?
Solved

Windows 2012 new install promotion to DC

Posted on 2015-02-23
11
Medium Priority
?
55 Views
Last Modified: 2015-02-26
I have a windows 2012 server- new server. the 2008 server was our DC and we are wanting it to just be a member server after this process is done. The 2008 server was the DC. I have promoted the 2012 server to DC.
I wanted to change the ip address of the servers to clean things up. but when I change the Ip address on the old server the AD service roles on the 2012 server all go Red? If I change it back to the original IP the roles go back to Green? I have not demoted the 2008 server yet. scared to do that if the IP change on the old server is causing AD roles to go Red on the new server.
I did run NTDSUTIL and verified FSMO roles are on new server.
0
Comment
Question by:350ztn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
11 Comments
 
LVL 6

Expert Comment

by:rgorman
ID: 40627045
I wouldn't worry too much about the reds during the IP address swap.  Just swap the IP's and restart each of the netlogon services and maybe do an "ipconfig /registerdns" on both servers once they have the appropriate IP addresses assigned.  Make sure DNS is updated to reflect the new IP addresses.  Those reds should go away.  Make sure you can still replicate between the two DC's and make sure the new DC is a global catalog and has all 5 FSMO roles transfered before you dcpromo down.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40627077
This is what I recommend....
- verify replication between the 2 DC's using repadmin /replsum and repadmin /showrepl
- You can also dcdiag /v to get the health of the DC as well
- Make sure that you have updated your DHCP client scopes to point to the new DC for DNS
- Also all of the static DNS entries on Servers
- transfer the FSMO roles if needed to the 2012 DC
- Demote the 2008 DC
- ensure demotion was successful using netdom query fsmo and netdom query dc
- Change the IP address of the 2008 server to whatever IP you want
- change the IP address of the 2012 DC to whatever the IP address of the 2008 server was before
- check to ensure that client can authenticate and are pointing to the correct IP

Will.
0
 

Author Comment

by:350ztn
ID: 40627078
I stopped dns on old, but never changed ip address on old server. Then i go back to new server and once again AD stops working. I also get error message on ADDS- naming information can not be located because access is denied
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40627091
Do you have the 2012 DC pointing to itself for DNS or do you have it pointing to the 2008 DC?

When you promote a server you need to initially point to another domain controller and after it is promoted you point DNS on the DC to itself and another domain controller as secondary.  Based on what you have said you are probably pointing your DNS to your 2008 server and when you try and turn off the services on 2008, 2012 stops working.

Do not disable anything on either server. make sure replication is functioning without errors and demote the server. Follow my steps just posted.

Will.
0
 

Author Comment

by:350ztn
ID: 40629120
sysvol and netlogon are not showing up on the new DC - seeing errors in event viewer. I forced a replication and it said it was successful, but when I run netshare it doesnt show those directories.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40629201
You may need to recover the sysvol and netlogon shares from a backup and then doing an authoritative restore.

Will.
0
 

Author Comment

by:350ztn
ID: 40629228
how do I do that process- is that where I would stop the FRS on old server and change the BurFlag in registry to D4? or do I do that on the 2012 server?

\is it possible to just copy over the 2 folders from the 2008 server to the 2012 server?
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 2000 total points
ID: 40629242
Use the below link as a reference for restoring/rebuilding the sysvol/netlogon shares.
http://support.microsoft.com/kb/315457

is it possible to just copy over the 2 folders from the 2008 server to the 2012 server
No this is not supported as they will not replicate properly if you do this.

Will.
0
 

Author Comment

by:350ztn
ID: 40629250
is this ran from the old server 2008  or ran on the new server or both?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40629586
The first step clearly states that this needs to be run on 1 DC which is then authoritative to the rest of the DC's in the domain. PDC holder is recommended.

Make sure that you read all of the steps carefully.

Will.
0
 

Author Comment

by:350ztn
ID: 40634510
ran it. worked great! Thanks Will. all is good
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question