Migrating Windows 2008dc to W2012R2 dc and keeping same name and ip address

Hi all,
As the title says I would like to migrate a Windows 2008 dc to a Windows 2012 R2 dc and keep the same name and ip address , I have found this article
http://msmvps.com/blogs/acefekay/archive/2010/10/09/remove-an-old-dc-and-introduce-a-new-dc-with-the-same-name-and-ip-address.aspx
This w2008 dc is our main dc and is also our certificate authority, I know that i cant change the name of a dc after certificate authority is installed, so will do this step of installation just before the steps of changing the name and ip to the same as the old dc.
Can anyone please tell me if there are anything I should look out for or changes if I follow this guide? or any other information would be great.
padiapAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MaheshArchitectCommented:
The guide is really very good
There are many ways to achieve this
However i am just outline high level steps here

1st check if your AD replication \ ad health is working fine by running below commands
repadmin /syncall
repadmin /showrepl
dcdiag /v /q
Resolve any errors you found
Check if DNS is configured correctly (it should not have stale DC server entries)
Also check for any stale DC entries in active directory

Then Just extend your active directory schema 1st to prepare it for 2012 \ 2012 R2 DC
This includes:
adprep /forestprep
adprep /domainprep /gpprep
if you have 2003 Dc in domain, then also run dcpromo /rodcprep
Ensure that you are doing this commands from 2008 primary domain controller
http://msmvps.com/blogs/mweber/archive/2012/07/27/upgrading-an-active-directory-domain-from-windows-server-2008-or-windows-server-2008-r2-to-windows-server-2012.aspx

Then promote new 2012 DC (you can promote it directly without going through above steps, but then you will not come to know if critical errors are there)
Check AD replication , DNS name resolution is working fine
Then transfer FSMO roles to 2012 ADC
if you have dhcp server running, ensure that you added new server to dns servers list in DHCP lease as primary
If you have static ip addresses then ensure that 2012 server is mentioned as primary dns server on clients
Ensure all of your application servers, firewall device, logon scripts are pointing to 2012 server in DNS and in DC entries in advance
Once everything is working smoothly with 2012 server as primary then you can proceed with below

Once you done that just backup your certificate authority completely
This includes database and registry
http://technet.microsoft.com/en-us/library/ee126140(v=ws.10).aspx

Then uninstall CA server role from 2008 server
Then point 2008 server primary dns to 2012 server in tcp/ip settings and reboot once
The you could simply demote the server to member server
Then shutdown the server
Now delete its computer account from active directory
If you face any issues with demotion of server, then you need to run dcpromo /forceremoval switch to force remove the server from active directory and then need to cleanup metadata for failed server from active directory
http://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

Then rename 2012 DC to match with old server name (2008 DC) with some simple steps as mentioned din below article
http://technet.microsoft.com/en-us/library/cc816601(v=ws.10).aspx

Also you need to follow steps in below article on 2012 DC post successful rename operation to correct FRS \ DFSR object references
http://technet.microsoft.com/library/cc794759(v=ws.10).aspx

Mahesh
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MaheshArchitectCommented:
After you done all above, you need to install certificate authority from CA backup above on 2012 DC so that your existing issued certificates will remain intact
Follow steps in below sections in below base url to restore existing CA database and certificate on 2012 DC server with CA server role

Adding the CA role service to the destination server

Restoring the CA database and configuration on the destination server

Granting permissions on AIA and CDP containers


Base Article for above topics
http://technet.microsoft.com/en-us/library/ee126140(v=ws.10).aspx#BKMK_AddCA

Mahesh
0
David Johnson, CD, MVPOwnerCommented:
Some basic tips: create your certificate authority root enterprise in a virtual machine. It is only used for creating a certificate for your issuing authority.  You have to set up your online responders and other items like crl web address here..  also your issuing policies and your hsim's as well... once you generate the issuing authorities certificate the virtual machine can be turned off.

Setting up a Certificate Authority is more than just clicking next next next.  How Not to Screw up your PKI Infastructure
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

padiapAuthor Commented:
One thing I forgot to mention is that some bright spark before my time installed a dc and exchange on the same box on Windows 2003 so i am unable to raise the domain level functionality until this box is gone, which will be after the dc migration. Will this affect anything?
0
MaheshArchitectCommented:
So you mean to say that 2003 DC, with Exchange remains on same server, in the present environment ?
Are you talking about old environment that is not exists now or what ?

In that case you need to move Exchange server 1st to another member server,
then only you can demote DC role on same box
If you try to demote the DC server role 1st, it will break the exchange
Once you demote the DC server role you can raise the functional level

Not sure how this question is related to Certificate authority

Even If your DC, Exchange and CA are on the same server, still you need to move exchange on to another server 1st, demote CA server role, demote DC and then rename 2008 \ 2012 DC to same as old one and then you can migrate CA role from previous backup. Also then you can raise functional levels

Mahesh
0
padiapAuthor Commented:
Thank you Mahesh for your expertise, I did the migration on Friday night but I hit a snag when migrating the CA, I have been reading up for hours on how to verify the CA is set up correctly and I dont want our LYnc 2013 environment to just stop working, The steps from the document http://technet.microsoft.com/library/cc794759%28v=ws.10%29.aspx didnt work at all and the first one made the server crash so i just continued. Any help much appreciated how to test the CA is running correctly.
0
padiapAuthor Commented:
Thank you all good now
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.