Solved

Moving a W8K DC to another network

Posted on 2013-11-04
11
695 Views
Last Modified: 2013-11-05
Hello


Environment:  TCI/IP Network: 192.168.0.0/24
Windows 2008 R2 single DC, AD, DNS, DHCP
IP = 192.168.0.100
Mask = 255.255.255.0
DG : 192.168.0.50
DNS : 192.168.0.100

This DC will soon be disconnected from the present network and connected to another network : 192.0.20.0/24 (the server is moving physically to another company)
The Default Gateway for this new network is 192.0.20.50
DNS is 192.0.20.1 (another Windows 2008 DC)

What I plan to do is the following:

Activate the secondary Network Interface Card on the server with the following settings:
IP = 192.0.20.100
Mask : 255.255.255.0
DG: 192.0.20.50
DNS1 :  192.0.20.100 (the server itself)
DNS2: 192.0.20.1 (another W8K DNS Server on the network)

The primary NIC will be deactivated and disconnected from the network 192.168.0.0/24 which will not exist anymore
Also DHCP will be deactivated since this new network has his own DHCP server

Should it be OK?

Any better solution to “move” a DC server from one network to another network?

Important: this server will not serve anymore as a DC and no PC will be in his AD domain. All PC will be integrated on the new AD environment. But access to this PC is important for a legacy application. This server should be PING able and access though MSTSC



Thank you very much
0
Comment
Question by:gadsad
  • 3
  • 3
  • 2
  • +2
11 Comments
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 39623328
I would not bring up the second NIC. Just change the IP address, gateway, and DNS on the primary NIC. DO NOT demote the server. Deactivate the DHCP
0
 

Author Comment

by:gadsad
ID: 39623453
I had rather do like that, it is easier: change on the primary NIC, IP, Gateway and DNS
And not bring up the second NIC

But since it is a DC with AD I am afraid to do that
SHould it be OK?

Thanks
0
 
LVL 45

Assisted Solution

by:Craig Beck
Craig Beck earned 167 total points
ID: 39623840
Hmmmm, I would say you SHOULD demote this DC before you move it.  If you don't you'll cause issues with replication, authentication, etc... for machines which are still on that domain.  I know it sounds like that domain will disappear, but still...  Further to this, you won't be able to join it to the new domain if you leave it running as a DC.

Just DCPROMO it out of the domain then join it to the new domain.  Don't worry about IP addressing - just change it when it gets moved, or right before you shut it down.
0
 
LVL 18

Assisted Solution

by:sarang_tinguria
sarang_tinguria earned 166 total points
ID: 39623971
Agree with craigbeck Just wanted to add that take system state backup first prior demoting the DC, (Assuming you have only one DC in domain)
Then change the Ip address of the server and join it to new domain (If possible)
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 39623983
Changing from a DC to standalone server can break the legacy application as all of the domain based accounts and related permissions will disappear. Not worth the risk IMHO.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39623992
@kevinhsieh - that's assuming the legacy application relies on domain-based apps and permissions.  It could be that the app is just 'on' that server and uses its own user database, permissions, etc.

Just a thought...
0
 

Author Comment

by:gadsad
ID: 39624002
The application is not based on AD and on the domain. It has its own permissions and database.
0
 
LVL 42

Accepted Solution

by:
kevinhsieh earned 167 total points
ID: 39624034
Does the application database run as a service? Which account does it run under? What are the NTFS permissions on the files, as all of the permissions for domain users and groups would become invalid. If it is trivial to fix any issues when the server is going from DC to standalone, then it should be almost as easy, as cms safer to just move it to a new server environment. If it isn't trivial, Best to minimize the the changes. I have seen database applications (Best Software's FAS) break of you just change the IP address of the server.
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39626290
You can create test env and check if the application is working without domain.If yes then you can promote the DC if not required.You can also involve and confirm with app vendor for any dependicies on AD for app to work.
0
 

Author Closing Comment

by:gadsad
ID: 39626545
thank you
0

Join & Write a Comment

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now