Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Upgrading Domain Controller

Posted on 2014-10-13
7
Medium Priority
?
156 Views
Last Modified: 2014-10-22
Hi Guys,

We recently upgraded our Windows primary domain controller to Windows Server 2012 R2 standard.
The roles were transferred, RID, PDC and Infrastructure.
All points to the new server.

All our domain controllers are GC servers.

The domain function level still shows as Windows Server 2003 (old DC), as does the forest function level.

The problem is that the old domain controller still overwrites domain functions.
For example:  It replicates it's time for the domain and overwrites security policies set on the new domain controller.  

Users authenticate to the new domain controller whilst the old PDC is switched off, although, when the old PDF is on, users still authenticate against the old PDC.

We would like to keep the old domain controller as backup, but the new domain controller should be authoritative.
0
Comment
Question by:Rupert Eghardt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40377039
Users will authenticate with the first domain controller available in the AD site.  Just because the old server responds first doesn't necessarily indicate an issue.  With that box off, users are authenticating against a different domain controller without issue is perfectly acceptable.

As a sanity check, you could do netdiag on those boxes to check for any failures though what you are describing doesn't indicate a problem.  This is part of the multi-master model.  There is no primary and secondary (or backup) as in the NT days.
0
 

Author Comment

by:Rupert Eghardt
ID: 40377179
Thanks Seth,

Why would security policies (made on the new server whilst the old server is off), revert back once the old server is brought online again?
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40377193
what is changing?
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:Rupert Eghardt
ID: 40377984
For example:

Switching on the Account Lockout Policy, updating the Minimum and Maximum Password Age, also updated-server time will revert back upon switching on the old PDC.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40382854
It sounds like the new server did not take over all of the FSMO Roles. Have you verified that all roles are held by the new server?
0
 

Author Comment

by:Rupert Eghardt
ID: 40385424
I verified and all roles are pointing to the new PDC in Windows.
I restart both servers and for some reason the security / password policies are grayed out for changes on the new server.

It there a command that I can run to verify that all roles are held by the new DC?
0
 
LVL 35

Accepted Solution

by:
Seth Simmons earned 1500 total points
ID: 40386746
It there a command that I can run to verify that all roles are held by the new DC?

from an elevated command prompt - netdom query fsmo
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question