC.Configure authorative time server role on new server assuming that PDC and other FSMO role is moved on new server and check.http://support.microsoft.com/kb/816042
0
 

Author Closing Comment

by:wlasner
Comment Utility
Thank you all for all you help.  You all deserve 500 points.... We are good to go.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now