Solved

DC migration from 2008 to 2012

Posted on 2015-01-28
11
354 Views
Last Modified: 2015-01-30
We've just finished adding a new Windows Server 2012 R2 DC to our existing 2008 R2 AD environment.  Everything appeared to go smoothly in the transition but we have some follow-up questions.  

1.  When I run "netdom query fsmo", it shows 3 of the roles being held by the new PDC, but 2 (schema master and domain naming master) are still assigned to the old PDC.  Why is this, and what do I need to do to transfer the roles so I can demote the old PDC?  Does this have anything to do with this message I got during migration?

"A delegation for this DNS server cannot be created because the authoritative parent zone cannot be found or it does not run Windows DNS server. If you are integrating with an existing DNS infrastructure, you should manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain “treyresearch5.net”. Otherwise, no action is required."

2.  When I run "net time" from any client (including the new PDC), it still shows the old PDC as the time source.  I've run

w32tm /config /syncfromflags:manual /manualpeerlist:"0.us.pool.ntp.org 1.us.pool.ntp.org 2.us.pool.ntp.org 3.us.pool.ntp.org" /reliable:yes /update
net stop w32time && net start w32time

on the new PDC and

w32tm /config /syncfromflags:domhier /reliable:no /update
net stop w32time && net start w32time

on the old one, and all clients still show the old PDC as the time server.  What do I need to do to ensure the new PDC is the only time server?

3.  Is it possible to swap the IP addresses of the old and new PDCs so the new one has the same IP the old one did and nothing has to change with client connections?  If so, at what point do I make the swap and is there anything else that needs to be done in conjunction with this?
0
Comment
Question by:fallriverelectric
  • 5
  • 2
  • 2
  • +1
11 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 167 total points
ID: 40575928
I am assuming you transferred the domain roles (PDC, RID and Infrastructure Master) using Active Directory Users and Computers?

You need to do the following...
Register the AD Schema Snapin
Register Schema snapin (technet)

From there you can open the mmc console for the AD schema (this is where you transfer the Schema role to another domain controller in your environment.

Also for the Domain Naming Master Role you need to do the following...
- Open Domains and Trusts
- right click the Active Directory Domains and Trusts
- select operations Master
- Click the Change button and select the domain controller you want to move the role to

Also, once the schema role has been moved over to another DC you are going to need to setup an authoritative time sources as well.

Configure Authoritative Time Source

Once you have successfully moved the roles to another DC you can demote the old DC.

verify that the roles have been moved using the netdom verify fsmo

Will.
0
 
LVL 32

Expert Comment

by:it_saige
ID: 40575944
I would also recommend performing a DCDIAG to ensure that there are no issues with replication before demoting the old DC.

-saige-
0
 

Author Comment

by:fallriverelectric
ID: 40577692
Thanks for that.  I was able to get the schema master and the domain naming master roles transferred successfully.  However, I've followed the article you linked to for the time service, and the clients are still showing the old PDC as the time server.  What do I need to do to fix this?  

Also, does anyone know if it is possible to swap the IP addresses of the old and new PDCs so the new one has the same IP the old one did and nothing has to change with client connections?  If so, at what point do I make the swap and is there anything else that needs to be done in conjunction with this?
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 40578154
For 1st question
,nothing is wrong.
see below thread
http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_28606062.html

For 2nd question:
The process is correct
Check on new PDC if Event ID 35 and 37 are reporting
also check with below commands if time server configuration is successful
w32tm /query /source
w32tm /query /status

On client machines you can run below commands in .bat via GPO startup script

w32tm /config /syncfromflags:domhier /update
net stop w32time
net start w32time

https://technet.microsoft.com/en-us/library/cc758905(v=ws.10).aspx

For 3rd question:
No need to swap IP
It doesn't help
Ensure that AD replication and dns name resolution happening correctly and on new DC ensure that sysvol and netlogon is shared out
Check event 1394 in directory event logs
0
 

Author Comment

by:fallriverelectric
ID: 40578301
Question 2: Event IDs 35 and 37 are both reporting on the new PDC, and I can see where it had previously shown in the events that it was receiving time from the old PDC, but all the newer events show the external time source I specified.  So that's good, but I tried running

w32tm /config /syncfromflags:domhier /update
net stop w32time
net start w32time
on a client (Windows 7) machine and just got an error (The system cannot find the file specified 0x80070002).  I wouldn't really want to have to do this on every single client machine either, is there another option?  

Question 3: We would like to swap IPs so that we don't have to change the DNS server setting for all the clients who have static IP addresses pointing to the old PDC as a DNS server.  So I'm not sure what you mean by it doesn't help?
0
 

Author Comment

by:fallriverelectric
ID: 40578391
Update: I tested shutting down the original PDC to see what "net time" would return on a client, and even though it took a few seconds longer the first time I ran it, it did return the new PDC name and time.  It ran quickly after that.  When I powered the old PDC back up, the client is back to reporting to it.  Does this mean the new PDC is effectively operating as a time source and I can safely demote and remove the original PDC?  I don't really understand why the old one is the preferred source when it's running.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40578420
Do you have a GPO in place to point to the old PDC in question? If you do maybe the policy has not applied to your machine. Also have you setup the external time source on the new PDC server?

Will.
0
 

Author Comment

by:fallriverelectric
ID: 40578489
No, we aren't pointing to it in any GPOs.  For the external time source, I set a peer list of 4 ntp sites.
0
 
LVL 32

Assisted Solution

by:it_saige
it_saige earned 167 total points
ID: 40578492
Here is a previous EE PAQ on configuring time services:

http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_28597899.html

As for your IP question, you mention that you have workstations with static IP's.  Not completely frowned upon because, hey, sometimes you need to use static IP's.  However, if I could make a suggestion, why not use DHCP reservations instead of manually configuring each workstation?  Using a DHCP reservation allows for you to statically assign IP's but gives you the benefit of:
Ensuring that all clients on the network use the same scheme
Ensures less probability of IP conflicts
Allows easier administration

If you cannot (or do not want to) do this, it's not really a problem, just a suggestion.  As for the IP change, you just want to make sure before you change the IP address, that you clean up your DNS by ensuring that all records for the old server have been removed (DCPROMO should take care of this, but it's not uncommon for some cleanup to be required).

Once you ensure that all records have been cleared, it's really just a simple matter of changing the IP address.  The clients *should* essentially continue to work with very little fuss (although you may need to have them do a release and renew of their ip address or even a reboot).

-saige-
0
 
LVL 35

Assisted Solution

by:Mahesh
Mahesh earned 166 total points
ID: 40579081
Have you run command from elevated command prompt on win7 client?
Probably you could run that command from elevated command prompt within C:\windows\system32 if you want to run it manually

Like I said already, you could create .bat file and put it as startup script in GPO and apply it to OU containing computers

Also there is no harm that client is fetching its time from old PDC because as a NTP client it can fetch time from any DC within same Site, that's not an problem

U already got event ID 35 and 37 on new PDC, so everything is configured correctly and you can safely demote old PDC provided that you have clear other production dependencies if any
0
 

Author Closing Comment

by:fallriverelectric
ID: 40580489
Thanks to all for the help.  

Will - we were able to transfer the remaining roles successfully.  

Mahesh - running the command from an elevated prompt did allow me to run it, but after doing so it still shows the old PDC.  However as you mentioned it doesn't matter because it can fetch time from any DC and does so when I shut the old one down temporarily.  

Saige - thanks for the tips on DHCP reservations, that's definitely something we are going to look into doing, and will also follow your instructions on IP swap when we are ready to remove the original.
0

Join & Write a Comment

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits y…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now