gopher_49
asked on
domain controller migration
I have one domain controller. I plan to add another soon, however, I need to migrate this one to a different ESXi host. I plan to power off my Exchange server before doing so... But.. Do I need to power off my file server, SQL server, and web server before doing so? Will those at least function or will the users not be able to access the file share? The only few users connected will already be authenticated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Each file server will revalidate kerberos ticket of user once in a while, maybe try at least off-hours...
ASKER
I figured it might cause issues.. Even if it's only for a few mins.. I'm spinning up another DC and adding it's IP as a secondary DNS server to the NICs of all servers. I guess that will be the easiest solution. That way I can migrate the old DC. Right? Do I need to change any roles prior to this?
Just popped in my mind - make a new virtual server a second domain controller, transfer roles, though what leaves me confused - better call microsoft support and ask how to quickly transfer the activation/licences.
That should be fine.
ASKER
We lease our licenses so that's not a problem. What roles do I really need to transfer? I know technically it should fail over even without transferring roles.. But. I'd prefer to do it properly. Do I need to transfer all roles? I guess this is the safest.
just schema master...
Adding another DC is fine, but the issue you will always have, is a client/user has authenticated against DC1, and DC1 is not available because it's off, it will always go back to the DC, it first authenticated against, even if you have a DC2.
I would just shutdown everything, and tell users, scheduled maintenance.
Also, what issues IP Addresses ?
I would just shutdown everything, and tell users, scheduled maintenance.
Also, what issues IP Addresses ?
Adding DC lets sstrech the whole migration in couple of days without significant impact. Want it or not users log out every night, so one day add new server, next day move schema master, other day power off old DC, another clean it from domain.
hi,
if you can provide answer to below questions we might be able to help
Are you a 24x7 operation? if not what are your off hours.
How many users are you supporting?
How much time do you have? i.e dead line for migrating your dc from one host to another.
Are your vm-ware hosts located in house or on the cloud?
if you can provide answer to below questions we might be able to help
Are you a 24x7 operation? if not what are your off hours.
How many users are you supporting?
How much time do you have? i.e dead line for migrating your dc from one host to another.
Are your vm-ware hosts located in house or on the cloud?
ASKER
We are mainly a 8x5 operation except for my Exchange users. I'll spin up a new DC and add the new DC to all servers NIC cards and then migrate.
Day 1: add 2nd DC
Day 2: migrate network devices to use 2nd DC
Day 3: switch roles
Day 4: power off old DC and remove from AD....
Day 2: migrate network devices to use 2nd DC
Day 3: switch roles
Day 4: power off old DC and remove from AD....
ASKER
I'll move everything to use the 2nd DC as the primary DNS server. I'll then start the role transfer. Verify it's complete via event logs and then power down the old DC and migrate.
ASKER
I got the attached error when running DCPROMO.
DNS-delegation-error.png
DNS-delegation-error.png
.local is not a legal domain name, so you need to do what message says...
If you turn it off, prepare for a world, of authentication issues, whilst it's off, if any services require AD.
You would be better OFF, having a complete power down, to avoid issues.
Or do it, and live through the issues! (if any occur!)