?
Solved

Moving a W8K DC to another network

Posted on 2013-11-04
11
Medium Priority
?
724 Views
Last Modified: 2013-11-05
Hello


Environment:  TCI/IP Network: 192.168.0.0/24
Windows 2008 R2 single DC, AD, DNS, DHCP
IP = 192.168.0.100
Mask = 255.255.255.0
DG : 192.168.0.50
DNS : 192.168.0.100

This DC will soon be disconnected from the present network and connected to another network : 192.0.20.0/24 (the server is moving physically to another company)
The Default Gateway for this new network is 192.0.20.50
DNS is 192.0.20.1 (another Windows 2008 DC)

What I plan to do is the following:

Activate the secondary Network Interface Card on the server with the following settings:
IP = 192.0.20.100
Mask : 255.255.255.0
DG: 192.0.20.50
DNS1 :  192.0.20.100 (the server itself)
DNS2: 192.0.20.1 (another W8K DNS Server on the network)

The primary NIC will be deactivated and disconnected from the network 192.168.0.0/24 which will not exist anymore
Also DHCP will be deactivated since this new network has his own DHCP server

Should it be OK?

Any better solution to “move” a DC server from one network to another network?

Important: this server will not serve anymore as a DC and no PC will be in his AD domain. All PC will be integrated on the new AD environment. But access to this PC is important for a legacy application. This server should be PING able and access though MSTSC



Thank you very much
0
Comment
Question by:gadsad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +2
11 Comments
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 39623328
I would not bring up the second NIC. Just change the IP address, gateway, and DNS on the primary NIC. DO NOT demote the server. Deactivate the DHCP
0
 

Author Comment

by:gadsad
ID: 39623453
I had rather do like that, it is easier: change on the primary NIC, IP, Gateway and DNS
And not bring up the second NIC

But since it is a DC with AD I am afraid to do that
SHould it be OK?

Thanks
0
 
LVL 46

Assisted Solution

by:Craig Beck
Craig Beck earned 668 total points
ID: 39623840
Hmmmm, I would say you SHOULD demote this DC before you move it.  If you don't you'll cause issues with replication, authentication, etc... for machines which are still on that domain.  I know it sounds like that domain will disappear, but still...  Further to this, you won't be able to join it to the new domain if you leave it running as a DC.

Just DCPROMO it out of the domain then join it to the new domain.  Don't worry about IP addressing - just change it when it gets moved, or right before you shut it down.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 18

Assisted Solution

by:Sarang Tinguria
Sarang Tinguria earned 664 total points
ID: 39623971
Agree with craigbeck Just wanted to add that take system state backup first prior demoting the DC, (Assuming you have only one DC in domain)
Then change the Ip address of the server and join it to new domain (If possible)
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 39623983
Changing from a DC to standalone server can break the legacy application as all of the domain based accounts and related permissions will disappear. Not worth the risk IMHO.
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39623992
@kevinhsieh - that's assuming the legacy application relies on domain-based apps and permissions.  It could be that the app is just 'on' that server and uses its own user database, permissions, etc.

Just a thought...
0
 

Author Comment

by:gadsad
ID: 39624002
The application is not based on AD and on the domain. It has its own permissions and database.
0
 
LVL 42

Accepted Solution

by:
kevinhsieh earned 668 total points
ID: 39624034
Does the application database run as a service? Which account does it run under? What are the NTFS permissions on the files, as all of the permissions for domain users and groups would become invalid. If it is trivial to fix any issues when the server is going from DC to standalone, then it should be almost as easy, as cms safer to just move it to a new server environment. If it isn't trivial, Best to minimize the the changes. I have seen database applications (Best Software's FAS) break of you just change the IP address of the server.
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39626290
You can create test env and check if the application is working without domain.If yes then you can promote the DC if not required.You can also involve and confirm with app vendor for any dependicies on AD for app to work.
0
 

Author Closing Comment

by:gadsad
ID: 39626545
thank you
0

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses
Course of the Month9 days, 10 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question