?
Solved

Moving a W8K DC to another network

Posted on 2013-11-04
11
Medium Priority
?
729 Views
Last Modified: 2013-11-05
Hello


Environment:  TCI/IP Network: 192.168.0.0/24
Windows 2008 R2 single DC, AD, DNS, DHCP
IP = 192.168.0.100
Mask = 255.255.255.0
DG : 192.168.0.50
DNS : 192.168.0.100

This DC will soon be disconnected from the present network and connected to another network : 192.0.20.0/24 (the server is moving physically to another company)
The Default Gateway for this new network is 192.0.20.50
DNS is 192.0.20.1 (another Windows 2008 DC)

What I plan to do is the following:

Activate the secondary Network Interface Card on the server with the following settings:
IP = 192.0.20.100
Mask : 255.255.255.0
DG: 192.0.20.50
DNS1 :  192.0.20.100 (the server itself)
DNS2: 192.0.20.1 (another W8K DNS Server on the network)

The primary NIC will be deactivated and disconnected from the network 192.168.0.0/24 which will not exist anymore
Also DHCP will be deactivated since this new network has his own DHCP server

Should it be OK?

Any better solution to “move” a DC server from one network to another network?

Important: this server will not serve anymore as a DC and no PC will be in his AD domain. All PC will be integrated on the new AD environment. But access to this PC is important for a legacy application. This server should be PING able and access though MSTSC



Thank you very much
0
Comment
Question by:gadsad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +2
11 Comments
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 39623328
I would not bring up the second NIC. Just change the IP address, gateway, and DNS on the primary NIC. DO NOT demote the server. Deactivate the DHCP
0
 

Author Comment

by:gadsad
ID: 39623453
I had rather do like that, it is easier: change on the primary NIC, IP, Gateway and DNS
And not bring up the second NIC

But since it is a DC with AD I am afraid to do that
SHould it be OK?

Thanks
0
 
LVL 47

Assisted Solution

by:Craig Beck
Craig Beck earned 668 total points
ID: 39623840
Hmmmm, I would say you SHOULD demote this DC before you move it.  If you don't you'll cause issues with replication, authentication, etc... for machines which are still on that domain.  I know it sounds like that domain will disappear, but still...  Further to this, you won't be able to join it to the new domain if you leave it running as a DC.

Just DCPROMO it out of the domain then join it to the new domain.  Don't worry about IP addressing - just change it when it gets moved, or right before you shut it down.
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 
LVL 18

Assisted Solution

by:Sarang Tinguria
Sarang Tinguria earned 664 total points
ID: 39623971
Agree with craigbeck Just wanted to add that take system state backup first prior demoting the DC, (Assuming you have only one DC in domain)
Then change the Ip address of the server and join it to new domain (If possible)
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 39623983
Changing from a DC to standalone server can break the legacy application as all of the domain based accounts and related permissions will disappear. Not worth the risk IMHO.
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 39623992
@kevinhsieh - that's assuming the legacy application relies on domain-based apps and permissions.  It could be that the app is just 'on' that server and uses its own user database, permissions, etc.

Just a thought...
0
 

Author Comment

by:gadsad
ID: 39624002
The application is not based on AD and on the domain. It has its own permissions and database.
0
 
LVL 42

Accepted Solution

by:
kevinhsieh earned 668 total points
ID: 39624034
Does the application database run as a service? Which account does it run under? What are the NTFS permissions on the files, as all of the permissions for domain users and groups would become invalid. If it is trivial to fix any issues when the server is going from DC to standalone, then it should be almost as easy, as cms safer to just move it to a new server environment. If it isn't trivial, Best to minimize the the changes. I have seen database applications (Best Software's FAS) break of you just change the IP address of the server.
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39626290
You can create test env and check if the application is working without domain.If yes then you can promote the DC if not required.You can also involve and confirm with app vendor for any dependicies on AD for app to work.
0
 

Author Closing Comment

by:gadsad
ID: 39626545
thank you
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question