Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 88
  • Last Modified:

Adding a 2nd Domain (DC2) Controller and Retiring (DC1)...

Future Scenario to Be Realistic in 2 weekends:
1. Current Active Directory DC1 (10.0.0.5) is 5 years old and customer wants to upgrade hardware.
2. Same current 5yr old hardware is DC1(10.0.0.5) using Windows 2012 Server with the latest updates.
3. Customer wants to upgrade their current hardware (DC1) and software to Windows 2012 R2.
4. Will Install Windows 2012 R2 on new hardware, promote to a DC2 (10.0.0.6) and Add new DC2 (10.0.0.6) to the current DC1 (10.0.0.5).
After doing so, DC2 (10.0.0.6) should replicate DC1's(10.0.0.5) Active Directory settings.
5.  Will enable DHCP on DC2 (10.0.0.6) and disable DC1(10.0.0.5) as the DHCP server.
6.  Will also allow DC2(10.0.0.6) to be the primary DNS server under DHCP's DNS settings for LAN PCs.
7.  domain.local wil remain the same and will not change.  
8.  DCs are strictly local and .com is nor will be necessary hence, domain.local will suit the company fine for the type of business that it is.

**What steps should I take to retire DC1 after DC2 (10.0.0.6) has joined the Domain as a Domain Controller (DC2) and DC2 propagates DC1's Active Directory settings?
1) Do I simply demote DC1 after approximately 24hours/1day as well as remove the Active Directory server role?
2) If so, will DC2 allow for new computers to join the domain.local once DC1 has been demoted and shutdown?
3)  How do I migrate the FSMO role(s) if necessary to DC2?
0
eitconsulting
Asked:
eitconsulting
  • 3
  • 2
1 Solution
 
No MoreCommented:
1,Join DC2 to domain as Domain cotroller

2.transfer FSMO roles https://winsvr.wordpress.com/2012/12/17/transferring-fsmo-roles-from-ws-2008r2-dc-to-ws-2012-dc/

3. Export DHCP settings, install DHCP role on DC2, shutdown DHCP on DC1 import DHCP settings on DC2 and promote

4. Uninstall DHCP and Demote DC1,

You could also give DC2 IP address of DC1 after DC1 is shutdown
0
 
eitconsultingAuthor Commented:
David:
 Sounds pretty straight forward.  Despite the link using Windows 2008R2 in its example, should still work with Win2012 (Win2008 in link) to 2012R2 (Win2012 in link)?
0
 
No MoreCommented:
Yes, it's same, but the link is in nice detail
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
No MoreCommented:
ALso with the DHCP it's up to you one way or the other you will have little downtime few minutes, you could also just install DHCP role on server DC2 and completely ignore export import, depending on settings in current DHCP
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Can I be blunt?

You realize this is basic AD configuration?  If you have never done this before why are you experimenting with a client's network first?  You should be setting up a lab environment and learning this stuff first.

So, in a lab environment, you should transfer the FSMO roles (there are multiple ways of doing this, PowerShell, NTDSUtil, or the GUI interfaces.
Make sure the DHCP servers are no longer assigning the old server as a DNS server.

Make sure the new server(s) are Global Catalog server(s).

I would suggest turning OFF the DC you want to remove for a couple of days to ensure everything is working properly.  But before that - and before even promoting the new DC, run DCDIAG /C /E /V and REPADMIN /SHOWREPL to ensure AD is healthy.

If this stuff is too new to you, you would be wise to hire/partner with someone with experience or get proper training.
0
 
eitconsultingAuthor Commented:
David, great link with a way to do it via the GUI.  I've used the ntdsutil in the past and it also had real examples using both the ntdsutil and powershell.  Thank you.

Lee, but we're having so much fun experimenting with the client's actual production AD environment.  Deep breaths!!  We used Microsoft's disk2vhd app to convert and export the client's AD server successfully to our VM lab.  I'm merely asking a question here as I typically do here as well as on SpiceWorks and TechRepublic for important feedback in order to possibly learn of new and/or more efficient ways to do the things we do.
1

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now