• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 736
  • Last Modified:

Moving a W8K DC to another network

Hello


Environment:  TCI/IP Network: 192.168.0.0/24
Windows 2008 R2 single DC, AD, DNS, DHCP
IP = 192.168.0.100
Mask = 255.255.255.0
DG : 192.168.0.50
DNS : 192.168.0.100

This DC will soon be disconnected from the present network and connected to another network : 192.0.20.0/24 (the server is moving physically to another company)
The Default Gateway for this new network is 192.0.20.50
DNS is 192.0.20.1 (another Windows 2008 DC)

What I plan to do is the following:

Activate the secondary Network Interface Card on the server with the following settings:
IP = 192.0.20.100
Mask : 255.255.255.0
DG: 192.0.20.50
DNS1 :  192.0.20.100 (the server itself)
DNS2: 192.0.20.1 (another W8K DNS Server on the network)

The primary NIC will be deactivated and disconnected from the network 192.168.0.0/24 which will not exist anymore
Also DHCP will be deactivated since this new network has his own DHCP server

Should it be OK?

Any better solution to “move” a DC server from one network to another network?

Important: this server will not serve anymore as a DC and no PC will be in his AD domain. All PC will be integrated on the new AD environment. But access to this PC is important for a legacy application. This server should be PING able and access though MSTSC



Thank you very much
0
gadsad
Asked:
gadsad
  • 3
  • 3
  • 2
  • +2
3 Solutions
 
kevinhsiehCommented:
I would not bring up the second NIC. Just change the IP address, gateway, and DNS on the primary NIC. DO NOT demote the server. Deactivate the DHCP
0
 
gadsadAuthor Commented:
I had rather do like that, it is easier: change on the primary NIC, IP, Gateway and DNS
And not bring up the second NIC

But since it is a DC with AD I am afraid to do that
SHould it be OK?

Thanks
0
 
Craig BeckCommented:
Hmmmm, I would say you SHOULD demote this DC before you move it.  If you don't you'll cause issues with replication, authentication, etc... for machines which are still on that domain.  I know it sounds like that domain will disappear, but still...  Further to this, you won't be able to join it to the new domain if you leave it running as a DC.

Just DCPROMO it out of the domain then join it to the new domain.  Don't worry about IP addressing - just change it when it gets moved, or right before you shut it down.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
Sarang TinguriaSr EngineerCommented:
Agree with craigbeck Just wanted to add that take system state backup first prior demoting the DC, (Assuming you have only one DC in domain)
Then change the Ip address of the server and join it to new domain (If possible)
0
 
kevinhsiehCommented:
Changing from a DC to standalone server can break the legacy application as all of the domain based accounts and related permissions will disappear. Not worth the risk IMHO.
0
 
Craig BeckCommented:
@kevinhsieh - that's assuming the legacy application relies on domain-based apps and permissions.  It could be that the app is just 'on' that server and uses its own user database, permissions, etc.

Just a thought...
0
 
gadsadAuthor Commented:
The application is not based on AD and on the domain. It has its own permissions and database.
0
 
kevinhsiehCommented:
Does the application database run as a service? Which account does it run under? What are the NTFS permissions on the files, as all of the permissions for domain users and groups would become invalid. If it is trivial to fix any issues when the server is going from DC to standalone, then it should be almost as easy, as cms safer to just move it to a new server environment. If it isn't trivial, Best to minimize the the changes. I have seen database applications (Best Software's FAS) break of you just change the IP address of the server.
0
 
SandeshdubeyCommented:
You can create test env and check if the application is working without domain.If yes then you can promote the DC if not required.You can also involve and confirm with app vendor for any dependicies on AD for app to work.
0
 
gadsadAuthor Commented:
thank you
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 3
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now