Solved

Windows 2012 new install promotion to DC

Posted on 2015-02-23
11
49 Views
Last Modified: 2015-02-26
I have a windows 2012 server- new server. the 2008 server was our DC and we are wanting it to just be a member server after this process is done. The 2008 server was the DC. I have promoted the 2012 server to DC.
I wanted to change the ip address of the servers to clean things up. but when I change the Ip address on the old server the AD service roles on the 2012 server all go Red? If I change it back to the original IP the roles go back to Green? I have not demoted the 2008 server yet. scared to do that if the IP change on the old server is causing AD roles to go Red on the new server.
I did run NTDSUTIL and verified FSMO roles are on new server.
0
Comment
Question by:350ztn
  • 5
  • 5
11 Comments
 
LVL 6

Expert Comment

by:rgorman
ID: 40627045
I wouldn't worry too much about the reds during the IP address swap.  Just swap the IP's and restart each of the netlogon services and maybe do an "ipconfig /registerdns" on both servers once they have the appropriate IP addresses assigned.  Make sure DNS is updated to reflect the new IP addresses.  Those reds should go away.  Make sure you can still replicate between the two DC's and make sure the new DC is a global catalog and has all 5 FSMO roles transfered before you dcpromo down.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40627077
This is what I recommend....
- verify replication between the 2 DC's using repadmin /replsum and repadmin /showrepl
- You can also dcdiag /v to get the health of the DC as well
- Make sure that you have updated your DHCP client scopes to point to the new DC for DNS
- Also all of the static DNS entries on Servers
- transfer the FSMO roles if needed to the 2012 DC
- Demote the 2008 DC
- ensure demotion was successful using netdom query fsmo and netdom query dc
- Change the IP address of the 2008 server to whatever IP you want
- change the IP address of the 2012 DC to whatever the IP address of the 2008 server was before
- check to ensure that client can authenticate and are pointing to the correct IP

Will.
0
 

Author Comment

by:350ztn
ID: 40627078
I stopped dns on old, but never changed ip address on old server. Then i go back to new server and once again AD stops working. I also get error message on ADDS- naming information can not be located because access is denied
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40627091
Do you have the 2012 DC pointing to itself for DNS or do you have it pointing to the 2008 DC?

When you promote a server you need to initially point to another domain controller and after it is promoted you point DNS on the DC to itself and another domain controller as secondary.  Based on what you have said you are probably pointing your DNS to your 2008 server and when you try and turn off the services on 2008, 2012 stops working.

Do not disable anything on either server. make sure replication is functioning without errors and demote the server. Follow my steps just posted.

Will.
0
 

Author Comment

by:350ztn
ID: 40629120
sysvol and netlogon are not showing up on the new DC - seeing errors in event viewer. I forced a replication and it said it was successful, but when I run netshare it doesnt show those directories.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40629201
You may need to recover the sysvol and netlogon shares from a backup and then doing an authoritative restore.

Will.
0
 

Author Comment

by:350ztn
ID: 40629228
how do I do that process- is that where I would stop the FRS on old server and change the BurFlag in registry to D4? or do I do that on the 2012 server?

\is it possible to just copy over the 2 folders from the 2008 server to the 2012 server?
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 40629242
Use the below link as a reference for restoring/rebuilding the sysvol/netlogon shares.
http://support.microsoft.com/kb/315457

is it possible to just copy over the 2 folders from the 2008 server to the 2012 server
No this is not supported as they will not replicate properly if you do this.

Will.
0
 

Author Comment

by:350ztn
ID: 40629250
is this ran from the old server 2008  or ran on the new server or both?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40629586
The first step clearly states that this needs to be run on 1 DC which is then authoritative to the rest of the DC's in the domain. PDC holder is recommended.

Make sure that you read all of the steps carefully.

Will.
0
 

Author Comment

by:350ztn
ID: 40634510
ran it. worked great! Thanks Will. all is good
0

Join & Write a Comment

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now